On Thu, Jul 26, 2018 at 10:58:05AM -0700, Eric Rescorla wrote:
> Here’s a specific construction, but we’re flexible about the details:
>
> struct {
> opaque base_identity<1...2^16-1>;
> HashAlgorithm hash;
> } imported_psk_identity;
>
> UPSKx = HKDF-Extract(0, UPSK) // UPSK is the input universal PSK
> PSK = HKDF-Expand-Label(UPSKx, "derived psk", BaseKDF(psk_identity),
> TargetHash.length) // Might need to shorten label
>
> These functions would be executed with the KDF associated with the UPSK,
> but produce
> a key the size of the desired hash.
Using HashAlgorithm here does not seem to be great. The problem being
that HashAlgorithm is shadowed by SignatureScheme, which could make
adding a new ciphersuite hash problematic, due to needing to add a
new HashAlgorithm.
-Ilari
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
