On Wed, Nov 04, 2015 at 06:56:15AM -0500, Watson Ladd wrote: > On Wed, Nov 4, 2015 at 6:34 AM, Ilari Liusvaara > <[email protected]> wrote: > > > > X25519 and X448 specifications say zero keys MUST be rejected (and > > the functions are also internally specified to clear the cofactor). > > The language used in the current draft doesn't clearly say you must > use the definition in CFRG curves which does this with cofactor > business, and in fact doesn't include the string X25519.
I made PR #16 about this (renamed the functions and added the zero checks). -Ilari _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
