Re: Curve25519/448 key agreement for SSH

To: Niels Möller <nisse%lysator.liu.se@localhost>
Subject: Re: Curve25519/448 key agreement for SSH
From: Matt Johnston <matt%ucc.asn.au@localhost>
Date: Wed, 18 Nov 2015 22:05:44 +0800

On Tue, Nov 17, 2015 at 04:26:57PM +0100, Niels Möller wrote:
> denis bider <ietf-ssh3%denisbider.com@localhost> writes:
> 
> > Overall, though, it seems to be a bikeshed issue - it doesn't really matter either way.
> 
> I'd really like to hear more opinions.

Dropbear implements curve25519-sha256%libssh.org@localhost. My 2c is
to stick with K as an mpint just to avoid unnecessary
change/confusion with RFC 4253 (7.2, deriving keys) and 5656. 
In terms of implementation a fixed 32 byte string would have
been simpler, but not worth changing. 

A small thing, 'k' in draft-josefsson-ssh-curves-01 should
probably be upper case? 

Is it worth keeping the "Verify that client public key length is 32 bytes" (or 56)
text of curve25519-sha256%libssh.org.txt@localhost ?

Cheers,
Matt

https://git.libssh.org/projects/libssh.git/tree/doc/curve25519-sha256%libssh.org.txt@localhost

Follow-Ups:
- Re: Curve25519/448 key agreement for SSH
  - From: Simon Josefsson

References:
- Re: Curve25519/448 key agreement for SSH
  - From: denis bider
- Re: Curve25519/448 key agreement for SSH
  - From: Niels Möller

Prev by Date: Fwd: [saag] potential new wg - curdle...
Next by Date: Re: [saag] potential new wg - curdle...
Previous by Thread: Re: Curve25519/448 key agreement for SSH
Next by Thread: Re: Curve25519/448 key agreement for SSH
Indexes:

Home | Main Index | Thread Index | Old Index