Diffie-Hellman Proof-of-Possession Algorithms
Note: This ballot was opened for revision 06 and is now closed.
(Sean Turner) Yes
(Ron Bonica) No Objection
(Stewart Bryant) No Objection
(Benoît Claise) No Objection
(Wesley Eddy) No Objection
(Adrian Farrel) No Objection
(Stephen Farrell) No Objection
Comment (2013-01-22 for -06)
- Is floor(a,b) not an odd notation? Normally floor has only one input. Is this used elsewhere? Why not just define floor(x) and then use floor(a/b) as usual? - It appears as if you have gotten OIDs from the PKIX arc already, so the tense in the IANA section is wrong. - I didn't check the ASN.1 modules, nor the examples. Has anyone?
(Brian Haberman) No Objection
(Russ Housley) (was Discuss) No Objection
Comment (2013-02-04 for -06)
I think that the Introduction needs to be expanded. First, the phrase "producing a POP" does not make it clear that the proof is that the party has possession of the private key that corresponds to the public key in the certificate request. Second, in some cases, a DH key can be used to make a DSA signature, and an ECDH key can be used to make an ECDSA signature. Such an operation would provide the POP. Such an operation may not be possible if the key is stored in a hardware device that ensures a typed key is used only with one algorithm. The Introduction states: > > Given the current PKIX definitions for the public key parameters of > elliptic curve, the number of groups is both limited and predefined. > This means that the probability that the same set of parameters are > going to be used by the key requester and the key validator are > significantly higher than they are in the Diffie-Hellman case. > In Static-Static Diffie-Hellman, both parties must employ the exact same parameters. In Ephemeral-Static Diffie-Hellman, the sender must employ the parameters from the certificate of the receiver. Thus, it seems to me that DH is also reduced to a well-known set of parameters.