FYI, I'm not sure this is really an issue. Copy of email I sent to @misi and @juberti: > I don't think this is an issue after all... because RFC2104 already defines how HMAC keys are shortened: > >> The authentication key K can be of any length up to B, the >> block length of the hash function. Applications that use keys longer >> than B bytes will first hash the key using H and then use the >> resultant L byte string as the actual key to HMAC. > > So if anything, the issue with RFC7635 is that it seems to assume the SHA1 key must be 20 bytes, when it can be up to 64 bytes and there's a defined procedure for shortening it if it's too large. > > Or have I missed something? Is there a crypto expert in the working group we could check with? -- GitHub Notification of comment by taylor-b Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/1156#issuecomment-302555090 using your GitHub accountReceived on Thursday, 18 May 2017 22:07:59 UTC
This archive was generated by hypermail 2.4.0 : Saturday, 6 May 2023 21:19:41 UTC