[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ietf-tls
Subject:    Re: [TLS] [kitten] RFC 5929 tls-unique clarification?
From:       Dave Cridland <dave () cridland ! net>
Date:       2010-11-09 11:22:19
Message-ID: 2850.1289301739.381983 () puncture
[Download RAW message or body]

On Tue Nov  9 11:11:03 2010, Simon Josefsson wrote:
> Martin Rex <mrex@sap.com> writes:
> 
> > Michael D'Errico wrote:
> >>
> >> Martin Rex wrote:
> >> >
> >> > rfc5929 clearly says "Finished struct", which differs from the
> >> > verify_data as used by rfc5246 (TLS extension RI) in that
> >> > it WILL include the length field of the verify_data opaque  
> vector.
> >>
> >> A Finished message does not have a length byte, even in TLS 1.2.  
>  Square
> >> brackets in the definition mean the data is a fixed size.  TLS  
> 1.2 does
> >> allow a cipher suite to change the size of the verify_data to  
> something
> >> other than 12, but that does not mean a length byte is included  
> in the
> >> Finished message.  Angle brackets would have been used in the  
> definition
> >> if that were the case.
> >
> > *Blush*.
> >
> > OK, thanks for the guidance.
> 
> Interop testing of the tls-unique CB would still be useful, I  
> believe.
> Is anyone interested in this?

Yes, I've a client that should, in principle, do this.

If you run up a server running IMAP, SMTP, ACAP, or XMPP, I can talk  
those.

(I would warn I'm quite busy, so there's no point in rushing.)

Dave.
-- 
Dave Cridland - mailto:dave@cridland.net - xmpp:dwd@dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade

[prev in list] [next in list] [prev in thread] [next in thread]