>>>>> "Dan" == Dan Brown <[email protected]> writes: >> Perhaps these things belong in seperate sections. >> It seems that from the receiver of g^x's point of view, point two >> repeats point one, since the receiver is not in a position to know if >> the DH private value was reused.
Dan> [DB] The concern is that receiver wants to protect her own
Dan> reused private key from an invalid public key from a malicious
Dan> peer. To do this, the receiver checks the received value to
Dan> make sure it is valid and safe to combine with her reused
Dan> private key. Another option for the receiver is not reusing
Dan> the private key at all.
okay, that wasn't clear to me at all.
When you say "private key", we are talking about the y, not the g^y.
I guess I recall that there are some implementations which calculate
their g^x/g^y, and cache that for many DH operations.
Is the the point here is that this is safe if we do these tests.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] [email protected] http://www.sandelman.ca/ | ruby on rails [
pgpePgrQGrpxC.pgp
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
