On Wed, Nov 4, 2015 at 6:34 AM, Ilari Liusvaara <ilariliusva...@welho.com> wrote: > On Wed, Nov 04, 2015 at 06:30:26AM -0500, Watson Ladd wrote: >> This draft needs to say that Curve25519 can only be used along with >> extended master secret. Alternatively we can completely remove the >> cofactor and reject zero keys. > > X25519 and X448 specifications say zero keys MUST be rejected (and > the functions are also internally specified to clear the cofactor).
The language used in the current draft doesn't clearly say you must use the definition in CFRG curves which does this with cofactor business, and in fact doesn't include the string X25519. > > > -Ilari -- "Man is born free, but everywhere he is in chains". --Rousseau. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
