I apologize if this topic was previously discussed, I've only recently
joined the TLS mailer list. While reviewing the TLS 1.3 draft (revision
10), section 7 begins with the following wording:
In order to begin connection protection, the TLS Record Protocol
requires specification of a suite of algorithms, a master secret, and
the client and server random values.
However, when reading through all of section 7, there appears to be no
explicit use for the client and server random values. While these
values would be used implicitly when the handshake messages are hashed,
and thus have bearing on the key schedule calculation, there appears to
be no explicit use of the client and server random values similar to
section 6.3 in the TLS 1.2 spec.
Am I interpreting this properly? If the client and server random values
are no longer explicitly used in any key derivation logic, maybe this
should be noted in section 6.3.1, as implementors will no longer need to
parse these values when processing incoming messages. Additionally, the
intro to section 7 is misleading to implementors, as it implies the
client and server random values are needed to derive the key schedule.
The following issue and PR appear to be related to my question:
https://github.com/tlswg/tls13-spec/issues/185
https://github.com/tlswg/tls13-spec/pull/189
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
