IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
RE: Curve25519/448 key agreement for SSH
Simon, Aris -
thank you for this work. I plan to be implementing this soon, and I appreciate that you're moving ahead with standardization.
With respect to conversion of the binary string X into mpint K, is there a chance that X might have its high bit set?
If it's possible for the high bit to be set, it seems you ought to clarify how that's converted into mpint, given that mpint is signed:
https://www.ietf.org/rfc/rfc4251.txt
Represents multiple precision integers in two's complement format,
stored as a string, 8 bits per byte, MSB first. Negative numbers
have the value 1 as the most significant bit of the first byte of
the data partition. If the most significant bit would be set for
a positive number, the number MUST be preceded by a zero byte.
Besides that, I'm noticing the language could use improvement in places ("this document re-use" -> "this document reuses", "is is" -> "is").
Overall, thank you for moving forward with this, though.
----- Original Message -----
From: Simon Josefsson
Sent: Monday, November 9, 2015 09:07
To: ietf-ssh%netbsd.org@localhost
Subject: Curve25519/448 key agreement for SSH
Aris and me have prepared a document describing key agreement using the
CFRG curves for Secure Shell. As you know, curve25519-sha256%libssh.org@localhost
is already implemented by libssh, OpenSSH, Dropbear, and some others.
This is about putting the description of that into IETF format, and to
add the Curve448 hedge variant chosen by CFRG. It might not be detailed
enough for independent implementation, but we hope to get there. Any
review and feedback is welcome.
https://tools.ietf.org/html/draft-josefsson-ssh-curves
/Simon
PS. There is https://tools.ietf.org/html/draft-bjh21-ssh-ed25519 but
that talks about Ed25519 signatures. The document above is about key
agreement.
Home |
Main Index |
Thread Index |
Old Index