You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Another, somewhat orthogonal question, is whether we want to check for this during key import already, rather than during signature verification and key derivation, respectively. This would involve checking the public key against a hardcoded list of known values and rejecting it if it matches. For EdDSA, this would be necessary, anyway - but for key derivation it's slightly more complicated than just checking the derived key. We could add the list of public keys to an appendix of the spec, though, to make this easier to implement.
The text was updated successfully, but these errors were encountered:
The current draft mandates checking for small order elements in X25519 and X448, but not yet in Ed25519 and Ed448. We should probably add this, as per tQsW/webcrypto-curve25519#5, mozilla/standards-positions#271 (comment) and mozilla/standards-positions#271 (comment). I'll try to come up with some text for that.
Another, somewhat orthogonal question, is whether we want to check for this during key import already, rather than during signature verification and key derivation, respectively. This would involve checking the public key against a hardcoded list of known values and rejecting it if it matches. For EdDSA, this would be necessary, anyway - but for key derivation it's slightly more complicated than just checking the derived key. We could add the list of public keys to an appendix of the spec, though, to make this easier to implement.
The text was updated successfully, but these errors were encountered: