This is another update, clarifying the encoding issue a bit further and improving language (thank you Denis). https://tools.ietf.org/html/draft-josefsson-ssh-curves-02 A discussion on CFRG came up recently about checking for the all-zero shared secret. Does anyone know if libssh or OpenSSH (or anyone else) performs this check? Not doing that has apparently led to real security problems. For more background, see: http://thread.gmane.org/gmane.ietf.irtf.cfrg/6228 Thoughts on whether we should add a MUST to require checking the derived secret for the all-zero value? /Simon
Attachment:
signature.asc
Description: PGP signature