target = "https://tools.ietf.org/rfc/rfc4492#section-5.10"

# 5.10.  ECDH, ECDSA, and RSA Computations
#
# All ECDH calculations (including parameter and key generation as well
# as the shared secret calculation) are performed according to [6]
# using the ECKAS-DH1 scheme with the identity map as key derivation
# function (KDF), so that the premaster secret is the x-coordinate of
# the ECDH shared secret elliptic curve point represented as an octet
# string.  Note that this octet string (Z in IEEE 1363 terminology) as
# output by FE2OSP, the Field Element to Octet String Conversion
# Primitive, has constant length for any given field; leading zeros
# found in this octet string MUST NOT be truncated.
# 
# (Note that this use of the identity KDF is a technicality.  The
# complete picture is that ECDH is employed with a non-trivial KDF
# because TLS does not directly use the premaster secret for anything
# other than for computing the master secret.  As of TLS 1.0 [2] and
# 1.1 [3], this means that the MD5- and SHA-1-based TLS PRF serves as a
# KDF; it is conceivable that future TLS versions or new TLS extensions
# introduced in the future may vary this computation.)
# 
# All ECDSA computations MUST be performed according to ANSI X9.62 [7]
# or its successors.  Data to be signed/verified is hashed, and the
# result run directly through the ECDSA algorithm with no additional
# hashing.  The default hash function is SHA-1 [10], and sha_size (see
# Sections 5.4 and 5.8) is 20.  However, an alternative hash function,
# such as one of the new SHA hash functions specified in FIPS 180-2
# [10], may be used instead if the certificate containing the EC public
# 
# key explicitly requires use of another hash function.  (The mechanism
# for specifying the required hash function has not been standardized,
# but this provision anticipates such standardization and obviates the
# need to update this document in response.  Future PKIX RFCs may
# choose, for example, to specify the hash function to be used with a
# public key in the parameters field of subjectPublicKeyInfo.)
# 
# All RSA signatures must be generated and verified according to PKCS#1
# [12] block type 1.

[[spec]]
level = "MUST"
quote = '''
Note that this octet string (Z in IEEE 1363 terminology) as
output by FE2OSP, the Field Element to Octet String Conversion
Primitive, has constant length for any given field; leading zeros
found in this octet string MUST NOT be truncated.
'''

[[spec]]
level = "MUST"
quote = '''
All ECDSA computations MUST be performed according to ANSI X9.62 [7]
or its successors.
'''