IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Curve25519/448 key agreement for SSH



James,

this reads like an ideological pamphlet from someone triggered by the wrong hot button words. It seems you're unfamiliar with details.

No one is exchanging 25519 or 448 keys as anything but fixed-length strings. The mpint encoding of the shared secret isn't sent on the wire. It is involved strictly in the SSH parties' private calculation of the exchange hash.


----- Original Message -----
From: James Cloos
Sent: Monday, November 16, 2015 11:32
To: ietf-ssh%NetBSD.org@localhost
Subject: Re: Curve25519/448 key agreement for SSH

Given that one of the design goals of the modern curves is to exchange
the public data as opaque bit strings, the protocol should not use
anything like a mpint to exchange the keys but instead should exchange
them as the opaque bit strings they are.

How the crypto primitives use them is irrelevant to how they should be
exchanged.

Every 25519 public key should be exactly 32 octets and every goldilocks
public key should be exactly 60 octets.  Full stop.

-JimC
--
James Cloos <cloos%jhcloos.com@localhost>         OpenPGP: 0x997A9F17ED7DAEA6



Home | Main Index | Thread Index | Old Index