On 2/28/11 3:45 AM, Nikos Mavrogiannopoulos wrote:
On Mon, Feb 28, 2011 at 7:35 AM, Satoru Kanno
<kanno(_dot_)satoru(_at_)po(_dot_)ntts(_dot_)co(_dot_)jp> wrote:
I see that this document defines ciphersuites with a PRF based on
SHA384... However it does not specify the verify_data_length, thus
the default value of 12 applies, and the SHA384 PRF is being truncated
to 96 bits. Is this intentional? If yes, then what is the purpose to
use the SHA384 as PRF?
Hi Nikos,
Thank you for your comment.
I think that the verify_data_length with a PRF based on
SHA384 is specified in RFC5246.
As a result, I refer to RFC5246 as well as other documents( e.g., RFC5289,
RFC5487, and draft-nsri-tls-aria etc.,) in our document.
I think that your comment is not only our draft but all documents specifying
the PRF base on SHA384 for TLS.
Yours was the first document I noticed to use SHA384 as PRF. If there
are other documents that specify that, and don't set the verify_data_length
size then it applies to those as well. (just noticed that applies to RFC5288
as well).
If the verify_data_length default is 12 (from 5246) then saying nothing
means that it's still 12 right? Or, do you think an explicit statement
saying "the default value for verify_data_length of 12 is used" is needed?
spt
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf