John Mattsson writes:
> ignoring the mandatory point validation
Exactly! That's how the real world works. The NSA/NIST approach fills
ECDH and signatures with traps for the implementors; implementors fall
into the traps; the NSA/NIST responses sound like "This security failure
is _your_ fault! Rea
in 2014. I know
because I found the issues.
>
>
> Cheers,
>
> John
>
>
>
> *From: *D. J. Bernstein
> *Date: *Sunday, 8 September 2024 at 13:23
> *To: *tls@ietf.org
> *Subject: *[TLS] Re: [TLS]Re: [EXTERNAL] Consensus Call: -rfc8446bis PRs
> #1360
>
>
ussion is a bit to general for TLS.
Cheers,
John
From: D. J. Bernstein
Date: Sunday, 8 September 2024 at 13:23
To: tls@ietf.org
Subject: [TLS] Re: [TLS]Re: [EXTERNAL] Consensus Call: -rfc8446bis PRs #1360
Eric Rescorla writes:
> I do not think we need to make Curve25519 MTI. The purpose of M
Eric Rescorla writes:
> I do not think we need to make Curve25519 MTI. The purpose of MTIs is to
> provide a minimum baseline for interoperability, and we have that already
> with the existing MTI. That's entirely compatible with most people
> preferring X25519 because they believe it's better than
I do not think we need to make Curve25519 MTI. The purpose of MTIs is to
provide a minimum baseline for interoperability, and we have that already
with the existing MTI. That's entirely compatible with most people
preferring X25519 because they believe it's better than the MTI.
-Ekr
On Mon, Aug
