jimsch
commented
8 years ago We have moved these algorithms to the secondary algorithm document. We are not going to change how the secret is created for the NIST versions of the ECDH algorithms.
Closed jimsch closed 8 years ago
jimsch
commented
8 years ago We have moved these algorithms to the secondary algorithm document. We are not going to change how the secret is created for the NIST versions of the ECDH algorithms.
jimsch
commented
8 years ago Given that we are not being an online protocol, This has not been done. This is the same decision as was made for the JOSE version of the same algorithm
The current document has the sentence
Alice and Bob can then use a key-derivation function that includes K, K_A and K_B to derive a key.
We need to make a decision if this is necessary or if we can just hash K instead. The reason given was an attack where either K_A or K_B was set to all zeros by a MITM to force the generated key K to all zeros. The check of K not being all zeros should protect against this attack without needing to include K_A and K_B in the result.
Among other things we should track TLS
Note that these curves may not make the cut for the current document.