On Mon, Feb 28, 2011 at 7:35 AM, Satoru Kanno <kanno.satoru@xxxxxxxxxxxxx> wrote: >> I see that this document defines ciphersuites with a PRF based on >> SHA384... However it does not specify the verify_data_length, thus >> the default value of 12 applies, and the SHA384 PRF is being truncated >> to 96 bits. Is this intentional? If yes, then what is the purpose to >> use the SHA384 as PRF? > Hi Nikos, > Thank you for your comment. > I think that the verify_data_length with a PRF based on > SHA384 is specified in RFC5246. > As a result, I refer to RFC5246 as well as other documents( e.g., RFC5289, > RFC5487, and draft-nsri-tls-aria etc.,) in our document. > I think that your comment is not only our draft but all documents specifying > the PRF base on SHA384 for TLS. Yours was the first document I noticed to use SHA384 as PRF. If there are other documents that specify that, and don't set the verify_data_length size then it applies to those as well. (just noticed that applies to RFC5288 as well). regards, Nikos _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf