Hi folks,
Per Jonathan Hoyland's recommendation, we're considering adding a new
binder_key label ("imp binder") for imported PSKs. Specifically, this changes
the key schedule from this:
~~~
0
|
v
PSK -> HKDF-Extract = Early Secret
|
+-----> Derive-Secret(., "ext binder" | "res binder", "")
| = binder_key
~~~
to this:
~~~
0
|
v
PSK -> HKDF-Extract = Early Secret
|
+-----> Derive-Secret(., "ext binder"
| | "res binder"
| | "imp binder", "")
| = binder_key
~~~
Details can be found in the PR [1].
This does not seem to affect the interoperability story (imported keys are
further differentiated from non-imported keys). However, it's non trivial, so
we'd like feedback from the group before merging the change.
Thanks!
Chris (no hat)
[1] https://github.com/tlswg/draft-ietf-tls-external-psk-importer/pull/10
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
