W3C home > Mailing lists > Public > ietf-tls@w3.org > April to June 1996

Re: Merged Transport Layer Protocol Development

From: Jeff Weinstein <jsw@netscape.com>
Date: Mon, 29 Apr 1996 23:18:37 -0700
Message-Id: <3185B0BD.1018@netscape.com>
To: Dan Simon <dansimon@microsoft.com>
Cc: ietf-tls <ietf-tls@w3.org>
Dan Simon wrote:
> In short, I see absolutely no reason for treating the "handshake hash"
> any differently from other MACs; both must be secure under the normal
> definition of a MAC.  And the MAC method used in the SSL v3.0 "handshake
> hash" has that property, as long as the underlying hash function
> (whether MD5, SHA or a combination thereof) is collision-intractable.
> The same can be said of the method used for general message
> authentication in PCT.

  I think you misunderstand the purpose of using both MD5 and SHA for
the handshake hash.  If SHA were compromised we could just deprecate
all cipher suites that included SHA, without having to immediately
change the base protocol, since the handshake hash includes MD5 as
well.  If the handshake hash were just SHA, then we would have to change
the protocol if it fell.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.
Received on Tuesday, 30 April 1996 02:22:00 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:34:48 EDT