On Fri, Mar 11, 2011 at 8:07 AM, Martin Rex <mrex(_at_)sap(_dot_)com> wrote:
I don't recall why 12 bytes rather than 16 bytes or 20 was chosen.
It is not unusual when a two group of folks (IPSEC and TLS) sourcing from
the same pool of engineers and experts (IETF) have to do two very
similar decisions (truncating HMAC-SHA-1) within a fairly short time,
end up with the same conclusion.
http://www.ietf.org/html/rfc2404 Jan-1998 HMAC-SHA-1-96 (for IPSEC)
http://www.ietf.org/html/rfc2246 Jan-1999 TLSv1.0
The dates vs. rfc-numbers of these two documents look strange:
The dates indicate they were published one year apart, but given
their rfc-numbers, one would intuitively expect their dates to
be just the other way round.
TLS 1.0 was held up in process for a long time due to normative
Ietf mailing list