Re: [TLS] RESOLVED (Re: [sasl] lasgt call comments (st Call:

To: mrex at sap.com
Subject: Re: [TLS] RESOLVED (Re: [sasl] lasgt call comments (st Call:
From: Simon Josefsson <simon at josefsson.org>
Date: Mon, 02 Nov 2009 16:55:48 +0100
Cc: channel-binding at ietf.org, sasl at ietf.org, Nicolas Williams <Nicolas.Williams at sun.com>, tls at ietf.org
Delivered-to: tls at core3.amsl.com
In-reply-to: <200911021459.nA2Exi67028763 at fs4113.wdf.sap.corp> (Martin Rex's message of "Mon, 2 Nov 2009 15:59:44 +0100 (MET)")
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <20091030223647.GO1105 at Sun.COM> <200911021459.nA2Exi67028763 at fs4113.wdf.sap.corp>
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux)

Martin Rex <Martin.Rex at sap.com> writes:

> It might be easier to _NOT_ key on the finished message, but on the
> master secret instead.

That was my conclusion as well, hence
http://tools.ietf.org/html/draft-josefsson-sasl-tls-cb-00
which uses the TLS PRF interface.

For -02 I also added hashing the Finished message, to match the
semantics for connection/session (regardless of its definition) of
draft-altman-tls-channel-bindings, but I'd prefer to avoid it
completely.

/Simon

Follow-Ups:
- Re: [TLS] [CHANNEL-BINDING] RESOLVED (Re: [sasl] lasgt call comments (st Call:
  - From: Nicolas Williams
- Re: [TLS] RESOLVED (Re: [sasl] lasgt call comments (st Call:
  - From: Martin Rex

References:
- [TLS] RESOLVED (Re: [sasl] lasgt call comments (st Call: draft-altman-tls-channel-bindings (Channel Bindings for TLS) to Proposed Standard))
  - From: Nicolas Williams
- Re: [TLS] RESOLVED (Re: [sasl] lasgt call comments (st Call:
  - From: Martin Rex

Prev by Date: Re: [TLS] RESOLVED (Re: [sasl] lasgt call comments (st Call:
Next by Date: Re: [TLS] RESOLVED (Re: [sasl] lasgt call comments (st Call:
Previous by thread: Re: [TLS] RESOLVED (Re: [sasl] lasgt call comments (st Call:
Next by thread: Re: [TLS] RESOLVED (Re: [sasl] lasgt call comments (st Call:
Index(es):
- Date
- Thread

Re: [TLS] RESOLVED (Re: [sasl] lasgt call comments (st Call:

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.