Re: Curve25519/448 key agreement for SSH

To: James Cloos <cloos%jhcloos.com@localhost>
Subject: Re: Curve25519/448 key agreement for SSH
From: denis bider <ietf-ssh3%denisbider.com@localhost>
Date: Tue, 17 Nov 2015 01:03:37 +0000

James,

this reads like an ideological pamphlet from someone triggered by the wrong hot button words. It seems you're unfamiliar with details.

No one is exchanging 25519 or 448 keys as anything but fixed-length strings. The mpint encoding of the shared secret isn't sent on the wire. It is involved strictly in the SSH parties' private calculation of the exchange hash.

----- Original Message -----
From: James Cloos
Sent: Monday, November 16, 2015 11:32
To: ietf-ssh%NetBSD.org@localhost
Subject: Re: Curve25519/448 key agreement for SSH

Given that one of the design goals of the modern curves is to exchange
the public data as opaque bit strings, the protocol should not use
anything like a mpint to exchange the keys but instead should exchange
them as the opaque bit strings they are.

How the crypto primitives use them is irrelevant to how they should be
exchanged.

Every 25519 public key should be exactly 32 octets and every goldilocks
public key should be exactly 60 octets. Full stop.

-JimC
--
James Cloos <cloos%jhcloos.com@localhost> OpenPGP: 0x997A9F17ED7DAEA6

Prev by Date: Re: Curve25519/448 key agreement for SSH
Next by Date: Re: Curve25519/448 key agreement for SSH
Previous by Thread: Re: Curve25519/448 key agreement for SSH
Next by Thread: Re: Curve25519/448 key agreement for SSH
Indexes:

Home | Main Index | Thread Index | Old Index