On Tue, Sep 13, 2016 at 12:15 PM, Ilari Liusvaara <ilariliusva...@welho.com> wrote:
> On Tue, Sep 13, 2016 at 12:04:40PM -0500, Benjamin Kaduk wrote: > > > > > > On 09/09/2016 03:19 PM, Ilari Liusvaara wrote: > > > On Fri, Sep 09, 2016 at 02:50:59PM -0500, Benjamin Kaduk wrote: > > > > >> I have a slight (i.e., unjustified) preference for doing > > >> ClientHello-with-block-of-zeros rather than prefix-of-ClientHello. > (Is > > >> there a reason to require this extension to be the last one with > > >> block-of-zeros? Clearly there is for prefix-of-ClientHello.) > > > What about the case where client tries DHE-PSK and gets attempt > > > rejected because of missing group (or because address verification)? > > > 0-RTT is gone yes, but the PSK attempt isn't. > > > > > > What happens to the hash in this case? > > > > > > > > > > I feel like I must be missing something, but I don't really understand > > the question. (Sadly, waiting in the hope that someone else did > > understand and would respond didn't work.) The 0-RTT failed, so the > > full handshake will have an actual Finished message, with a different > > hash calculated (including over the "hello_finished" extension). The > > most plausible way I could interpret the question seems to be asking > > about the lack of Hash(resumption_context) in the 1-RTT Finished, but > > the security properties of that should be the same as for the > > hello_finished, so I'm still puzzled. > > > > Sorry for being dense... > > I mean the following case (perhaps bit misconfigured server): > > Client: ClientHello(groups=23,24,29;PSK=foo;shares=23:bar,29:baz,. > ..,finished=zot) > Server: HelloRetryRequest(group=24) > Client: ClientHello(groups=23,24,29;PSK=foo;shares=23:bar,29:baz, > 24:quux,...,finished=???) > > > What is the finished data calculated over in the second case? > In this case, I believe that the finished is computed over "ClientHello(groups=23,24,29;PSK=foo;shares=23:bar,29:baz,24:quux,..." But that the handshake transcript is computed over all of: "Client: ClientHello(groups=23,24,29;PSK=foo;shares=23:bar,29:baz,. ..,finished=zot) Server: HelloRetryRequest(group=24) Client: ClientHello(groups=23,24,29;PSK=foo;shares=23:bar,29:baz, 24:quux,...,finished=???)" -Ekr -Ilari > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls