Re: [TLS] New draft: draft-solinas-tls-additional-prf-input-00.txt

To: Michael Gray <mickgray at au1.ibm.com>
Subject: Re: [TLS] New draft: draft-solinas-tls-additional-prf-input-00.txt
From: Paul Hoffman <paul.hoffman at vpnc.org>
Date: Tue, 6 Oct 2009 17:16:38 -0700
Cc: tls at ietf.org
Delivered-to: tls at core3.amsl.com
In-reply-to: <OFD9D00D78.79487C37-ON4A257647.0076965D-4A257647.0081A07B at au1.ibm.com>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <OFD9D00D78.79487C37-ON4A257647.0076965D-4A257647.0081A07B at au1.ibm.com>

At 9:35 AM +1000 10/7/09, Michael Gray wrote:
>Comparing this with draft-rescorla-tls-extended-random-02.txt I see the
>requirement for the size of Server response is missing and thus undefined.

Correct. Both sides send arbitrary-length values.

>From 3.1 in the above we have:
>
>   If the server wishes to use the extended randomness feature, it MUST
>   send its own "extended_random" extension with an
>   extended_random_value equal in length to the client's
>   extended_random_value
>
>Additionally, I think some limitation of the size/amount of data that can
>be requested from a server is needed as large sizes could pose an attack on
>a server by exhausting the entropy pool and/or causing server performance
>degradation.

In this proposal, server never "requests" any particular size. The client offers its value in the extended_random extension, and the server offers its value in the reply.

>  Our prototype implementation allows servers to ignore or
>respond with error, depending on configuration, requests from clients that
>are larger than 256 octets.

...which is a good reason why we abandoned the "request a size" semantics.

--Paul Hoffman, Director
--VPN Consortium

Follow-Ups:
- Re: [TLS] New draft: draft-solinas-tls-additional-prf-input-00.txt
  - From: Michael Gray

References:
- Re: [TLS] New draft: draft-solinas-tls-additional-prf-input-00.txt
  - From: Michael Gray

Prev by Date: Re: [TLS] New draft: draft-solinas-tls-additional-prf-input-00.txt
Next by Date: Re: [TLS] New draft: draft-solinas-tls-additional-prf-input-00.txt
Previous by thread: Re: [TLS] New draft: draft-solinas-tls-additional-prf-input-00.txt
Next by thread: Re: [TLS] New draft: draft-solinas-tls-additional-prf-input-00.txt
Index(es):
- Date
- Thread

Re: [TLS] New draft: draft-solinas-tls-additional-prf-input-00.txt

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.