Re: SSH in ECC Internet Draft

[Nicolas Williams <Nicolas.Williams%sun.com@localhost>]

On Tue, Oct 10, 2006 at 01:01:51PM -0400, Jon Green wrote:
> On Tue, 2006-10-10 at 11:17 -0500, Nicolas Williams wrote:
> > The draft defines one ASN.1 type ('curves', a SEQUENCE of OIDs) where
> > existing SSHv2 constructs could be used instead.  The draft's other uses
> > of ASN.1/DER do not require an implementation of SSHv2 to implement
> > ASN.1/DER outside ECC libraries, but this one type does.
> 
> I don't think that we can just remove curves and send a name-list of
> OIDs.

Sure you can.

>       Encoding and parsing a ASN.1 sequence is easier then encoding and
> parsing a ssh namelist full of octet strings. 

Nonsense.

If you're implementing this I-D then you are already implementing SSHv2
and you already have code for encoding/decoding SSHv2-style
lists/arrays.

But the reverse is not true!

If you're using ECC libraries off-the-shelf and adding this to an SSHv2
implementation then it's not the case that you necessarily have the code
to encode/decode ASN.1/DER SEQUENCEs.

> So everyone is familiar with what an asn.1 sequence looks like:

I am, but you cannot assume that SSHv2 implementors in general are.

> The first problem with putting OIDs in name-lists is that the one of the
> octets in the OID octet string may be 0x2C (ascii comma) which delimits
> the list, so the OIDs will have to be encoded somehow before being put
> into a standard namelist, or there has to be a new type of list
> defined. 

You mistunderstand SSHv2 list/array encoding.

Nico
--