On Aug 28, 2023, at 2:18 PM, Heikki Vatiainen wrote:
> My colleague just pointed out that a lazy implementation can simply always
> ignore EMSK and still be compliant. Would being lazy be a good reason?
With the updated text, the document says "use EMSK if it's available". So if
an implement
On Mon, 28 Aug 2023 at 21:09, Alexander Clouter
wrote:
> On Mon, 28 Aug 2023, at 15:43, Heikki Vatiainen wrote:
> >
> >> If an inner method supports export of an Extended Master Session Key
> >> (EMSK), then the IMSK SHOULD be derived from the EMSK as defined in
> >> [RFC5295].
> >
> > Why the SH
On Mon, 28 Aug 2023, at 15:43, Heikki Vatiainen wrote:
>
>> If an inner method supports export of an Extended Master Session Key
>> (EMSK), then the IMSK SHOULD be derived from the EMSK as defined in
>> [RFC5295].
>
> Why the SHOULD? If something else is done, how could it work with other
> impleme
On Mon, 28 Aug 2023 at 13:25, Alexander Clouter
wrote:
> On Sun, 27 Aug 2023, at 18:16, Heikki Vatiainen wrote:
>
> > https://github.com/emu-wg/rfc7170bis/pull/27
> >
> > Alex, please comment. I've discussed this with a colleague and we think
> the
> > current draft would break compatibility wi
On Aug 27, 2023, at 1:50 PM, Eliot Lear wrote:
> This change looks good. I want to code it with the PKCS ops to make sure
> it's okay. That'll take a little bit.
I've merged the PR.
I'll think separately about Alex's comments. I understand the intent, but
getting this text clear and cor
On Sun, 27 Aug 2023, at 18:16, Heikki Vatiainen wrote:
> RFC 7170 and the current draft have diverged in how IMSK is calculated.
>
> In short:
> 1. RFC 7170 pass EMSK to TLS-PRF whereas the draft passes both EMSK and MSK
> to TLS-PRF.
> 2. While RFC 7170 adjusts only MSK to 32 octet length, the dra
Heikki
This change looks good. I want to code it with the PKCS ops to make
sure it's okay. That'll take a little bit.
Eliot
On 27.08.23 19:16, Heikki Vatiainen wrote:
RFC 7170 and the current draft have diverged in how IMSK is calculated.
In short:
1. RFC 7170 pass EMSK to TLS-PRF whereas
