Yes, that is correct On Tue, Jan 2, 2018 at 9:06 AM, Short, Todd <tsh...@akamai.com> wrote:
> Question on Post-Handshake Authentication (PHA): > > PHA can occur multiple times over a connection. The description for the > "Handshake Context” is as follows (4.4): > > | | | | > | Post- | ClientHello ... client | client_application_traff | > | Handshake | Finished + | ic_secret_N | > | | CertificateRequest | | > +-----------+----------------------------+--------------------------+ > > > Now, PHA costs of: > > S>C: CertificateRequest > > followed by: > > C>S: Certificate+CertificateVerify+client Finished > > This could be interpreted to mean that these PHA messages are included in > the Handshake Context. However, Section 4.4.1 states: > > For concreteness, the transcript hash is always taken from the > following sequence of handshake messages, starting at the first > ClientHello and including only those messages that were sent: > ClientHello, HelloRetryRequest, ClientHello, ServerHello, > EncryptedExtensions, server CertificateRequest, server Certificate, > > server CertificateVerify, server Finished, EndOfEarlyData, client > Certificate, client CertificateVerify, client Finished. > > > > I want to confirm that the PHA handshake context consists only of the > messages listed in section 4.4.1 from the initial handshake, and do not > include any of the messages from intermediate PHA exchanges. > > Thank you, > > -- > -Todd Short > // tsh...@akamai.com > // "One if by land, two if by sea, three if by the Internet." > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls