[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ietf-tls
Subject:    Re: [TLS] TLS Digest, Vol 65, Issue 86
From:       Michael D'Errico <mike-list () pobox ! com>
Date:       2009-12-20 2:49:30
Message-ID: 4B2D90BA.9030003 () pobox ! com
[Download RAW message or body]

Ravi Ganesan wrote:
> ....  If by renegotiation one means "brand new keying 
> material"  then the abbreviated handshake does not achieve it, as there 
> is no new master_secret.

A renegotiation is a _handshake_ that occurs after the initial handshake.

First, you perform an initial handshake to establish a secure channel.
Then if you ever perform a handshake over this previously-established
secure channel, you are renegotiating.

The initial handshake may be full or abbreviated, and the renegotiation
may be full or abbreviated.  TLS does not require the renegotiation
handshake to be related in any way to the initial handshake (except now
we are adding the Renegotiation_Info extension to prevent man-in-the-
middle attacks).

A full handshake creates a new master secret and an abbreviated handshake
reuses one.  All handshakes generate new keying material based on the
master secret.

Mike

[prev in list] [next in list] [prev in thread] [next in thread]