On Tue, Dec 22, 2015 at 2:09 PM, Brian Smith <br...@briansmith.org> wrote:
> If an implementation only implements ECDHE cipher suites then > implementing the session hash extension is not necessary, according to RFC > 7627. I believe there are also a few other factors that would implementing > the session hash extension to be unnecessary. > > If checking that the shared value isn't zero is sufficient, and/or > blacklisting the public values that DJB mentions in [1] is sufficient, > either would be better than mandating the implementation of the session > hash extension just for this purpose. > Actually, the check for a result of zero is already required in the current CFRG draft; see [1]. So, I think that the easiest way to fix the TLS draft is to just delete the misleading text. [1] https://tools.ietf.org/html/draft-irtf-cfrg-curves-11#section-6.1 Cheers, Brian -- https://briansmith.org/
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
