- From: Taylor Brandstetter via GitHub <sysbot+gh@w3.org>
- Date: Thu, 18 May 2017 22:07:53 +0000
- To: public-webrtc-logs@w3.org
FYI, I'm not sure this is really an issue. Copy of email I sent to @misi and @juberti: > I don't think this is an issue after all... because RFC2104 already defines how HMAC keys are shortened: > >> The authentication key K can be of any length up to B, the >> block length of the hash function. Applications that use keys longer >> than B bytes will first hash the key using H and then use the >> resultant L byte string as the actual key to HMAC. > > So if anything, the issue with RFC7635 is that it seems to assume the SHA1 key must be 20 bytes, when it can be up to 64 bytes and there's a defined procedure for shortening it if it's too large. > > Or have I missed something? Is there a crypto expert in the working group we could check with? -- GitHub Notification of comment by taylor-b Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/1156#issuecomment-302555090 using your GitHub account
Received on Thursday, 18 May 2017 22:07:59 UTC