Hi all,
I see that the leading zero is stripped off of the value of Z (the shared
secret) before it is used as input to HKDF. This seems to be compatible
with TLS 1.2. Then again, it is not compatible with e.g. NISP800-56A which
uses the value of Z with the same size of the prime in octets. Furthe
n the speed of the HKDF
>>> computation by omitting the leading zeros is not significant. Alignment
>>> with NIST SP 800-56A is nice, but it is not the reason for my preference.
>>>
>>> Russ
>>>
>>>
>>> On Mar 28, 2016, at 11:56 AM, Maarten
Hi all,
The point is we are now indeed on draft 18. Changing the name now is very
problematic because everybody on the mailinglist already calls it TLS 1.3,
for a long time and no matter what you do, a lot of us (who are hopefully
the experts) will keep referring to it under that name.
If you wan
