Watson Ladd <watsonbl...@gmail.com> wrote: > Why not hash the public values into the result of the key exchange? I > don't want security to depend on omittable checks. >
One would need an omittable check in the code to decide whether to do that extra hashing, so that wouldn't solve the (non-)problem of "omittable checks". Similarly, one would need an omittable check to decide whether to require the session hash extension, so it wouldn't solve the (non-)problem of "omittable checks". Actually, because the check for non-zero result can/should/is in the X25519/X448 functions themselves, the check for non-zero result is the least likely of all these possible solutions to be omitted. And, it is also the easiest to test. Cheers, Brian -- https://briansmith.org/
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
