Doug:
Other ECC documents in the IETF (TLS, SMIME, PKIX) indicate that
support for compressed keys are MAY while this draft says MUST NOT
for ECDSA and ECDH keys and MAY for ECMQV. What was the rationale
for this?
Simplicity. In my opinion, compressed keys provide little benefit in
practice. Certainly for ECDH there's no reason to use them. I would
be willing to consider it as a MAY for ECDSA so that signing public
keys can be reused between standards.
I understand the desire for simplicity, but if someone has a
certificate where point compression was used, do we want to have it
rejected? It seems like alignment with the other specifications
offers better interoperability, right?
Russ
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf