[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

text contribution



> To: David A Wagner <daw@CS.Berkeley.EDU>
> From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
>    I propose a simple compromise: document the assumptions.
>
> I was thinking the same thing..
>
>    Since Bill keeps asking for text contributions, here's one:
>
Thank you, David and Bill, for sensible suggestions.

Of course, this is generally true of every encryption and authentication
algorithm -- it should not leak its key.  We could repeat this text in
virtually every part of the draft, and in every other security document
as well.  Hopefully, you are not proposing such silliness.

Although it is restating the obvious, at your request I have added
something of the sort in the Security Considerations section:

    In general, where the shared-secret or session-keys are involved
    in any calculation, the algorithms selected should not reveal
    information about the secret, either directly or indirectly.

Bill.Simpson@um.cc.umich.edu
          Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2