On Fri, Sep 1, 2017 at 11:25 AM, Daniel Franke <[email protected]> wrote: >> (3) Section 5.2 states that key material "SHALL" be extracted >> according to RFC 5705. What is the plan if some TLS 1.3-specific >> mechanism deprecates 5705? > > Current TLS 1.3 drafts swaps the KDF implementation from TLS-PRF for > HKDF but keep the interface exactly the same. The intent, which seems > clear at least to me, is that anything which currently uses RFC 5705 > will use TLS 1.3's exporter to extract keys from TLS 1.3 sessions. > Once TLS 1.3 is finalized, we can publish an update to clarify this if > it isn't clear enough already.
I think it's worth clarifying this because you don't want one implementation using 5705 and another using HKDF and agreeing on different keys. For some use cases it doesn't matter (server deriving keys that only it knows), but in cases of shared keys we would have a problem. Kyle _______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc
