Re: New version: draft-green-secsh-ecc-06

To: djm%mindrot.org@localhost, douglas%stebila.ca@localhost
Subject: Re: New version: draft-green-secsh-ecc-06
From: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Date: Tue, 14 Apr 2009 17:25:36 +1200

Damien Miller <djm%mindrot.org@localhost> writes:

>I have to say that I really dislike the Base64(MD5(DER(OID))) encoding of
>curve names into the kex method names. Why not just use the SEC names?

Oh, so it wasn't just me :-).  My reaction to seeing this was "did someone
lose a bet or something...".

>Actually, why bake the names into the kex names at all? (as opposed to
>sending a curve spec as a parameter).

This is another case where SSH really needs an extension mechanism like TLS.
In TLS the curve parameters and point formats are negotiated via extensions.

Having said that, in practice everyone (well, among TLS implementors) has 
settled on a small number of popular curves and that's it (which is quite 
convenient, you don't even have to worry about extensions, just go with P256 
and everything'll support it).  I'd define a few fixed names for the 
well-known curves that everyone ends up using (the NIST ones, basically) and 
leave the strange stuff to the usual name@vendor-name mechanism, which is 
exactly what it was meant for.

Peter.

Follow-Ups:
- Re: New version: draft-green-secsh-ecc-06
  - From: Douglas Stebila

References:
- Re: New version: draft-green-secsh-ecc-06
  - From: Damien Miller

Prev by Date: Re: New version: draft-green-secsh-ecc-06
Next by Date: Re: New version: draft-green-secsh-ecc-06
Previous by Thread: Re: New version: draft-green-secsh-ecc-06
Next by Thread: Re: New version: draft-green-secsh-ecc-06
Indexes:

Home | Main Index | Thread Index | Old Index