On Fri, Feb 28, 2014 at 9:24 AM, Ryan Sleevi <sleevi@google.com> wrote: > That length is unnecessarily restrictive for SHA2+, which is why NIST no > longer recommends that as the calculus. > > Zero length keys are well defined. Are you suggesting prohibiting them > from import as well as generate? > Eric's suggestion was that import / generate should be consistent: either both supporting zero-length or neither supporting zero-length. Since the library doesn't support generation of zero-length keys, I understood that to support zero-length for generate would require additional work to catch that case and implement it outside the library. Since that case is not exactly useful (even if it is well-defined), I suggested we go for the option that doesn't require that additional work. ...Mark > On Feb 28, 2014 9:14 AM, "Jim Schaad" <ietf@augustcellars.com> wrote: > >> I don't think that I care one way or the other. As an arbitrary lower >> bound I suppose it is fine. I would also be just as happy with key length >> being a minimum of 1/2 of the hash output length. >> >> >> >> Jim >> >> >> >> >> >> *From:* Mark Watson [mailto:watsonm@netflix.com] >> *Sent:* Friday, February 28, 2014 8:29 AM >> *To:* public-webcrypto@w3.org >> *Subject:* Bug 24806 - Should the spec mandate a minimum key length for >> HMAC? >> >> >> >> https://www.w3.org/Bugs/Public/show_bug.cgi?id=24806 >> >> >> >> My proposal is to dis-allow zero length keys for HMAC. Comments ? >> >> >> >> ...Mark >> >
Received on Friday, 28 February 2014 17:44:13 UTC