[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cfrg] soliciting feedback on HKDF

To: "David McGrew" <mcgrew at cisco.com>, <cfrg at irtf.org>
Subject: Re: [Cfrg] soliciting feedback on HKDF
From: "Dan Brown" <dbrown at certicom.com>
Date: Tue, 20 Oct 2009 11:26:18 -0400
Cc: Tim Polk <tim.polk at nist.gov>, Pasi.Eronen at nokia.com, Hugo Krawczyk <hugo at ee.technion.ac.il>
Delivered-to: cfrg at core3.amsl.com
In-reply-to: <2BDAD1BB-A200-4B35-809A-FC0F0385F9D7 at cisco.com>
List-archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-help: <mailto:cfrg-request@irtf.org?subject=help>
List-id: Crypto Forum Research Group <cfrg.irtf.org>
List-post: <mailto:cfrg@irtf.org>
List-subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
List-unsubscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
References: <2BDAD1BB-A200-4B35-809A-FC0F0385F9D7 at cisco.com>
Thread-index: AcpQ5FJiYWXbhB5ERRGVu9BCW3kTnwAsdXhQ
Thread-topic: [Cfrg] soliciting feedback on HKDF

1. For key generation (not key derivation), I believe that NIST SP
800-90 is meant to be applied by most NIST standards, e.g. FIPS 186-3.
There is also the ANSI X9.83 standards, which has a part 3 aligning with
NIST SP 800-90, and a draft part 2 discussing entropy sources (their
assessment and perhaps debiasing), and a draft part 4 combining the
latter two (so part 4 overlaps in aim with the HKDF), and again other
ANSI crypto standards will expect X9.82 to be used for key generation.

2.  The menagerie of key derivation functions (i.e. DH-like shared
secret value to symmetric key, which unlike key generation are needed
for interoperability) such as IEEE KDF1 and KDF2, ANSI X9.63 X9.42, NIST
SP 800-56A, TLS-PRF, and IKE, and now HKDF, could lead a general purpose
crypto module to be application-limited, or to support multiple KDFs, or
to output the raw shared DH secret value (g^(xy)).

-----Original Message-----
From: cfrg-bounces at irtf.org [mailto:cfrg-bounces at irtf.org] On Behalf Of
David McGrew
Sent: Monday, October 19, 2009 1:45 PM
To: cfrg at irtf.org
Cc: Tim Polk; Pasi.Eronen at nokia.com Eronen; Hugo Krawczyk
Subject: [Cfrg] soliciting feedback on HKDF

Hello,

HMAC-based Extract-and-Expand Key Derivation Function (HKDF),
http://tools.ietf.org/html/draft-krawczyk-hkdf-00
, specifies a key derivation function that is intended to be used in a
wide variety of applications.   This draft provides a detailed
proposal along the lines of what Hugo presented to the IETF Security
Area at IETF 74.   If you have an interest in the design and/or use of
this KDF, please provide your feedback to the CFRG list.

It would be ideal to have feedback by November 8, so that it can be
considered at the upcoming IETF meeting.  However, comments are welcome
at any time.

David



---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.

References:
- [Cfrg] soliciting feedback on HKDF
  - From: David McGrew

Prev by Date: Re: [Cfrg] soliciting feedback on HKDF
Next by Date: Re: [Cfrg] soliciting feedback on HKDF
Previous by thread: Re: [Cfrg] soliciting feedback on HKDF
Next by thread: Re: [Cfrg] soliciting feedback on HKDF
Index(es):
- Date
- Thread