RE: [TLS] Truncated HMAC

["Blumenthal, Uri" <uri.blumenthal@xxxxxxxxx>]

It simply means that the *final output* of HMAC would be truncated to 10
bytes - but *not* that its input or key would be truncated in any way.

-----Original Message-----
From: Mike [mailto:mike-list@xxxxxxxxx] 
Sent: Thursday, November 16, 2006 3:32 PM
To: tls@xxxxxxxxxxxxxx
Subject: Re: [TLS] Truncated HMAC

Casey Marshall wrote:
> On Nov 15, 2006, at 5:02 PM, Mike wrote:
> 
>> I have a question regarding the truncated HMAC extension.
>> When this extension is negotiated, the spec says that
>> CipherSpec.hash_size is 10 bytes.  So does that mean I
>> should only generate 10 bytes for each MAC secret?
> 
>  From RFC 4366, section 3.5:
> 
> "Note that this extension does not affect the calculation of the 
> pseudo-random function (PRF) as part of handshaking or key
derivation."

I saw that, but interpreted it to mean that the HMAC used in the
PRF itself is not truncated.  It is still unclear to me whether
saying "CipherSpec.hash_size = 10" means that the MAC secrets
should be 10 bytes.  My implementation currently computes the
MAC secrets the same whether HMAC truncation is specified or not.
However, I think the spec. could be clarified to say that the
secrets are not reduced to 10 bytes (if that's the intention).
I suggest getting rid of the statement that CipherSpec.hash_size
changes when the extension is used.

Mike

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls