Achim Kraus <[email protected]> writes: >2. Why should a "uint16 iv_length" be added?
To make it explicit which of the bits being hashed is the IV. This is one of the flaws of things like OAEP, there are a large number of implicitly-sized fields controlled by external, unauthenticated parameters, so you can make the verifier see fields as other, nearby fields (I'm using OAEP as an example because it's particularly bad, there are so many optional values controlled by external unauthenticated data that you can have all sorts of fun with it). >2.b If it should be added, why in the middle? It's not on the wire and so I >would assume, if at all, to have that at the begin. It precedes the IV, i.e. the field that it describes. Peter. _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
