Hi, RFC5705 section 4 "Exporter Definition" [1] states..
The exporter takes three input values: o a disambiguating label string, o a per-association context value provided by the application using the exporter, and o a length value. If no context is provided, it then computes: PRF(... )[length] If context is provided, it computes: PRF(... )[length] ..i.e., RFC5705 directly utilizes the TLS PRF (pseudo-random function) from TLS {1.0, 1.1, 1.3}. Since the PRF() is no longer defined in TLS 1.3, RFC5705 is incompatible with TLS 1.3, yes? Also, draft-ietf-tls-tls13-11 seems to contain a built-in keying material exporter (KME) in S 7.1 step 8 [2].. 7.1. Key Schedule [...] 8. exporter_secret = HKDF-Expand-Label(master_secret, "exporter master secret", handshake_hash, L) [...] ..i.e., does the above step "8." effectively define the TLS 1.3 keying material exporter? thanks, =JeffH [1] https://tools.ietf.org/html/rfc5705#section-4 [2] https://tools.ietf.org/html/draft-ietf-tls-tls13-11#section-7.1 _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls