Re: Curve25519/448 key agreement for SSH

To: Simon Josefsson <simon%josefsson.org@localhost>
Subject: Re: Curve25519/448 key agreement for SSH
From: denis bider <ietf-ssh3%denisbider.com@localhost>
Date: Wed, 25 Nov 2015 23:21:07 +0000

What do you find ambiguous about the definition of mpint in RFC 4251? It states:

"Represents multiple precision integers in two's complement format, stored as a string"

That's a reference to the SSH string type defined immediately before mpint, which defines its encoding as uint32 length + data.

I think this is fairly unambiguous? Furthermore, any implementation that has different ideas will already be incompatible with others.

----- Original Message -----
From: Simon Josefsson
Sent: Wednesday, November 25, 2015 17:05
To: ietf-ssh%netbsd.org@localhost
Subject: Re: Curve25519/448 key agreement for SSH

I have submited -03 which adds a MUST check for the all-zero secret, and
clarifies the mpint conversion further -- a reference to section 5 of
RFC 4251 is added which explains this properly. Unfortunately, 4251§5
doesn't say that mpint's are prepended by an uint32 with the length of
the data (or the example is wrong). Please holler if implementations do
not have the uint32 in the mpint that is hashed, or generally if you
believe the new section 2.1 could be clarified further.

https://tools.ietf.org/html/draft-josefsson-ssh-curves-03

/Simon

Follow-Ups:
- Re: Curve25519/448 key agreement for SSH
  - From: Simon Josefsson

Prev by Date: Re: Curve25519/448 key agreement for SSH
Next by Date: Re: Curve25519/448 key agreement for SSH
Previous by Thread: Re: Curve25519/448 key agreement for SSH
Next by Thread: Re: Curve25519/448 key agreement for SSH
Indexes:

Home | Main Index | Thread Index | Old Index