Re: [openpgp] cv25519 scalar byte order
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 09 April 2018 18:51 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FD35127876 for <openpgp@ietfa.amsl.com>; Mon, 9 Apr 2018 11:51:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ksbL849o0xK3 for <openpgp@ietfa.amsl.com>; Mon, 9 Apr 2018 11:51:10 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF8731273B1 for <openpgp@ietf.org>; Mon, 9 Apr 2018 11:51:09 -0700 (PDT)
Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 05D2DF99A; Mon, 9 Apr 2018 14:51:06 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 0F90820415; Mon, 9 Apr 2018 14:51:04 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Werner Koch <wk@gnupg.org>, IETF OpenPGP <openpgp@ietf.org>
Cc: NIIBE Yutaka <gniibe@fsij.org>, gnupg-devel@gnupg.org, Vincent Breitmoser <look@my.amazin.horse>
In-Reply-To: <87woxgtj6m.fsf@wheatstone.g10code.de>
References: <20180211120549.GA23215@calamity> <87o9ktxdbz.fsf@wheatstone.g10code.de> <20180213220358.GA31022@calamity> <87r2pop9sz.fsf@iwagami.gniibe.org> <878tbw5f2b.fsf@fsij.org> <87po51oy7l.fsf@wheatstone.g10code.de> <87bmglkkvs.fsf@fifthhorseman.net> <87woxgtj6m.fsf@wheatstone.g10code.de>
Mail-Followup-To: IETF OpenPGP <openpgp@ietf.org>
Date: Mon, 09 Apr 2018 14:51:03 -0400
Message-ID: <87lgdwxlgo.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/VT5Pg4KEX5rCaZnRadQek0Z7oNQ>
Subject: Re: [openpgp] cv25519 scalar byte order
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Apr 2018 18:51:12 -0000
Over in https://lists.gnupg.org/pipermail/gnupg-devel/2018-February/033437.html, a discussion was started about scalar byte order for OpenPGP curve 25519 keys: On Mon 2018-04-09 18:53:53 +0200, Werner Koch wrote: > On Mon, 19 Feb 2018 17:24, dkg@fifthhorseman.net said: > [ gniibe wrote: ] >>> That would be incorrect. The prefix (e.g. 0x40) indicates a _point_ >>> format and not the format of a scalar. Thus skey[3] MAY not have this >>> prefix. >> >> what does this "MAY NOT" mean? if this is an attempt at RFC 2119 >> language, i don't understand it. Do you mean "MUST NOT" ? > > I was thinking SHOULD NOT but indeed it MUST be MUST NOT. > >> What steps are needed to clarify the documentation here so that we can >> have interoperable implementations? > > I can't remember an open issue regaring this in the WG. Should be > handled there anyway, I'm moving this discussion to the WG :) --dkg
- Re: [openpgp] cv25519 scalar byte order Daniel Kahn Gillmor