cv25519 scalar byte order
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Apr 9 20:51:03 CEST 2018
Over in
https://lists.gnupg.org/pipermail/gnupg-devel/2018-February/033437.html,
a discussion was started about scalar byte order for OpenPGP curve 25519
keys:
On Mon 2018-04-09 18:53:53 +0200, Werner Koch wrote:
> On Mon, 19 Feb 2018 17:24, dkg at fifthhorseman.net said:
> [ gniibe wrote: ]
>>> That would be incorrect. The prefix (e.g. 0x40) indicates a _point_
>>> format and not the format of a scalar. Thus skey[3] MAY not have this
>>> prefix.
>>
>> what does this "MAY NOT" mean? if this is an attempt at RFC 2119
>> language, i don't understand it. Do you mean "MUST NOT" ?
>
> I was thinking SHOULD NOT but indeed it MUST be MUST NOT.
>
>> What steps are needed to clarify the documentation here so that we can
>> have interoperable implementations?
>
> I can't remember an open issue regaring this in the WG. Should be
> handled there anyway,
I'm moving this discussion to the WG :)
--dkg
More information about the Gnupg-devel
mailing list