[prev in list] [next in list] [prev in thread] [next in thread]
List: ietf-tls
Subject: Re: [TLS] HKDF
From: Dave Garrett <davemgarrett () gmail ! com>
Date: 2015-03-23 20:15:26
Message-ID: 201503231615.26528.davemgarrett () gmail ! com
[Download RAW message or body]
On Monday, March 23, 2015 10:19:59 am Eric Rescorla wrote:
> As I mentioned in a previous message [0] during the interim we discussed
> moving from the TLS PRF to HKDF [RFC5869].
>
> The general sentiment was:
>
> - Move to HKDF
> - Specify both SHA-256 and SHA-384 (the latter being required for
> Suite B)
>
> This is also the time when we would want to look at adjusting
> the key expansion to separate keys and IVs (assuming we still
> have IVs).
>
> Please use this thread to discuss this topic.
>
> -Ekr
>
> [0] https://www.ietf.org/mail-archive/web/tls/current/msg15621.html
Adding support for SHA-3 hashes seems like a good idea at this point.
There's also issue #26 [1] which proposed picking a one-true-hash. I also proposed a \
SHA2+SHA3 construct as a possible route, which was briefly discussed [2]. (construct \
TBD by CFRG) The basic premise of a combined hash in this instance is to provide a \
better guarantee of security if either SHA-2 or SHA-3 were to be broken.
Any of this viable at this juncture?
[1] https://github.com/tlswg/tls13-spec/issues/26
[2] https://www.ietf.org/mail-archive/web/tls/current/msg13264.html
Dave
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic