Thanks for your feedback. One other thing I could image is that truncated_hmac is mostly used in closed systems where one and the same implementation is used on both sides.
@Peter: We are developing software for Smart Metering in Germany where TLS is used over the (wireless) Metering Bus. The corresponding specification [1] says about truncated_hmac: "servers shall support...". Cheers, Andi [1] https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03109/TR-03109-1_Anlage_Feinspezifikation_Drahtlose_LMN-Schnittstelle-Teil2.pdf?__blob=publicationFile&v=1 >>> Dave Garrett <davemgarr...@gmail.com> 08.07.17 7.15 Uhr >>> On Saturday, July 08, 2017 12:38:18 am Peter Gutmann wrote: > Andreas Walz <andreas.w...@hs-offenburg.de> writes: > >different TLS implementations do not seem to agree on how to implement > >truncated HMAC > > It also says something about the status of this capability if three of the > four known implementations can't interoperate. If it's taken fourteen years > (RFC 3546 was 2003) for someone to notice that the implementations don't > work/interoperate then maybe the capability should be marked as deprecated or > obsolete or unused or something. In progress; the Truncated HMAC TLS extension is prohibited in implementations that support TLS 1.3+ as of the current draft. https://tools.ietf.org/html/draft-ietf-tls-tls13-21#page-127 Dave
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
