On Tue, Oct 4, 2016 at 6:32 PM, Martin Thomson <[email protected]> wrote:
> After a bunch of discussion about the consequences of having > insufficient output from various stages of the hash functions... Could > we make an amendment to TLS 1.3 to force the output size of the > exporter to be the size of the underlying hash output? That is, > remove the length parameter. Or is a change to the API too > disruptive? > I don't think this is a good idea. There are plenty of reasons why you would want to export values != hash_len (e.g., cryptographic keys). Putting a restriction here just pushes the problem around -Ekr > _______________________________________________ > TLS mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
