[prev in list] [next in list] [prev in thread] [next in thread]
List: ietf-tls
Subject: Re: [TLS] HKDF
From: Watson Ladd <watsonbladd () gmail ! com>
Date: 2015-03-29 18:55:42
Message-ID: CACsn0cm2XCNN9s=tiJznFJTVRkOXdStKwUYBZwDd3My80TGHhQ () mail ! gmail ! com
[Download RAW message or body]
On Thu, Mar 26, 2015 at 7:55 AM, Michael StJohns <msj@nthpermutation.com> wrote:
> On 3/26/2015 3:24 AM, Ilari Liusvaara wrote:
>>
>> Turns out you can't even implement TLS fully in design that does not
>> know about TLS,
>
>
> This is true for TLS1.2 and before, mainly because of the master secret
> expansion and the PRF. Everything else is bog standard crypto.
>
>> nor does it seem one can even change TLS so that
>> would be possible (at least without introducing gaping security holes).
>
>
> I don't know that I believe that. TLS is a protocol wrapped around a set of
> cryptographic constructs. There are ways to use standard constructs in TLS
> to build a secure protocol. It will require some surgery on TLS1.2, but I
> think that's well underway.
It depends on what the guaranties of the crypto module are. If you
provide AES-GCM, then you need a mechanism to ensure nonces aren't
repeated, and that won't be generic.
Sincerely,
Watson Ladd
>
> Mike
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
--
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither Liberty nor Safety."
-- Benjamin Franklin
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic