Re: Remove SHOULD for elliptic curve groups in IKEv2
"Andrey Jivsov" <andrey@brainhub.org> Thu, 14 March 2002 20:54 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g2EKs6423862; Thu, 14 Mar 2002 12:54:06 -0800 (PST)
Received: by lists.tislabs.com (8.9.1/8.9.1) id PAA05443 Thu, 14 Mar 2002 15:06:52 -0500 (EST)
Message-ID: <048501c1cb92$b748cd70$0200a8c0@remedy>
From: Andrey Jivsov <andrey@brainhub.org>
To: "The Purple Streak (Hilarie Orman)" <ho@alum.mit.edu>, Mark Winstead <Mark.Winstead@NetOctave.com>
Cc: Chris Trobridge <CTrobridge@baltimore.com>, ipsec@lists.tislabs.com
References: <49B96FCC784BC54F9675A6B558C3464E5D0DDE@MAIL.NetOctave.com> <3C90E0EE.6020004@alum.mit.edu>
Subject: Re: Remove SHOULD for elliptic curve groups in IKEv2
Date: Thu, 14 Mar 2002 11:59:14 -0800
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-OriginalArrivalTime: 14 Mar 2002 20:01:25.0259 (UTC) FILETIME=[054C1DB0:01C1CB93]
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
> Through P1363, Certicom's intentions to patent point compression have > been public for some time. The observation that point compression > is possible has been around for some years, there are several ways to > choose the meaning of the bit that encodes the second coordinate. > It's not at all clear that IKE's method infringes Certicom's, to my > actual knowledge. >From patent 6,141,420, claim 32: 32. A method according to claim 30 wherein said algebraic curve is an elliptic curve of the form y.sup.2 +xy=x.sup.3 +ax.sup.2 +b and said other coordinate is determined by solving a quadratic equation to provide two possible values of said other coordinate, said identifying information indicating the appropriate one of said values. last bit of (y/x) would qualify for "identifying information". Many people said that this claim is invalid, but claim is there along with others (33,36,37). > I don't understand the claim about the co-factor. How is it that > you claim the computation cannot be done with it? It can be done, but if one peer uses xyc * G in place of "g^xy" then you must use it as well, after somehow guessing that the peer is using it. If xyc * G is patented, you cannot support ECC groups without patent violation. The solutions are either to disallow cofactor multiplication in the shared secret, or make sure it is not patented and then document what is the meaning of g^xy for ECC, since it is logical to assume that "g^xy" is xy * G.
- Remove SHOULD for elliptic curve groups in IKEv2 Paul Hoffman / VPNC
- RE: Remove SHOULD for elliptic curve groups in IK… Mark Winstead
- RE: Remove SHOULD for elliptic curve groups in IK… Andrew Krywaniuk
- RE: Remove SHOULD for elliptic curve groups in IK… Paul Hoffman / VPNC
- RE: Remove SHOULD for elliptic curve groups in IK… Hallam-Baker, Phillip
- Re: Remove SHOULD for elliptic curve groups in IK… Scott G. Kelly
- RE: Remove SHOULD for elliptic curve groups in IK… Paul Koning
- RE: Remove SHOULD for elliptic curve groups in IK… andrew.krywaniuk
- RE: Remove SHOULD for elliptic curve groups in IK… Khaja E. Ahmed
- RE: Remove SHOULD for elliptic curve groups in IK… Henry Spencer
- RE: Remove SHOULD for elliptic curve groups in IK… Mark Winstead
- Re: Remove SHOULD for elliptic curve groups in IK… The Purple Streak (Hilarie Orman)
- Re: Remove SHOULD for elliptic curve groups in IK… Michael Richardson
- Re: Remove SHOULD for elliptic curve groups in IK… The Purple Streak (Hilarie Orman)
- Re: Remove SHOULD for elliptic curve groups in IK… D. Hugh Redelmeier
- Re: Remove SHOULD for elliptic curve groups in IK… Eric Rescorla
- Re: Remove SHOULD for elliptic curve groups in IK… The Purple Streak (Hilarie Orman)
- Re: Remove SHOULD for elliptic curve groups in IK… Eric Rescorla
- Re: Remove SHOULD for elliptic curve groups in IK… The Purple Streak (Hilarie Orman)
- RE: Remove SHOULD for elliptic curve groups in IK… Chris Trobridge
- Re: Remove SHOULD for elliptic curve groups in IK… Paul Koning
- RE: Remove SHOULD for elliptic curve groups in IK… Hallam-Baker, Phillip
- Re: Remove SHOULD for elliptic curve groups in IK… Andrey Jivsov
- Re: Remove SHOULD for elliptic curve groups in IK… Andrey Jivsov
- RE: Remove SHOULD for elliptic curve groups in IK… Mark Winstead
- RE: Remove SHOULD for elliptic curve groups in IK… David Jablon
- RE: Remove SHOULD for elliptic curve groups in IK… Hallam-Baker, Phillip
- Re: Remove SHOULD for elliptic curve groups in IK… Scott G. Kelly
- Re: Remove SHOULD for elliptic curve groups in IK… The Purple Streak (Hilarie Orman)
- RE: Remove SHOULD for elliptic curve groups in IK… Hallam-Baker, Phillip
- Re: Remove SHOULD for elliptic curve groups in IK… Andrey Jivsov
- Re: Remove SHOULD for elliptic curve groups in IK… The Purple Streak (Hilarie Orman)
- Re: Remove SHOULD for elliptic curve groups in IK… The Purple Streak (Hilarie Orman)
- Re: Remove SHOULD for elliptic curve groups in IK… Andrey Jivsov
- Re: Remove SHOULD for elliptic curve groups in IK… Uri Blumenthal