If you don’t care about FIPS-140, just delete this message, and avoid the temptation to argue how bad it is.
NIST SP 800-56C (Recommendation for Key-Derivation Methods in Key-Establishment Schemes) is currently a draft in review. The document is at https://csrc.nist.gov/publications/detail/sp/800-56c/rev-2/draft Email comments can be sent to 800-56c_comme...@nist.gov with a deadline of May 15. That is not a lot of time. The NIST crypto group is currently unlikely to include HKDF, which means that TLS 1.3 would not be part of FIPS. The CMVP folks at NIST understand this, and agree that this would be bad; they are looking at adding it, perhaps via an Implementation Guidance update. If you have a view of HKDF (and perhaps TLS 1.3), I strongly encourage you to comment at the above address. Please do not comment here. I know that many members of industry and academia have been involved with TLS 1.3, and performed security analysis of it. If you are one of those people, *please* send email and ask the NIST Crypto Team to reconsider. Thank you. /r$ _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
