After a bunch of discussion about the consequences of having insufficient output from various stages of the hash functions... Could we make an amendment to TLS 1.3 to force the output size of the exporter to be the size of the underlying hash output? That is, remove the length parameter. Or is a change to the API too disruptive?
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
