From f8e4bdfbaf1bdda634e45a81347fe09f96e3e676 Mon Sep 17 00:00:00 2001
From: Hubert Chathi <hubert@uhoreg.ca>
Date: Tue, 2 Jun 2020 17:31:15 -0400
Subject: [PATCH] credit David Wong

---
 proposals/xxxx-sas-v2.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/proposals/xxxx-sas-v2.md b/proposals/xxxx-sas-v2.md
index e4e4e320..d9d37471 100644
--- a/proposals/xxxx-sas-v2.md
+++ b/proposals/xxxx-sas-v2.md
@@ -11,6 +11,9 @@ generation of the SAS string by including it in the info parameter of the HKDF.
 Thus if an attacker sends them different public keys, the info parameters will
 be different, and so the key generated by the HKDF will be different.
 
+Thanks to [David Wong](https://twitter.com/cryptodavidw) for identifying the
+issue, disclosing responsibly, and for helping to design the fix.
+
 ## Proposal
 
 A new `key_agreement_protocol`, `curve25519-hkdf-sha256` is introduced, and