[prev in list] [next in list] [prev in thread] [next in thread]
List: ietf-tls
Subject: Re: [TLS] [kitten] RFC 5929 tls-unique clarification?
From: Dave Cridland <dave () cridland ! net>
Date: 2010-11-09 11:22:19
Message-ID: 2850.1289301739.381983 () puncture
[Download RAW message or body]
On Tue Nov 9 11:11:03 2010, Simon Josefsson wrote:
> Martin Rex <mrex@sap.com> writes:
>
> > Michael D'Errico wrote:
> >>
> >> Martin Rex wrote:
> >> >
> >> > rfc5929 clearly says "Finished struct", which differs from the
> >> > verify_data as used by rfc5246 (TLS extension RI) in that
> >> > it WILL include the length field of the verify_data opaque
> vector.
> >>
> >> A Finished message does not have a length byte, even in TLS 1.2.
> Square
> >> brackets in the definition mean the data is a fixed size. TLS
> 1.2 does
> >> allow a cipher suite to change the size of the verify_data to
> something
> >> other than 12, but that does not mean a length byte is included
> in the
> >> Finished message. Angle brackets would have been used in the
> definition
> >> if that were the case.
> >
> > *Blush*.
> >
> > OK, thanks for the guidance.
>
> Interop testing of the tls-unique CB would still be useful, I
> believe.
> Is anyone interested in this?
Yes, I've a client that should, in principle, do this.
If you run up a server running IMAP, SMTP, ACAP, or XMPP, I can talk
those.
(I would warn I'm quite busy, so there's no point in rushing.)
Dave.
--
Dave Cridland - mailto:dave@cridland.net - xmpp:dwd@dave.cridland.net
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic