Re: TLS Session Resumption

[shailesh.sf () gmail com]

Marc,

I am assuming that the checksum you are referring to is the hash that is to be sent by the client to the server during 
session resumption and/or a new connection initiation.

In a Simple TLS Handshake, the hash is to be computed over the Master Secret Key and all the prior Handshake Messages 
to prove to the server that (1) the client is aware of the Master Secret Key K and (2) their was no message tampering 
of the handshake messages. 

In TLS Session Resumption, the hash is computed over all prior Handshake Messages between the client and the server. 
The Master Secret Key K is not to be included while computing the hash. I am unsure whether the 'session_id' is 
included in the hash computation. And it goes without saying that the client ought to know the Master Secret Key that 
shared with the server prior to Session Resumption attempts are even contemplated.

You might also want to check for the Constant ASCII String that the client and server need to include in the hash to 
ensure that the hash messages originating from either of them can  be identified uniquely. The ASCII constants in TLS 
for the client is 'client finished' and 'server finished' for the server.

Hope this helps.

Regards,
Shailesh

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff! 

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------