We have submitted a new revision of the Internet Draft on
Using the ECC Brainpool Curves (defined in RFC 5639) for IKEv2 Key Exchange
https://datatracker.ietf.org/doc/draft-merkle-ikev2-ke-brainpool/
Since there was considerable objection to the point compression method in the
WG, we have
Hi Johannes,
On Fri, November 30, 2012 4:11 am, Johannes Merkle wrote:
We have submitted a new revision of the Internet Draft on
Using the ECC Brainpool Curves (defined in RFC 5639) for IKEv2 Key
Exchange
https://datatracker.ietf.org/doc/draft-merkle-ikev2-ke-brainpool/
Since there was
There should *absolutely* be a requirement that any point you receive from the
peer is actually a point on the curve.
What can happen if you don't? Well, that depends on the implementation of the
point addition/doubling; what happens with the normal implementation is that it
acts as if it was
The problem I have with this discussion is, this check (if really
required) should have been in the base protocol, because the protocol
has supported EC groups from day one. It doesn't belong in a specific
curve definition. We could use the errata process to add it. It's not
ideal, but
Hi Johannes,
Dan't question made me realise something I hadn't noticed before.
In section 2.3, the draft says:
For the encoding of the key exchange payload and the derivation of
the shared secret, the methods specified in [RFC5903] are adopted.
In an ECP key exchange in IKEv2, the
With ECDH, there are two separate EC points that are output by the algorithm:
- There's the public value xG (where x is our secret); this is passed in the KE
payload
- There's the shared secret value xyG (where x is our shared secret, and y is
the peer's secret); this is used in the key
On Fri, November 30, 2012 1:03 pm, Yaron Sheffer wrote:
The problem I have with this discussion is, this check (if really
required) should have been in the base protocol, because the protocol
has supported EC groups from day one. It doesn't belong in a specific
curve definition. We could use
Right. I cut-and-pasted and didn't notice that it said shared secret. Never
mind.
On Dec 1, 2012, at 12:00 AM, Scott Fluhrer (sfluhrer) sfluh...@cisco.com
wrote:
With ECDH, there are two separate EC points that are output by the algorithm:
- There's the public value xG (where x is our