On Tue, 13 May 2025 13:37:18 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Bradford Wetmore has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Missed one review comment
>
> src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java line 1682:
>
>> 1680: // ...now the final expand.
>> 1681: return (deriveKey ?
>> 1682: hkdf.deriveKey("TlsExporterKeyingMaterial",
>
> Using a registered algorithm will make this method work, but I'm not sure if
> the resulting key can be used further. Do you know any typical use cases for
> the EKM?
>From a previous comment:
IIUC, the exported keying material can be used for any purpose or algorithm, so
we really can't make an good educated guess what it might be. They could be
Keys (Ciphers), byte array/value challenges, or even just data that will be
signed. This is just doing a quick read of some of the IANA definitions which
link to some of the known use cases:
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2090208168
