[Standards-JIG] [Fwd: Re: [Council] meeting agenda, 2006-04-11 - Dialback Key Generation and Validation]

Philipp Hancke fippo at goodadvice.pages.de
Wed Apr 12 16:19:58 UTC 2006


Matthias wrote:
 > I cannot write to the list, so I write to you: Why not using
 > HMAC-SHA256 instead of defining an own way of how to incorporate
 > a key into the hashing. HMAC-* also fixes all the problems Ian
 > mentions below.
Yes. I already discussed that with Ian and will update the examples
accordingly.

Ian suggested that for the sake of cross-product compability (e.g. a 
screening dialback proxy) the JEP should recommend a specific algorithm. 
Cross-application compability is indeed desirable, but it would probably 
require more than a 'recommendation', which may not be possible in an 
informational JEP.

Assuming that a description of the key generation method is missing from 
rfc3920 because of IETF security requirements:

Is is approriate to recommend HMAC-SHA256 (or -212?) in RFC 3920bis and 
describe the key generation and validation accordingly?

Philipp



More information about the Standards mailing list