On Sat, Sep 17, 2016 at 02:43:49PM -0700, Eric Rescorla wrote: > > In this case, I believe that the finished is computed over > "ClientHello(groups=23,24,29;PSK=foo;shares=23:bar,29:baz,24:quux,..." > > But that the handshake transcript is computed over all of: > "Client: ClientHello(groups=23,24,29;PSK=foo;shares=23:bar,29:baz,. > ..,finished=zot) > Server: HelloRetryRequest(group=24) > Client: ClientHello(groups=23,24,29;PSK=foo;shares=23:bar,29:baz, > 24:quux,...,finished=???)"
Well, either way, I think there should be a note about how those hashes behave with retries. Also, has that extension been added as an exception to the rule that extensions must remain the same across retry (since it can change)? I don't see that being added to such list of exceptions. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
