3. Motivation
Questa sezione conserva il testo RFC su BUSA-TLS, includendo TLS 1.3 HKDF key schedule changes, Mandatory Audio Component, MAC derivation, alert handling, implementation notes, security considerations e IANA considerations.
Testo RFC originale
3. Motivation
Null is the enemy. TLS 1.3 knew this. The designers of TLS 1.3 took
extraordinary measures to ensure that null encryption, null
authentication, and null key exchange could not be negotiated. They
removed export ciphers. They removed Rivest Cipher 4 (RC4). They
removed Cipher Block Chaining (CBC) mode. They removed RSA key
exchange. They were thorough.
And yet ...
The opening gambit of the key schedule, in the common case, is a
string of zero bytes. This is technically fine from a security
standpoint; HKDF-Extract [RFC5869] with a zero-byte IKM is a well-
understood operation, and the output is pseudorandom. But it is
spiritually troubling.
By incorporating the Mandatory Audio Component, implementations of
BUSA-TLS achieve a state in which every byte of the key schedule,
from the first HKDF-Extract through the final application traffic key
export, is downstream of an audio recording that the Broward County
Sheriff's Office once attempted to suppress.
The authors consider this an improvement.