Subject: CKD_NULL

Hi Bob,
I missed the first part of that discussion.  Was that an question that came in through the mailing lists?  Or a question that came to you directly through RedHad?
It came directly I've been meaning to post the question to the mailing list and never got to it.

I had to go back through some old emails... but there is the BSI-TR-0311 standard which does define ECDH where both X and Y coordinates are returned from the ECDH primitive, and where it does appear to use the X and Y  coordinates as input to the KDF.

We (Safenet) were asked about our compliance with TR-0311, and I pointed out that our products only return X, but I never got any more response from them on this topic.

Not sure if this is of any interest to you or not.
Hmm it is. I was thinking of which way to go post 3.0 to get what we need:
1) a new KDF that returns X and Y.
2) a new mechanism that returns X and Y.
3) full set of mechanisms needed to support McCallum/Relyea.

This input leads me to to think 1 and 2 would be viable options.

