Hi,
RFC5705 section 4 "Exporter Definition" [1] states..
The exporter takes three input values:
o a disambiguating label string,
o a per-association context value provided by the application using
the exporter, and
o a length value.
If no context is provided, it then computes:
PRF(...
)[length]
If context is provided, it computes:
PRF(...
)[length]
..i.e., RFC5705 directly utilizes the TLS PRF (pseudo-random function)
from TLS {1.0, 1.1, 1.3}. Since the PRF() is no longer defined in TLS
1.3, RFC5705 is incompatible with TLS 1.3, yes?
Also, draft-ietf-tls-tls13-11 seems to contain a built-in keying material
exporter (KME) in S 7.1 step 8 [2]..
7.1. Key Schedule
[...]
8. exporter_secret = HKDF-Expand-Label(master_secret,
"exporter master secret",
handshake_hash, L)
[...]
..i.e., does the above step "8." effectively define the TLS 1.3 keying
material exporter?
thanks,
=JeffH
[1] https://tools.ietf.org/html/rfc5705#section-4
[2] https://tools.ietf.org/html/draft-ietf-tls-tls13-11#section-7.1
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
