Re: deaft-gree-sedsh-ecc-08: small correction

[Nicolas Williams <Nicolas.Williams%oracle.com@localhost>]

On Fri, Sep 03, 2010 at 02:07:30PM -0400, Jeffrey Hutzelman wrote:
> --On Friday, September 03, 2010 03:59:15 PM +1200 Peter Gutmann
> <pgut001%cs.auckland.ac.nz@localhost> wrote:
> 
> >Damien Miller <djm%mindrot.org@localhost> writes:
> >
> >>Note that our implementation does not accept compressed points. I think
> >>that is was a mistake to allow these as optional in the RFC, because
> >>there is no way of recovering if one side does not accept them.
> >
> >From experience with TLS and S/MIME I don't think there's any danger of
> >anyone every using compressed points, so in practice it probably won't be
> >an issue. Still, it'd be useful to have errata for the RFC that removes
> >them or at least makes them a SHOULD NOT.
> 
> That's really not within the scope of something that can be done in
> errata. Errata can be used to point out errors in the document,
> where it is unclear or doesn't say what it was intended to say.
> They cannot be used as a means of changing an IETF consensus
> protocol with a lighter-weight process than obtaining an IETF
> consensus to make the change.  Removing support for compressed
> points or changing the requirements level that applies would require
> an update in the form of a new RFC.
> 
> That said, I've no objection to the change itself.

Or make the use of compressed points a separately negotiable feature (by
using different KEX alg names for that).

Nico
--