> -----Original Message----- > From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf > Of Michael Richardson > Sent: Tuesday, April 09, 2013 10:34 AM > > Dan> [DB] The concern is that receiver wants to protect her own > Dan> reused private key from an invalid public key from a malicious > Dan> peer. To do this, the receiver checks the received value to > Dan> make sure it is valid and safe to combine with her reused > Dan> private key. Another option for the receiver is not reusing > Dan> the private key at all. > > okay, that wasn't clear to me at all. > > When you say "private key", we are talking about the y, not the g^y.
[DB] Yes (and I'm sorry if I did not use the IPSec terminology, (is it "secret value"?)) > > I guess I recall that there are some implementations which calculate > their g^x/g^y, and cache that for many DH operations. [DB] The implementation would also cache its secret value x (or y). > > Is the the point here is that this is safe if we do these tests. > [DB] Yes, that is the point. I gather the document's motivation was unclear to you. Were the document's specified actions also unclear to you? Could you suggest a specific clarification to the document that would correct what made it unclear to you? The document reads clearly to me, but its topic is already quite familiar to me. --------------------------------------------------------------------- This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful. _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec