On 5 July 2017 at 11:35, Eric Rescorla <e...@rtfm.com> wrote: > > Yes, that might not be a terrible idea. I'd also be open to replacing > the hashes of 0 with an n-byte length 0 string. It's a tiny paper > cut (and a wire format change), but would make things slightly simpler .
I'm not entirely sure what you mean be the "hashes of 0". Are you referring to the 0 length input passed to Derive-Secret in the various Derive-Secret(., "derived", "") instances (and also for the binder_key)? Matt _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
