Hi all,
In the key schedule (section 7.1) of RFC8446(bis), what is the rationale
for using /*Derive-Secret(., "derived", "")*/in the derivations of
Handshake and Master Secrets? Since this change was made in draft 19, I
expect there should be some reasoning of why this was added.
Specifically, what are the security implications if this step is missed,
i.e.,
* if Early Secret is directly used as the Salt argument for
HKDF-Extract of Handshake Secret;
* and similarly if Handshake Secret is directly used as the Salt
argument for HKDF-Extract of Master Secret.
Regards,
Usama
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
