Re: [webrtc-pc] Issue 1: Key shortening

@taylor-b I am also not a crypto expert, but I see the same way as you. 
RFC2104 defines how to short a longer key for HMAC algs in general.
I think You find the missing puzzle piece RFC, and so the algorithm definition that we missed earlier.

I don't see the issue, you have mentioned here:
> So if anything, the issue with RFC7635 is that it seems to assume the SHA1 key must be 20 bytes, when it can be up to 64 bytes and there's a defined procedure for shortening it if it's too large.

AFAIU RFC7635 is correct and describes according RFC2104, 
HMAC-SHA-256-128 use 256bit key
20byte is correct as the output of SHA1(256bit key) that will be used as input for the final SHA1.

After clarification of this I don't see any issue here, and I think we could close this issue.

GitHub Notification of comment by misi
Please view or discuss this issue at using your GitHub account

Received on Friday, 19 May 2017 13:45:39 UTC