RE: New version of rsa-sha2-512 draft posted: no more DSA

[Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>]

Niels Möller <nisse%lysator.liu.se@localhost> writes:

>I think we should try our best to have the set of REQUIRED algorithms make
>sense on constrained embedded systems.

I've never really noticed any problem with the current set, typically time
isn't a big issue (as in, if ops take a few seconds then you just have to
accept that), the main one is memory use.  That is, users don't see it as a
big issue, there are always some requests about whether it can be made a bit
faster, but compatibility requirements with deployed code/devices almost
always outweigh that.

That's what a profile would have aimed at, a single well-defined set of
algorithms and mechanisms so you don't need to support every option available.
I actually had a go at this a while back:

https://www.cs.auckland.ac.nz/~pgut001/pubs/simplessh.txt

based on what I'd experienced in embedded environments.  The constraints
weren't the crypto used, it was cutting out the huge amount of unnecessary
(for the way it's used in embedded) complexity in the protocol.

>A few years ago I ported dropbear to a proprietary and pretty slow embedded
>device, with only 8-bit arithmetic hardware. 

You got SSH working on an 8-bit CPU?  How?

Peter.