Paul Hoffman wrote: > >2) For IKEv1/IKEv2, the document should explicitly specify how > >ECC points are converted to octet strings (for KE payloads > >and resulting shared secret value). Currently, there are at > >least three incompatible options (RFC 4753, RFC 2409, and > >draft-ietf-ipsec-ike-ecc-groups-10 drafts). I'd suggest just > >saying "the same way as in RFC 4753". > > This bodes really poorly for interoperability. > draft-lepinski-dh-groups needs to be revised to specify one of the > methods, and that needs to be discussed on the IPsec mailing list. > I would not assume that implementers would prefer RFC 4753 over > draft-ietf-ipsec-ike-ecc-groups. I suggested "the same way as in RFC 4753" not because I particularly prefer that point-to-octet-string conversion method, but because I would prefer not having three different methods (two is bad enough). (Note that the current ecc-groups-10 draft actually tries to modify the definitions of groups 19/20/21 from RFC 4753: it reuses the same numbers but with different point-to-octet-string conversion method.) Best regards, Pasi _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf