[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pkcs11] Groups - TLS 1.2 mechanisms uploaded
Bob, I read the Working Draft 02 (dated 5 July 2013) of your proposal for TLS 1.2 mechanisms. Here are my review comments. 1. It is a simple extension of the four current CKM_TLS_xxx mechanisms, so I am confident that they can be implemented. (CKM_TLS_PRE_MASTER_KEY_GEN does not need to be extended for TLS 1.2 because it doesn't depend on the TLS PRF.) 2. You use a CK_MECHANISM_TYPE field to specify the hash function for the TLS P_hash function (a component of the TLS PRF). A theoretical problem is that a hash function may have parameters, so it would be more general to use a CK_MECHANISM structure to specify the hash function. Of course, this could be an overkill in practice. Nit: I recommend adding the CK_MECHANISM_TYPE field to the beginning of the various mechanism parameter structures. 3. Remove the "CK_BBOOL bIsExport" field. The export cipher suites have been removed in TLS 1.1. The rest are corrections of typographical errors. 4. In the first paragraph of section 1.1, "TLS mechanism" should be changed to "TLS mechanisms" (plural) or perhaps "TLS 1.0 and 1.1 mechanisms". 5. In the first paragraph of section 1.1, the last sentence is incorrect and should be removed: Specifiying CKM_SHA1 for the hash will produce the same results as the standard TLS mechanism. In TLS 1.0 and 1.1, an XOR of P_MD5 and P_SHA-1 is used to form the PRF. Note: Spelling error: "Specifiying" => "Specifying" 6. In the table in section 1.1, the "Derive" function should be checked for the CKM_TLS_PRF mechanism. 7. In section 1,1,1, the second occurrence of "CKM_TLS12_MASTER_KEY_DERIVE" should be "CKM_TLS12_MASTER_KEY_DERIVE_DH". 8. Search for "_TLS_" globally in your document. Many of the occurrences should be changed to "_TLS12_". Wan-Teh Chang
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]