Technical Summary
A number of protocols wish to leverage Transport Layer Security
(TLS) to perform key establishment but then use some of the keying
material for their own purposes. This document describes a general
mechanism for allowing that.
Working Group Summary
There was significant consensus in the working group supporting
this document. The largest controversy was over the name.
Document Quality
The approach has been used in several protocols (such as EAP-TLS)
for many years, and is planned for use in several protocols. The
document has been reviewed by cryptographers who are experts in the
area of key derivation.
RFC Editor Note
Section 3:
REMOVE:
o One important part of the context -- which application will use
the exported keys -- is given by the disambiguating label string
(see Section 4).
Section 3
ADD (new paragraph after the bulleted list):
No matter how the context is agreed, it is required that it has one
part that indicates which application will use the exported keys.
This part is the disambiguating label string (see Section 4).
Section 4
OLD:
The context value length is encoded as an unsigned 16-bit quantity
(uint16) representing the length of the context value.
NEW:
The context value length is encoded as an unsigned 16-bit quantity
(uint16; see [RFC5246], Section 4.4) representing the length of the
context value.