Re: [webrtc-pc] Issue 1: Key shortening from misi via GitHub on 2017-05-23 (public-webrtc-logs@w3.org from May 2017)

From: misi via GitHub <sysbot+gh@w3.org>
Date: Tue, 23 May 2017 08:38:34 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-303330640-1495528713-sysbot+gh@w3.org>

You are correct, I see your point now.

> Applications that use keys longer than B bytes will first hash the key using H and then use the
   resultant L byte string as the actual key to HMAC.

SHA1 block size is 512 bit (B=64 byte), and so the key shortening is not needed for a key that has only 256 bit length (or even 512 bit), because it is shorter than the Block size of SHA1 (512bit). (according the sentence above RFC2104 )

The stun-bis actual agility plan use SHA1 and SHA-256 algorithms.
AFAIU actually no key shortening is needed according RFC2104.

I agree that there is a conflict between RFC 7635 Appendix B, and RFC2104.

Open an errata about it?

-- 
GitHub Notification of comment by misi
Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/1156#issuecomment-303330640 using your GitHub account

Received on Tuesday, 23 May 2017 08:38:41 UTC