[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ietf-tls
Subject:    Re: [TLS] RFC 5929 tls-unique clarification?
From:       Simon Josefsson <simon () josefsson ! org>
Date:       2010-11-06 9:46:49
Message-ID: 8739revl6e.fsf () latte ! josefsson ! org
[Download RAW message or body]

Martin Rex <mrex@sap.com> writes:

> rfc5929 clearly says "Finished struct", which differs from the
> verify_data as used by rfc5246 (TLS extension RI) in that
> it WILL include the length field of the verify_data opaque vector.
>
> If there had been any mentioning of the CB sizes for tls-unique, similar
> to rfc5746 (12 octets for TLSv1.x and existing cipher suites,
> 36 octets for SSLv3), then I would not be wondering whether this
> spec really means what it says.
>
> What size does your tls-unique CB have for TLSv1.x?  12 or 13 octets?

Sigh.  I used 12 octets, but your interpretation suggests 13 octets even
though that is silly.  My new API is not in any stable GnuTLS release,
so there is still time to fix it.

Were anyone able to interop test against the Microsoft implementation
that were the justification to change the definition?

I'd love to do interop testing with someone else, to feel more confident
in the output.  I do support both TLSv1 and SSLv3 Finished messages, but
I'm striping the initial length octet.  I'll change that if there is
consensus on the interpretation.

/Simon

[prev in list] [next in list] [prev in thread] [next in thread]