Hi Chris, I expect that the idea is to have key separation for the binder key depending on the usage. Having this kind of property is always a good practice, so I agree with Jonathan on this.
B. > On Sep 3, 2019, at 1:29 AM, Christopher Wood <[email protected]> wrote: > > Hi folks, > > > Per Jonathan Hoyland's recommendation, we're considering adding a new > binder_key label ("imp binder") for imported PSKs. Specifically, this changes > the key schedule from this: > > ~~~ > 0 > | > v > PSK -> HKDF-Extract = Early Secret > | > +-----> Derive-Secret(., "ext binder" | "res binder", "") > | = binder_key > ~~~ > > to this: > > ~~~ > 0 > | > v > PSK -> HKDF-Extract = Early Secret > | > +-----> Derive-Secret(., "ext binder" > | | "res binder" > | | "imp binder", "") > | = binder_key > ~~~ > > Details can be found in the PR [1]. > > This does not seem to affect the interoperability story (imported keys are > further differentiated from non-imported keys). However, it's non trivial, so > we'd like feedback from the group before merging the change. > > Thanks! > Chris (no hat) > > [1] https://github.com/tlswg/draft-ietf-tls-external-psk-importer/pull/10 > > _______________________________________________ > TLS mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
