Diffie-Hellman Proof-of-Possession Algorithms
RFC 6955

Note: This ballot was opened for revision 06 and is now closed.

(Sean Turner) Yes

(Ron Bonica) No Objection

(Stewart Bryant) No Objection

(Benoît Claise) No Objection

(Wesley Eddy) No Objection

(Adrian Farrel) No Objection

(Stephen Farrell) No Objection

Comment (2013-01-22 for -06)
No email
send info
- Is floor(a,b) not an odd notation? Normally floor has only
one input. Is this used elsewhere? Why not just define
floor(x) and then use floor(a/b) as usual?

- It appears as if you have gotten OIDs from the PKIX arc
already, so the tense in the IANA section is wrong.

- I didn't check the ASN.1 modules, nor the examples.  Has
anyone?

(Brian Haberman) No Objection

(Russ Housley) (was Discuss) No Objection

Comment (2013-02-04 for -06)
No email
send info
  I think that the Introduction needs to be expanded.  First, the phrase
  "producing a POP" does not make it clear that the proof is that the
  party has possession of the private key that corresponds to the public
  key in the certificate request.  Second, in some cases, a DH key can
  be used to make a DSA signature, and an ECDH key can be used to make
  an ECDSA signature.  Such an operation would provide the POP.  Such
  an operation may not be possible if the key is stored in a hardware
  device that ensures a typed key is used only with one algorithm.

  The Introduction states:
  >
  > Given the current PKIX definitions for the public key parameters of
  > elliptic curve, the number of groups is both limited and predefined.
  > This means that the probability that the same set of parameters are
  > going to be used by the key requester and the key validator are
  > significantly higher than they are in the Diffie-Hellman case.
  >
  In Static-Static Diffie-Hellman, both parties must employ the exact
  same parameters.  In Ephemeral-Static Diffie-Hellman, the sender must
  employ the parameters from the certificate of the receiver.  Thus, it
  seems to me that DH is also reduced to a well-known set of parameters.

(Joel Jaeggli) No Objection

(Barry Leiba) No Objection

(Pete Resnick) No Objection

(Robert Sparks) No Objection

(Martin Stiemerling) No Objection