[noise] Resumption PSKs
Trevor Perrin
trevp at trevp.net
Tue Jun 5 02:10:57 PDT 2018
On Mon, Jun 4, 2018 at 3:07 PM, Christopher Wood
<christopherwood07 at gmail.com> wrote:
>
> FWIW, I would vote for the former, wherein the handshake is explicitly
> mixed into the PRF.
Yeah, I'm leaning towards mixing "h" in, and doing the psk addendum thing.
> Also, would you be opposed to using the HKDF-Extract notation from RFC5869?
>
> ck = HKDF-Extract(h || label, K)
>
> It's HMAC under the hood, so functionally there's no difference.
I think terminology is still up in the air here. We previously only
used HMAC within HKDF, so we can think about how we want to specify
it.
I'm not sure why HKDF-Extract is a good terminology here, though?
What we're trying to do here is just a PRF, similar to HKDF-Expand,
it's not doing "entropy extraction" in the HKDF sense.
Trevor
More information about the Noise
mailing list