Re: deaft-gree-sedsh-ecc-08: small correction

[Douglas Stebila <douglas%stebila.ca@localhost>]

Damien, I'm confused about this email I just received from you.  The draft you're referring to, draft-green-secsh-ecc-08, became RFC 5656 back in December 2009.  At this point, the only ways to make changes are either through errata or through a new document that updates/obsoletes the existing document.

To respond to your individual points:

On 2010-Aug-13, at 3:29 PM, Damien Miller wrote:

> Why not drop ECMQV from the draft entirely? AFAIK it is patented,
> which is enough to stop us (OpenSSH) from implementing it. I think
> new KEX methods need a very good justification, since they represent
> a significant part of the pre-auth attack surface.

ECMQV is an optional element of RFC 5656.  We received expressions of interest for including this from some parties, and were aware of concerns like the one you raised, and as such went for making it an optional element.  

> Also on the -08 draft, shouldn't the client and server in ECDH reject
> public keys from the peer that are points at infinity? Are there
> other degenerate values to worry about?

RFC 5656 requires that all elliptic curve public keys be validated after being received, and cites the validation algorithm from Section 3.2.2 from SEC1, which for example includes rejecting the point at infinity.

Douglas