[TLS] Re: Security Concern in TLS 1.3 and OpenSSL Implementation

Thu, 20 Nov 2025 02:41:40 -0800 

Hi Hosnieh,

On 20.11.25 10:48, H.Rafiee wrote:



Before making any judgments, I kindly ask that you review my earlier 
messages where I shared the exact key names I was concerned about.



Each one of your emails has problems in key names that I have 
highlighted in responses to each email, e.g., [0,1].



You were repeatedly referred to [2] to understand how the key schedule 
in TLS 1.3 works. I haven't seen any evidence in the interaction that 
you have even skimmed that. For example, the very first figure there 
clearly shows PSK and Main Secret as two separate keys, and you were 
until your last email still colluding PSK and Main Secret.



My intention was only to raise a valid security concern regarding a 
possible attack.



Calling it "valid" without proper justification is just illogical to me. 
I (and Thom) have tried to clarify you that your concern is not valid, 
rather a misunderstanding of the key schedule and the guarantees that 
PSK-based handshake provides.



Unfortunately, instead of addressing it in detail, it was treated as 
if I were spamming.



How much more "detail" do you expect than [0,1] for example? You were 
referred to [2] which has full details of key schedule. I am curious to 
know which "detail" is missing in [2].


I regret that our communication has left me feeling disappointed.


There is nothing to be disappointed. You were welcomed in [1] to submit 
an Internet-Draft with a better proposal for key schedule that the WG 
can then discuss.



I had hoped for more openness to different perspectives, but I 
understand your approach.



Same as above.

-Usama

[0] https://mailarchive.ietf.org/arch/msg/tls/17zIQeq9mE0TUXQip1OSTg_l_pg/

[1] https://mailarchive.ietf.org/arch/msg/tls/A3cljbCAYzBPk7vE2qm-iyxi14M/


[2] 
https://www.researchgate.net/publication/396245726_Perspicuity_of_Attestation_Mechanisms_in_Confidential_Computing_Validation_of_TLS_13_Key_Schedule





Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature


_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]























					Reply via email to