Correct. This is what I referred to as "the debate in the IETF", since
there is not clear consensus on the approaches this document has taken.
The fact that multiple interpretations exist, and have let to this
incongruity, is proof of the issues. Which is not to say that they are not
all eminently solvable, but the draft makes decisions that violate the
"common sense" approach, and that highlights all the more reason for a very
tightly worded, very explicit specification within Web Crypto.
On Sat, Jul 26, 2014 at 7:55 AM, Salz, Rich <rsalz@akamai.com> wrote:
> In response to some of the comments in the bugzilla entry about lack of
> documentation, I’ll point out that there is an existing I-D:
>
> http://tools.ietf.org/html/draft-josefsson-tls-curve25519-05
>
> Some people had concern that this referred to external papers for
> implementation details. In order to address those concerns, a new I-D on
> using Curve25519 will be submitted shortly; we just didn’t get it out in
> time for before the IETF meeting that just happened.
>
>
>
> /r$, co-author thereof
>
>
>
> --
>
> Principal Security Engineer
>
> Akamai Technologies, Cambridge, MA
>
> IM: rsalz@jabber.me; Twitter: RichSalz
>