Hi all,
The point is we are now indeed on draft 18. Changing the name now is very
problematic because everybody on the mailinglist already calls it TLS 1.3,
for a long time and no matter what you do, a lot of us (who are hopefully
the experts) will keep referring to it under that name.
If you
s instead
>>> of stripping leading zeroes. The difference in the speed of the HKDF
>>> computation by omitting the leading zeros is not significant. Alignment
>>> with NIST SP 800-56A is nice, but it is not the reason for my preference.
>>>
>>> Russ
>&g
Hi all,
I see that the leading zero is stripped off of the value of Z (the shared
secret) before it is used as input to HKDF. This seems to be compatible
with TLS 1.2. Then again, it is not compatible with e.g. NISP800-56A which
uses the value of Z with the same size of the prime in octets.