OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Agenda Item: TLS mechanisms for ECDH-type cipher suites

Hi all,

I'd like to request an agenda item for the next meeting
to discuss adding some new mechanisms in support of other
cipher suites beyond simply 'original' and 'DH' types,
for example:

We're seeing some confusion in consumers of our PKCS#11
implementation about which to use for ECDH type cipher

It looks like some have chosen the 'original' to derive
master keys because of the "fixed-length" phrase in
PKCS#11 description.  Then others have chosen the 'DH'
type because ECDH is DH-ish, if you will.  In those cases,
we have run afoul of a strip-leading-zeroes problem in
some implementations of DH.

The inclination is to create a new family of TLS mechanisms
specifically for ECDH, to avoid the guessing, such as:

I'd like solicit the group's thoughts on this.  Please
feel free to reply and share your opinions.  We can
discuss at next meeting possibly.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]