OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pkcs11] Both are defined: CKM_TLS12_MAC and CKM_TLS_MAC

Resending for today's discussion...

On 10/21/14 06:22 PM, Oscar So wrote:

I find one interesting thing, we have the followings defined:

#define CKM_TLS12_MAC 0x000003D8UL
#define CKM_TLS_MAC 0x000003E4UL

And, in the spec:

We refer to CKM_TLS_MAC in:

2.29.3 TLS MAC

The TLS MAC mechanism is used to generate integrity tags for the TLS
"finished" message. It replaces the use of the CKM_TLS_PRF function for
TLS1.0 and 1.1 and that mechanism is deprecated.

CKM_TLS_MAC takes a parameter of CK_TLS_MAC_PARAMS.

And, we ALSO refer to CKM_TLS12_MAC in:

2.29.4 Master key derivation

Master key derivation :::::::::::::::::::::::::
The mechanism also contributes the CKA_ALLOWED_MECHANISMS attribute
consisting only of CKM_TLS12_KEY_AND_MAC_DERIVE,

I think a long time back that Wan-Teh proposed CKM_TLS12_MAC, and then,
we rename it to CKM_TLS_MAC, correct ?

So, we do NOT need CKM_TLS12_MAC.
Please confirm..


To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at:

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]