[Ndn-interest] Describe the HMAC algorithm in SignatureHmacWithSha256?

GTS gts at ics.uci.EDU
Mon Jun 1 20:13:19 PDT 2015

FWIW, I think Marc is quite right about this issue. What should be used 
here is a Key ID, and not
anything derived (e.g., a hash) of the actual key. Indeed, a key digest 
is only appropriate in
public key settings. In the symmetric case (such as HMAC), using a key 
digest is not advisable.

  Gene Tsudik
  Chancellor's Professor of Computer Science
  University of California, Irvine

On 6/1/15 4:24 PM, Marc.Mosko at parc.com wrote:
> ...
> For symmetric key systems, like HMAC, I think it is also acceptable to use an agreed upon integer identifier for the shared secret, as determined by a key exchange protocol (e.g. an ISAKMP SPI).  I don’t think that symmetric key KeyDigests need to be derived from the key.  That’s different than public key systems, where the the KeyDigest is used like the Subject Key Identifier (RFC 5280 and derived from the actual public key.
> Marc

More information about the Ndn-interest mailing list