chris-wood
commented
1 year ago This is an oversight. I suppose one could assume the pseudocode implicitly rejects zero-length tags, but it doesn't hurt to add that to be explicit. We should do this.
Open davidben opened 1 year ago
chris-wood
commented
1 year ago This is an oversight. I suppose one could assume the pseudocode implicitly rejects zero-length tags, but it doesn't hurt to add that to be explicit. We should do this.
kwantam
commented
1 year ago Agreed! Thanks @davidben for spotting this.
davidben
commented
11 months ago Whoops, looks like this might have slipped through.
kwantam
commented
11 months ago Argh. I'm very sorry about this.
https://github.com/cfrg/draft-irtf-cfrg-hash-to-curve/pull/264 added some text to 3.1:
However, it did not update any of the actual procedures, notably
expand_message_xmd, leaving the text inconsistent. Was the intention that implementations reject empty DST values, or not? If yes, the actual procedures should be updated. If no, I'm not sure what that text is meant to prescribe... just instructions for callers but the underlying function tolerates zero length?