Hi,
On Wed, November 7, 2012 1:21 pm, Johannes Merkle wrote:
> Hi David,
>
> Point compression is simply the ommission of the x-value, and for point
> expansion, functions are included in OpenSSL and
> other crypto libraries. Thus, such mistakes should only occur if someone
> decides to implement the arithmetic by itself
> but is incapable of doing it correctly (and does not perform sufficient
> testing). This seems to me a quite a case of
> carelessness and I don't think, that an RFC should be so fool-proof to
> prevent that. There are certainly much more
> complex aspects in IKE than point compression.
You're making the assumption that an implementor is using OpenSSL or has
already implemented point compression. IMHO that is not a reasonable
assumption. Many implementations use their own crypto libraries and
therefore would have to implement these compression and expansion
functions, including all the potential errors thereto. So saying "it's
easy, it's in OpenSSL" is not, IMHO, a reassuring statement or argument.
-derek
--
Derek Atkins 617-623-3745
[email protected] www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
