Also, it would be difficult to remove existing functionality, and get the callers to update. E.g. deprecation of TLS_UNIQUE is not going easy for apps/protocols.
Cheers, Andrei From: TLS [mailto:[email protected]] On Behalf Of Eric Rescorla Sent: Tuesday, October 4, 2016 8:49 PM To: Martin Thomson <[email protected]> Cc: [email protected] Subject: Re: [TLS] Exporter output size On Tue, Oct 4, 2016 at 6:32 PM, Martin Thomson <[email protected]<mailto:[email protected]>> wrote: After a bunch of discussion about the consequences of having insufficient output from various stages of the hash functions... Could we make an amendment to TLS 1.3 to force the output size of the exporter to be the size of the underlying hash output? That is, remove the length parameter. Or is a change to the API too disruptive? I don't think this is a good idea. There are plenty of reasons why you would want to export values != hash_len (e.g., cryptographic keys). Putting a restriction here just pushes the problem around -Ekr _______________________________________________ TLS mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
