At 7:06 PM -0400 7/2/09, Sean Kevin O'Keeffe wrote: >At 3:19 PM -0400 7/1/09, Scott C Moonen wrote: >> RFC 4753 documents that the shared secret obtained from an ECP >> Diffie-Hellman operation is the concatenation of the x and y >> coordinates of the derived point. >> Is that correct? > >It is not. There is an errata for RFC 4753. The shared secret >is the x coordinate of the derived point. > >See: http://www.rfc-editor.org/errata_search.php?eid=9
Urrrrgh. (I have elided something much stronger...) First, thanks to Sean for pointing this out. It appears that the errata is either wrong or insufficient. If the errata is right, then I'm pretty sure the test vectors in section 8 are wrong. For example, from 8.1: ------------------------------------ gix: DAD0B653 94221CF9 B051E1FE CA5787D0 98DFE637 FC90B9EF 945D0C37 72581180 giy: 5271A046 1CDB8252 D61F1C45 6FA3E59A B1F45B33 ACCF5F58 389E0577 B8990BB3 The KEi payload is as follows. 00000048 00130000 DAD0B653 94221CF9 B051E1FE CA5787D0 98DFE637 FC90B9EF 945D0C37 72581180 5271A046 1CDB8252 D61F1C45 6FA3E59A B1F45B33 ACCF5F58 389E0577 B8990BB3 ------------------------------------ That sure looks like the concatenation of x an y, which is why I responded as I did earlier. The record of this change is pretty clear. On 16 Feb 2006, Tero posted a criticism of the -02 version of the draft, saying that it didn't explain the formats explicitly, only in the test vectors. After that, the authors updated the draft to -03 to say explicitly that the format was the concatenation of x and y, which matches the test vectors that had already been in the document. The errata disagrees with the change in -03 and the test vectors. My view is that the errata is technically wrong and should be withdrawn because it changes something that is disagreed to by test vectors in the document itself. If the authors of RFC 4753 want the format to be just the x coordinate, they should prepare a revision to RFC 4753 that obsoletes it and has correct text and test vectors. --Paul Hoffman, Director --VPN Consortium _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
