I brought this up to Ekr at IETF 105, and he said he hadn't seen this
particular errata, so here's a bump to the top of the list.
As it's now been about a year that this errata has remained in the initial
state, I think it might be worth having a look at and advancing to the next
state, if for no
There are two scalar multiplications involved. The first, as part of key
generation, indeed passes in a known constant to the u value and outputs
the byte string that goes into the key share. The second, the ECDH
operation itself, passes in the peer key share and results in the shared
secret. In th
Fair point that there are two scalar multiplications involved on either
endpoint in the course of the exchange, that what is being referred to in
this section of RFC8446 is the first one, and that some readers might find
ambiguity with respect to this that could be addressed with a different
approa
