Bernard Aboba wrote: > The problem is that RFC 2716 specifies the use of TLS-PRF-128. If > TLS v1.2 negotiates a PRF where PRF-64 is not the same as the first > 64 octets of PRF-128 (the IKEv2 PRF is an example of such a PRF), > then RFC 2716bis implementations will not interoperate with RFC 2716 > implementations.
I think this cannot happen in (current drafts of) TLS 1.2. We decided that all PRFs for TLS 1.2 must use the same "API" as the current PRF (arbitrary-length secret/label/seed as input, sufficiently long byte string out). And as far as I can tell, this cannot happen in IKEv2 either: the output bytes are calculated one block at a time, and the "amount of bytes (or blocks) needed" is not used in the calculation. Best regards, Pasi _______________________________________________ Emu mailing list [email protected] https://www1.ietf.org/mailman/listinfo/emu
