https://github.com/tlswg/tls13-spec/pull/248
Folks, Hugo Krawczyk, Hoeteck Wee, and Bjorn Tackmann suggested a revision to the key hierarchy that separates out the computation of the MS from the computation of the keys that are derived from ES and SS. Specifically, xES and xES are to be used to derive their respective traffic keys and intermediate values mES and mES which are then used with HKDF-Extract to generate MS. Aside from some analytic advantages, this also allows us to use the HKDF-Extract and HKDF-Expand APIs from RFC 5869 which is convenient (it's also compatible with all-in-one HKDF APIs). The PR is at: https://github.com/tlswg/tls13-spec/pull/248 I think this is a good change, but comments welcome. -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
