On 09/02/2017 21:17, Eric Rescorla wrote: > Hi folks, > > We need to close on an issue about the size of the > state in the HelloRetryRequest. Because we continue the transcript > after HRR, if you want a stateless HRR the server needs to incorporate > the hash state into the cookie. However, this has two issues: > > 1. The "API" for conventional hashes isn't designed to be checkpointed > at arbitrary points (though PKCS#11 at least does have support > for this.) > 2. The state is bigger than you would like b/c you need to store both > the compression function and the "remainder" of bytes that don't > fit in [0] >
Does the handling of Post-Handshake authentication pose a similar issue? That is the need to keep the hash context of the handshake and then append additional data to generate or check the CertificateVerify message? Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.co.uk/ Email: shen...@drh-consultancy.co.uk, PGP key: via homepage. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
