Re: [TLS] New draft: draft-solinas-tls-additional-prf-input-00.txt

[Michael Gray <mickgray at au1.ibm.com>]

Paul Hoffman <paul.hoffman at vpnc.org> wrote:

> >A New Internet-Draft is available from the on-line Internet-Drafts
> >directories.
> >
> >
> >   Title      : Additional PRF Inputs for TLS
> >
> >   Author(s)   : J. Solinas, P. Hoffman
> >   Filename   : draft-solinas-tls-additional-prf-input-00.txt
> >   Pages      : 6
> >   Date      : 2009-10-5
> >
> >This document describes a mechanism for using additional PRF inputs
> >   with Transport Layer Security (TLS) and Datagram TLS (DTLS).
> >
> >
> >A URL for this Internet-Draft is:
> >http://www.ietf.org/internet-drafts/draft-solinas-tls-additional-
> prf-input-00.txt
>
> Greetings again. We would like to hear input on this draft from the
> TLS community. The basic idea is an extension that would allow the
> two parties to give additional information that is directly mixed
> into the master secret through the PRF.
>
> --Paul Hoffman, Director
> --VPN Consortium

Comparing this with draft-rescorla-tls-extended-random-02.txt I see the
requirement for the size of Server response is missing and thus undefined.
From 3.1 in the above we have:

   If the server wishes to use the extended randomness feature, it MUST
   send its own "extended_random" extension with an
   extended_random_value equal in length to the client's
   extended_random_value

Additionally, I think some limitation of the size/amount of data that can
be requested from a server is needed as large sizes could pose an attack on
a server by exhausting the entropy pool and/or causing server performance
degradation.  Our prototype implementation allows servers to ignore or
respond with error, depending on configuration, requests from clients that
are larger than 256 octets.

Mick Gray
IBM

_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls