TLS 1.3 and its use of HKDF-Extract

HKDF-Extract is defined in RFC 5869 as

  HKDF-Extract(salt, IKM) -> PRK

      Hash     a hash function; HashLen denotes the length of the
               hash function output in octets

      salt     optional salt value (a non-secret random value);
               if not provided, it is set to a string of HashLen zeros.
      IKM      input keying material

In the TLS 1.3 key schedule a secret derived from Handshake Secret is used as the salt input to generate the Master Secret, with the IKM being a string of 0s. However that doesn’t seem consistent with HKDF-Extract’s definition of salt; that it is non-secret. Is TLS 1.3 using HKDF-Extract incorrectly?

TLS 1.3 and its use of HKDF-Extract

Shopping cart
There are no products in the cart!
Continue shopping