Re: Bug 24806 - Should the spec mandate a minimum key length for HMAC?

Based on the discussion on the call, I suggest we do nothing for this one
(i.e. WORKSFORME).

...Mark


On Fri, Feb 28, 2014 at 9:43 AM, Mark Watson <watsonm@netflix.com> wrote:

>
>
>
> On Fri, Feb 28, 2014 at 9:24 AM, Ryan Sleevi <sleevi@google.com> wrote:
>
>> That length is unnecessarily restrictive for SHA2+, which is why NIST no
>> longer recommends that as the calculus.
>>
>> Zero length keys are well defined. Are you suggesting prohibiting them
>> from import as well as generate?
>>
> Eric's suggestion was that import / generate should be consistent: either
> both supporting zero-length or neither supporting zero-length.
>
> Since the library doesn't support generation of zero-length keys, I
> understood that to support zero-length for generate would require
> additional work to catch that case and implement it outside the library.
> Since that case is not exactly useful (even if it is well-defined), I
> suggested we go for the option that doesn't require that additional work.
>
> ...Mark
>
>
>
>
>>  On Feb 28, 2014 9:14 AM, "Jim Schaad" <ietf@augustcellars.com> wrote:
>>
>>> I don't think that I care one way or the other.  As an arbitrary lower
>>> bound I suppose it is fine.  I would also be just as happy with key length
>>> being a minimum of 1/2 of the hash output length.
>>>
>>>
>>>
>>> Jim
>>>
>>>
>>>
>>>
>>>
>>> *From:* Mark Watson [mailto:watsonm@netflix.com]
>>> *Sent:* Friday, February 28, 2014 8:29 AM
>>> *To:* public-webcrypto@w3.org
>>> *Subject:* Bug 24806 - Should the spec mandate a minimum key length for
>>> HMAC?
>>>
>>>
>>>
>>> https://www.w3.org/Bugs/Public/show_bug.cgi?id=24806
>>>
>>>
>>>
>>> My proposal is to dis-allow zero length keys for HMAC. Comments ?
>>>
>>>
>>>
>>> ...Mark
>>>
>>
>