Hi all,
Most onion service users expect that there is only one valid onion address for their private key. (For example, one address is listed in SSL certificates.)
I spoke with Ian, and he said that as part of validating the onion address, we should check if it is a valid point.
He said we need to multiply the point by L, and make sure there's no torsion component (that is, that the result is the identity).
This avoids the complexity of choosing a canonical point using some lexicographic order, or the complexity of using something like decaf.
(Hopefully, Ian will write back if I transcribed things incorrectly.)
T -- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------