- From: Magnus Nyström <magnus@rsa.com>
- Date: Mon, 13 Jul 2009 15:50:05 +0200 (W. Europe Daylight Time)
- To: Kelvin Yiu <kelviny@exchange.microsoft.com>
- cc: XMLSec WG Public List <public-xmlsec@w3.org>
Hi Kelvin, Do you have access to X9.44-2007? KDF2 and KDF3 are in there too. Note also the text in X9.44: > KDF2 and KDF3 are key derivation functions based on a hash function (see > Section 8.5). The lengths of the shared secret value and the other > information in KDF2 are both variable. > > NOTE: KDF2 is equivalent to the function of the same name defined in > IEEE Std 1363-2004 [50], the "key derivation function based on > concatenation" in ANS X9.42 [4] and the key derivation function in ANS > X9.63 [8]. KDF3 is aligned with the requirements in clause 5.8 of NIST > Special Publication 800-56 [78]. The only difference between KDF2 and > KDF3 is the order of the components to be hashed. KDF2 calculates T as: > T || Hash (Z || D || otherInfo) while KDF3 calculates T as : T || Hash > (D || Z || otherInfo). -- Magnus On Mon, 6 Jul 2009, Kelvin Yiu wrote: > Magnus, > > Brian and I found a description for KDF3 (on a site that reference > ISO-18033-2) where the definition is different than the KDF specified in > SP800-56A. The site does have a link to a near final draft of ISO > 18033-2, but that draft does not include any mention of KDF3. > > Since I don't have access to the final version ISO-18033-2 and cannot > find an official definition for KDF3, can you provide the official > definition for KDF3? I just wanted to make sure we are not confusing > implementers by using the name KDF3 in XMLEnc.
Received on Monday, 13 July 2009 13:50:41 UTC