Dave Mercer

icon company Google LLC icon location Seattle, WA icon location Steff Security Engineer at Google

Results 4 comments of Dave Mercer

Unable to express all security conditions for key usage.

I dontb think that this works for something like key 9B which is ```always``` for contact and ```never``` for contactless, VCI or no.

Card should check the presented public key to ensure that it is on the proper curve prior to ECDH

Further to the exploit I talk about this is from @sophieschmieg: "_The attack is usually called a point-not-on-curve attack (very good name). The basic idea behind it is that the...

Card should check the presented public key to ensure that it is on the proper curve prior to ECDH

I spoke directly with NIST about this and they agree that the attack is possible but that Federal Government 140-3 certified cards are not vulnerable because the cryptographic modules they...

OCC ambiguity and missing functionality in ASN.1 schema

2 seems to be the most elegant. 1 is better for back compat