[Standards-JIG] [Fwd: Re: [Council] meeting agenda, 2006-04-11 - Dialback Key Generation and Validation]
fippo at goodadvice.pages.de
Wed Apr 12 16:19:58 UTC 2006
> I cannot write to the list, so I write to you: Why not using
> HMAC-SHA256 instead of defining an own way of how to incorporate
> a key into the hashing. HMAC-* also fixes all the problems Ian
> mentions below.
Yes. I already discussed that with Ian and will update the examples
Ian suggested that for the sake of cross-product compability (e.g. a
screening dialback proxy) the JEP should recommend a specific algorithm.
Cross-application compability is indeed desirable, but it would probably
require more than a 'recommendation', which may not be possible in an
Assuming that a description of the key generation method is missing from
rfc3920 because of IETF security requirements:
Is is approriate to recommend HMAC-SHA256 (or -212?) in RFC 3920bis and
describe the key generation and validation accordingly?
More information about the Standards