[Ndn-interest] Describe the HMAC algorithm in SignatureHmacWithSha256?
GTS
gts at ics.uci.EDU
Mon Jun 1 20:13:19 PDT 2015
FWIW, I think Marc is quite right about this issue. What should be used
here is a Key ID, and not
anything derived (e.g., a hash) of the actual key. Indeed, a key digest
is only appropriate in
public key settings. In the symmetric case (such as HMAC), using a key
digest is not advisable.
Cheers,
Gene
======================
Gene Tsudik
Chancellor's Professor of Computer Science
University of California, Irvine
On 6/1/15 4:24 PM, Marc.Mosko at parc.com wrote:
> ...
>
> For symmetric key systems, like HMAC, I think it is also acceptable to use an agreed upon integer identifier for the shared secret, as determined by a key exchange protocol (e.g. an ISAKMP SPI). I don’t think that symmetric key KeyDigests need to be derived from the key. That’s different than public key systems, where the the KeyDigest is used like the Subject Key Identifier (RFC 5280 4.2.1.2) and derived from the actual public key.
>
> Marc
>
>
More information about the Ndn-interest
mailing list