On Thu, Feb 23, 2017 at 8:08 AM, Dr Stephen Henson < li...@drh-consultancy.co.uk> wrote:
> On 09/02/2017 21:17, Eric Rescorla wrote: > > Hi folks, > > > > We need to close on an issue about the size of the > > state in the HelloRetryRequest. Because we continue the transcript > > after HRR, if you want a stateless HRR the server needs to incorporate > > the hash state into the cookie. However, this has two issues: > > > > 1. The "API" for conventional hashes isn't designed to be checkpointed > > at arbitrary points (though PKCS#11 at least does have support > > for this.) > > 2. The state is bigger than you would like b/c you need to store both > > the compression function and the "remainder" of bytes that don't > > fit in [0] > > > > Does the handling of Post-Handshake authentication pose a similar issue? > That is > the need to keep the hash context of the handshake and then append > additional > data to generate or check the CertificateVerify message? > It's a slight inconvenience, but not a real issue because you don't need to send the state over the wire. So you just need a forkable hash implementation, which you needed anyway because of the way the rest of the hashing works. -Ekr > Steve. > -- > Dr Stephen N. Henson. > Core developer of the OpenSSL project: http://www.openssl.org/ > Freelance consultant see: http://www.drh-consultancy.co.uk/ > Email: shen...@drh-consultancy.co.uk, PGP key: via homepage. >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls