Hi, On Wed, November 7, 2012 1:21 pm, Johannes Merkle wrote: > Hi David, > > Point compression is simply the ommission of the x-value, and for point > expansion, functions are included in OpenSSL and > other crypto libraries. Thus, such mistakes should only occur if someone > decides to implement the arithmetic by itself > but is incapable of doing it correctly (and does not perform sufficient > testing). This seems to me a quite a case of > carelessness and I don't think, that an RFC should be so fool-proof to > prevent that. There are certainly much more > complex aspects in IKE than point compression.
You're making the assumption that an implementor is using OpenSSL or has already implemented point compression. IMHO that is not a reasonable assumption. Many implementations use their own crypto libraries and therefore would have to implement these compression and expansion functions, including all the potential errors thereto. So saying "it's easy, it's in OpenSSL" is not, IMHO, a reassuring statement or argument. -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec