Hi Owen, Hi Dan,
Thanks for the recent -02 draft update, which addresses a few of my remarks in my review https://mailarchive.ietf.org/arch/msg/emu/VNCAFb4BTTOib27s1gIXUOEn_ng/ My question about the relationship with RFC 9258 was not answered and hence I am giving it another try. Here is what I have expected to see in the draft given that RFC 9258 already defines the derivation of the epskx and the ipskx provided a few inputs. Here is what the RFC says: epskx = HKDF-Extract(0, epsk) ipskx = HKDF-Expand-Label(epskx, "derived psk", Hash(ImportedIdentity), L) IMHO you only need to define (a) what the base epsk is, and (b) how to populate the ImportedIdentity structure. Regarding (a): You seem to be setting the base epsk (for the HKDF-Extract function above) to the DER-encoded ASN.1 subjectPublicKeyInfo representation of the BSK public key (which is externally provided, for example by scanning a QR code). L is 32 since you seem to be mandating the use of HKDF-SHA256 as the KDF. Regarding (b): RFC 9258 defines the ImportedIdentity structure as: struct { opaque external_identity<1...2^16-1>; opaque context<0..2^16-1>; uint16 target_protocol; uint16 target_kdf; } ImportedIdentity; You populate the ImportedIdentity structure based on the description in Section 3.1 as follows: - external_identity = epskid (which seems to be again the DER-encoded ASN.1 subjectPublicKeyInfo representation of the BSK public key) - context = "tls13-bsk" - target_protocol = TLS1.3(0x0304) - target_kdf = HKDF_SHA256(0x0001) With this approach the text at the beginning of Section 3.1 is not needed. Tell me if I misreading the document and you are in fact adding another layer of key derivation to produce the base epsk. If that's the case, you might want to say why you are doing this. Ciao Hannes PS: RFC 9258 also says that the ImportedIdentity.context MUST include a channel binding. This appears to be missing. If you think it is unnecessary, it might be worthwhile to state it. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu