On 04/24/2017 06:21 PM, Eric Rescorla wrote: > Based on Ilari's comments, it seems like we just lost 9 bytes, and the > TLS 1.3, label was 9 bytes, so these cancel each other out and we have > a total of 18 bytes to work with, including the label. > > Hence, the following proposal for the complete label, where the > longest string is 18 bytes. > > 16 tls13 ext binder # was external psk binder key > 16 tls13 res binder # was resumption psk binder key > 17 tls13 c e traffic # was client early traffic secret > 18 tls13 e exp master # was early exporter master secret > 18 tls13 c hs traffic # was client handshake traffic secret > 18 tls13 s hs traffic # was server handshake traffic secret > 18 tls13 c ap traffic # was client application traffic secret > 18 tls13 s ap traffic # was server application traffic secret > 16 tls13 exp master # was exporter master secret > 16 tls13 res master # was resumption master secret > 9 tls13 key # was key > 8 tls13 iv # was iv > 14 tls13 finished # was finished > 17 tls13 traffic upd # was application traffic secret > 14 tls13 exporter # was exporter > 13 tls13 derived # was derived > > Further bikeshedding?
I had something more olive-ish puce in mind ... but this is fine; ship it. -Ben
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
