denis bider <ietf-ssh3%denisbider.com@localhost> writes: > What do you find ambiguous about the definition of mpint in RFC 4251? It states: > > "Represents multiple precision integers in two's complement format, stored as a string" > > That's a reference to the SSH string type defined immediately before mpint, which defines its encoding as uint32 length + data. > > I think this is fairly unambiguous? Furthermore, any implementation > that has different ideas will already be incompatible with others. Thanks for precise pointer! I didn't register the importance of the word "string" here, and was looking for the "uint32" keyword. Ok no problem then. Btw, one of the changes between -02 and -03 is related to this, before it said that K and X often will be identical, but I don't believe that is ever the case since K have the 4-byte prefix. I hope -03 is clearer on this. /Simon > > ----- Original Message ----- > From: Simon Josefsson > Sent: Wednesday, November 25, 2015 17:05 > To: ietf-ssh%netbsd.org@localhost > Subject: Re: Curve25519/448 key agreement for SSH > > I have submited -03 which adds a MUST check for the all-zero secret, and > clarifies the mpint conversion further -- a reference to section 5 of > RFC 4251 is added which explains this properly. Unfortunately, 4251§5 > doesn't say that mpint's are prepended by an uint32 with the length of > the data (or the example is wrong). Please holler if implementations do > not have the uint32 in the mpint that is hashed, or generally if you > believe the new section 2.1 could be clarified further. > > https://tools.ietf.org/html/draft-josefsson-ssh-curves-03 > > /Simon >
Attachment:
signature.asc
Description: PGP signature