Owen Friel \(ofriel\) <[email protected]> wrote: ofriel> Dan and I went back and forth on this one. We came up with 3 ofriel> different options here:
> 1. Always use SHA256
> 2. Use a SHA length that depends on the BSK prime key length
> 3. Use a SHA length that matches the target_kdf"
Seems to always be SHA2, right?
I know I read this document a few years ago, but many details are now vague,
despite re-reading section 3. can the choice be deferred until TLS has
chosen a KDF? No, because the ID has to go into the ClientHello, right?
But, maybe SHA256 is good enough to identify the key, even if we can't use it
for other things. We went through this with AuthorityKeyIdentifier and
Subject Key Identifier being SHA1 attached, when really they could be any
agreed upon hash, if they are only calculated once.
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Emu mailing list -- [email protected] To unsubscribe send an email to [email protected]
