Hi Chris,
I expect that the idea is to have key separation for the binder key depending
on the usage. Having this kind of property is always a good practice, so I
agree with Jonathan on this.
B.
> On Sep 3, 2019, at 1:29 AM, Christopher Wood <c...@heapingbits.net> wrote:
>
> Hi folks,
>
>
> Per Jonathan Hoyland's recommendation, we're considering adding a new
> binder_key label ("imp binder") for imported PSKs. Specifically, this changes
> the key schedule from this:
>
> ~~~
> 0
> |
> v
> PSK -> HKDF-Extract = Early Secret
> |
> +-----> Derive-Secret(., "ext binder" | "res binder", "")
> | = binder_key
> ~~~
>
> to this:
>
> ~~~
> 0
> |
> v
> PSK -> HKDF-Extract = Early Secret
> |
> +-----> Derive-Secret(., "ext binder"
> | | "res binder"
> | | "imp binder", "")
> | = binder_key
> ~~~
>
> Details can be found in the PR [1].
>
> This does not seem to affect the interoperability story (imported keys are
> further differentiated from non-imported keys). However, it's non trivial, so
> we'd like feedback from the group before merging the change.
>
> Thanks!
> Chris (no hat)
>
> [1] https://github.com/tlswg/draft-ietf-tls-external-psk-importer/pull/10
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
