On Sep 1, 2017 3:14 PM, "Daniel Franke" <[email protected]> wrote:
So actually, I just took another close look at 5705 and at the history of the TLS RFCs, and I think the Right Thing is already unambiguous. RFC 5705 says to apply "TLS Pseudorandom Function in use for the session". The TLS PRF has already changed incompatibly in past TLS versions. In TLS 1.2, it's part of the ciphersuite's specification. In 1.1 and prior, it was fixed, and based on an XOR of MD5 and SHA1. So any correct RFC 5705 implementation is already taking protocol version into account and choosing what function to apply accordingly. Ok, I'm satisfied. I just checked the relevant text in the TLS 1.3 draft, and it looks like it would be unambiguous here: q( [RFC5705] defines keying material exporters for TLS in terms of the TLS pseudorandom function (PRF). This document replaces the PRF with HKDF, thus requiring a new construction. The exporter interface remains the same. ) Kyle
_______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc
