diff options
author | Nick Mathewson <nickm@torproject.org> | 2012-12-13 11:45:27 -0500 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2012-12-13 11:45:27 -0500 |
commit | feaa2da97b8c3871fe9aa609498fc5f73de8b30d (patch) | |
tree | c72c15fc885a300921f2b231fc5c93a1da65d051 | |
parent | 102418a56b4961a8a815c6135e06fc3149b5a46c (diff) | |
download | torspec-feaa2da97b8c3871fe9aa609498fc5f73de8b30d.tar.gz torspec-feaa2da97b8c3871fe9aa609498fc5f73de8b30d.zip |
Clarify the point-at-infinity check we actually used.
-rw-r--r-- | proposals/216-ntor-handshake.txt | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/proposals/216-ntor-handshake.txt b/proposals/216-ntor-handshake.txt index cb36ea1..fe727b1 100644 --- a/proposals/216-ntor-handshake.txt +++ b/proposals/216-ntor-handshake.txt @@ -91,8 +91,9 @@ Protocol: The client verifies that AUTH == H(auth_input, t_mac). - [NOTE: It may be adequate to check that EXP(Y,x) is not the point at - infinity. See tor-dev thread.] + Both parties check that none of the EXP() operations produced the point at + infinity. [NOTE: This is an adequate replacement for checking Y for group + membership, if the group is curve25519.] Both parties now have a shared value for KEY_SEED. They expand this into the keys needed for the Tor relay protocol. |