[Ndn-interest] Adding HMAC to available NDN signature types
Yingdi Yu
yingdi at CS.UCLA.EDU
Fri Sep 19 23:18:48 PDT 2014
On Sep 19, 2014, at 10:44 PM, Wentao Shang <wentaoshang at gmail.com> wrote:
>
>
> On Fri, Sep 19, 2014 at 9:45 PM, Yingdi Yu <yingdi at cs.ucla.edu> wrote:
> Hi Adeola,
>
> It is great that we have a proposal for HMAC, a few comments about the doc.
>
> 1. I think you should mentioned in the spec that how to handle keys that are longer than the hash output.
>
> Hi Yingdi,
>
> Correct me if I'm wrong: I thought the key should have the same length as the hash output.
Not necessarily. At least the RFC does not prevent the usage of longer key.
> What people usually do is to provide some kind of secret (e.g., a password) and use key derivation function to get the actual HMAC key.
This is only a way to derive a symmetric key, but HMAC key does not have to be derived in this way. You do not want to impose such an restriction here.
@Adeola, you probably want to forbid KeyDigest in KeyLocator for this HMAC signature. Because if key size is longer than hash output, the key digest is used instead. If we allow KeyDigest in KeyLocator, then some careless programmers may leak the secret.
Yingdi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20140919/b9c4c495/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20140919/b9c4c495/attachment.bin>
More information about the Ndn-interest
mailing list