On Sat, Sep 5, 2015 at 7:07 AM, Georgi Guninski <guninski@guninski.com> wrote:
On Sat, Sep 05, 2015 at 06:37:09AM +0000, Alfonso De Gregorio wrote:
(*) It would be interesting to look at the story of RFC-2631, as Bernstein, Lange, and Niederhagen did for the Dual EC standard https://projectbullrun.org/dual-ec/
2631 is on wikipedia's page for DH.
Sure, the questions are: What is the origin of the current wording of the standard, that opens an avenue for lax checks for group parameters? Or, if, as you correctly pointed out, an implementation MAY NOT check group parameters, which entity deserves credit for it? Interestingly, a review of revisions (using rfcdiff) shows that the current wording was introduced in draft #1 of draft-ietf-smime-x942 https://tools.ietf.org/rfcdiff?difftype=--hwdiff&url2=draft-ietf-smime-x942-01.txt. This is dated October 1998. Yet, it is still not clear if the diff is to be attributed to Rescorla, or any other contributor to the this standardization effort. Cheers, -- Alfonso