denis bider <ietf-ssh3%denisbider.com@localhost> writes: > Comments: > > > - If we're being comprehensive, we should include a position with > regard to Curve25519 and Curve448: > > https://tools.ietf.org/html/draft-josefsson-ssh-curves-03 > > I suggest we take the following positions: > > curve25519-sha256 SHOULD > curve448-sha256 SHOULD, or MAY? > > That being said: > > > - Given the recent NSA recommendations, it seems to me it would be > prudent to update the Curve25519/Curve448 draft, and to replace the > SHA-256 algorithm with SHA-512 for Curve448. This would create the > method "curve448-sha512" instead of "curve448-sha256". > > Simon, what do you think? Could your draft be updated to do that? Yes, that will be part of -04. For what's it worth: I support curve25519-sha256 as MUST and curve448-sha512 as MAY in draft-baushke-ssh-dh-group-sha2. /Simon
Attachment:
signature.asc
Description: PGP signature