On Sat, Sep 17, 2016 at 02:43:49PM -0700, Eric Rescorla wrote:
> In this case, I believe that the finished is computed over
> "ClientHello(groups=23,24,29;PSK=foo;shares=23:bar,29:baz,24:quux,..."
> But that the handshake transcript is computed over all of:
> "Client: ClientHello(groups=23,24,29;PSK=foo;shares=23:bar,29:baz,.
> ..,finished=zot)
> Server: HelloRetryRequest(group=24)
> Client: ClientHello(groups=23,24,29;PSK=foo;shares=23:bar,29:baz,
> 24:quux,...,finished=???)"

Well, either way, I think there should be a note about how those
hashes behave with retries.

Also, has that extension been added as an exception to the rule that
extensions must remain the same across retry (since it can change)?
I don't see that being added to such list of exceptions.


TLS mailing list

Reply via email to