-
Placeholder for KeePass Database (KDBX) standard discussion. This post will be edited to include a list of features and upgrades we would like to bring to Dominik for consideration in the next KDBX fo…
-
View of some IRTF and IAB members is that the use of "IETF" as a collective term should be avoided. This recognises that it is used as such in the existing statement but that practice should be conti…
-
When using a file provider for authentication the salt is not encoded in base64. This is an issue with the authelia code base - the crypt library expects either a base64 encoded salt as input, or an e…
-
Currently a DID document supports expressing cryptographic material and how that cryptographic material is authorized such as to validate assertions or authenticate as acting on behalf of the DID subj…
-
As pointed out by David Benjamin, Step 6 of expand_message_xmd is not injective! Here are two inputs that will produce the same output (b_0 = H(Z_pad + [0, 16, 0, 4, 0, 16, 0, 0])):
expand_message…
-
In some parts, examples use branching statements instead of cmov-like instructions. Examples of this are in the hacspec code: https://github.com/chris-wood/draft-irtf-cfrg-hash-to-curve/blob/master/dr…
-
This is about this comment: https://github.com/chris-wood/draft-irtf-cfrg-hash-to-curve/issues/79#issuecomment-473659903
@mmaker
@AnitaDurr
-
@chris-wood suggested:
> Should we generalize the Montgomery->Edwards point conversion function? (I would have benefited from such a function being written in cleartext *somewhere* earlier this yea…
-
We should modify the OPRF_Finalize procedure to run:
```
dk = H_2(lbl, x .. N)
y = H_2(dk, aux)
```
where aux is arbitrary auxiliary data that is also stored by the client. This is closer to …
-
We should add a section that discusses the OPRF API that should be used when using OPRFs as part of another protocol. We should present both descriptions and suggestions around how the functionality s…