> > Thanks! That’s indeed inconsistent, we’ll fix it. > > https://github.com/davidben/merkle-tree-certs/issues/32 > > Hmm... Looking at that construct, why is the pad there?
We pad to the hash block size. When computing the full Merkle tree, or verifying an authentication path, the values before the pad are the same, and thus we can precompute the hash state after digesting those fixed values. (With the current inputs and sha256, it will only make a difference for HashAssertion though.) > And there does not seem to be any way to salt the hash. WebPKI requires > what effectively amounts to salting the hash via serial number (even > for SHA-256). > Please elaborate. Best, Bas
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
