> -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Dan Harkins > Sent: Tuesday, December 11, 2012 4:32 PM > To: Dan Harkins > Cc: IPsecme WG > Subject: Re: [IPsec] New draft on IKE Diffie-Hellman checks > > > I made a mistake below. Thanks to Dan Brown for pointing it out. > > On Tue, December 11, 2012 10:06 am, Dan Harkins wrote: > [snip] > > - I think it should be mentioned that elliptic curve groups > > have a co-factor, h, and if h > 1 that a further check is > > also required, namely, if the x- and y-coordinates define > > a point Q then ensure that: > > > > hQ = point-at-infinity > > > > Add this check to both 2.3 and 2.4. Of course if h=1 then this > > check can be skipped. > > The check should be hQ != point-at-infinity. An equivalent check > could be nQ = point-at-infinity where n is the order of the group > formed by the generator, G. > [DB] Well, the hQ != infinity check is insufficient for security, and not equivalent to ensuring that nQ=infinity.
Dan, sorry, I did not explain these details in my response to you. Best regards, Dan --------------------------------------------------------------------- This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful. _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
