On Mon, Feb 28, 2011 at 7:35 AM, Satoru Kanno
<kanno(_dot_)satoru(_at_)po(_dot_)ntts(_dot_)co(_dot_)jp> wrote:
I see that this document defines ciphersuites with a PRF based on
SHA384... However it does not specify the verify_data_length, thus
the default value of 12 applies, and the SHA384 PRF is being truncated
to 96 bits. Is this intentional? If yes, then what is the purpose to
use the SHA384 as PRF?
Hi Nikos,
Thank you for your comment.
I think that the verify_data_length with a PRF based on
SHA384 is specified in RFC5246.
As a result, I refer to RFC5246 as well as other documents( e.g., RFC5289,
RFC5487, and draft-nsri-tls-aria etc.,) in our document.
I think that your comment is not only our draft but all documents specifying
the PRF base on SHA384 for TLS.
Yours was the first document I noticed to use SHA384 as PRF. If there
are other documents that specify that, and don't set the verify_data_length
size then it applies to those as well. (just noticed that applies to RFC5288
as well).
regards,
Nikos
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf