-----Original Message----- From: Michael Richardson <[email protected]> Sent: Thursday 28 August 2025 22:00 To: Owen Friel (ofriel) <[email protected]>; [email protected]; [email protected] Subject: Re: [Emu] Re: draft-ietf-emu-bootstrapped-tls-08 ietf last call Artart review
Owen Friel \(ofriel\) <[email protected]> wrote: ofriel> Dan and I went back and forth on this one. We came up with 3 ofriel> different options here: > 1. Always use SHA256 > 2. Use a SHA length that depends on the BSK prime key length > 3. Use a SHA length that matches the target_kdf" Seems to always be SHA2, right? I know I read this document a few years ago, but many details are now vague, despite re-reading section 3. can the choice be deferred until TLS has chosen a KDF? No, because the ID has to go into the ClientHello, right? [ofriel] It could match the target_kdf. We use RFC9258 which allows for multiple importedIdentity values, and each value specifies the target_kdf, so we *could* pick a hash that aligns with the target_kdf. Our draft states: https://datatracker.ietf.org/doc/html/draft-ietf-emu-bootstrapped-tls-08#section-3.1 "The EPSK and ImportedIdentity are used in the TLS handshake as specified in [RFC9258]. Multiple ImportedIdentity values may be imported as per [RFC9258] section 5.1. The target_kdf follows [RFC9258] and aligns with the cipher suite hash algorithms advertised in the TLS 1.3 handshake between the device and the server." And https://datatracker.ietf.org/doc/html/rfc9258#name-iana-considerations defines the mappings. So, we could include multiple different BSK-derived external_identity values, one for each kdf/hash. We did get some other feedback at the time when we were debating this (back in January) pointing us to: https://www.imperialviolet.org/2016/05/16/agility.html and recommending sticking with SHA256 and avoiding adding extra options. Hence, we are good with sticking to SHA256 unless anyone strongly feels otherwise. _______________________________________________ Emu mailing list -- [email protected] To unsubscribe send an email to [email protected]
