SGTM. -Ekr
On Thu, Nov 29, 2018 at 10:41 AM Daniel B Giffin <d...@scs.stanford.edu> wrote: > Okay, how about this language that harmonizes with the SSL > approach: > > Key-agreement schemes ECDHE-Curve25519 and ECDHE-Curve448 > perform the Diffie-Helman protocol using the functions > X25519 and X448, respectively. Implementations SHOULD > compute these functions using the algorithms described in > RFC7748. When they do so, implementations MUST check > whether the computed Diffie-Hellman shared secret is the > all-zero value and abort if so, as described in Section 6 > of RFC7748. Alternative implementations of these > functions SHOULD abort when either input would force the > output to one of a small set of values, as discussed in > Section 7 of RFC7748. > > That last sentence is explicit (or as explicit as practical > in the scope of this document) because I really can't find > any *instruction* in Section 7 about input checking. > > d > >
_______________________________________________ Tcpinc mailing list Tcpinc@ietf.org https://www.ietf.org/mailman/listinfo/tcpinc
