Title: Security - Add warning concerning the use of invalid keys by the secret value derivation primitive
PDR Reference:                M2080006
Originator Reference:         PDR-SV8-4
SARPs Document Reference:     Sub-Volume VIII, edition 3
Status:                       PROPOSED
Impact:                       C
PDR Revision Date:            22 Oct 2002 (Updated at Proposed)
			      02 Oct 2002 (Proposed)
			      23 Sep 2002 (Accepted)
PDR Submission Date:          24 Aug 2002 (Submitted)
Submitting State/Organization:     FAA
Submitting Author Name:       Simon Blake-Wilson
Submitting Author E-mail Address: sblakewilson@bcisse.com Submitting Author Supplemental
Contact Information:          +1-416-214-5961
SARPs Date:                   Doc 9705 Edition 3
SARPs Language:               English

Summary of Defect:

SV8 does not currently address the security risk associated with executing the ATN secret value derivation 
primitive using an invalid public key. Propose to add a note highlighting the issue.

Assigned SME:  Sub-Volume VIII SME

Proposed SARPs amendment:

1/ 8.5.4.3.1: Add a note below the clause reading:

"Note.- There are potentially security issues if an entity combines their private key using the ASVDP 
 mechanism with a supposed public key Q_{s,V} which is in fact not a point on the elliptic curve, or 
 which is a point on the elliptic curve which does not have order n. There are various mechanisms that 
 mitigate against this concern. For example, implementations may check that the supposed public key
 satisfies both that the arithmetic properties of a point on the associated elliptic curve and that 
 nQ=O. How an implementation chooses to handle this issue is considered a local matter."

Impact on interoperability: None.

Validation status:  Thorough inspection should be sufficient.

SME Recommendation to CCB: Progressed to RESOLVED at next CCB meeting.

CCB Decision: