IETF Logo Mail Archive

Re: [Curdle] AD Review of: draft-ietf-curdle-ssh-curves-04.txt

"Mark D. Baushke" <mdb@juniper.net> Fri, 05 May 2017 21:16 UTC

Return-Path: <mdb@juniper.net>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1ED95126BF0 for <curdle@ietfa.amsl.com>; Fri, 5 May 2017 14:16:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.022
X-Spam-Level:
X-Spam-Status: No, score=-2.022 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X4sPTp_6sVl5 for <curdle@ietfa.amsl.com>; Fri, 5 May 2017 14:16:46 -0700 (PDT)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on0103.outbound.protection.outlook.com [104.47.36.103]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB503124BFA for <curdle@ietf.org>; Fri, 5 May 2017 14:16:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Svw/o0W2oYeE4o6Dc52cZL9jEgmYHVSuTnvhR+xR4ds=; b=VFSYyL2fOEx595WCxMA4l+ngxmVJuImgmw6du8u8j9+5hxrAZ/1ZXs/A5AFifBY2yJDp0vfdJ5M/Vu38YsQNe+puba9SdCLHiC2ZYu8ZwA5crg38gz6uJ3fMiOJHZPoNkvXhswf0g75fYNhaRklQ8o9Jj7dk+oKlsoOfL76sRBY=
Received: from BY1PR0501CA0022.namprd05.prod.outlook.com (10.162.139.32) by CO2PR05MB729.namprd05.prod.outlook.com (10.141.228.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1075.1; Fri, 5 May 2017 21:16:44 +0000
Received: from CO1NAM05FT040.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e50::209) by BY1PR0501CA0022.outlook.office365.com (2a01:111:e400:4821::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1084.7 via Frontend Transport; Fri, 5 May 2017 21:16:44 +0000
Authentication-Results: spf=softfail (sender IP is 66.129.239.12) smtp.mailfrom=juniper.net; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=fail action=none header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender)
Received: from p-emfe01a-sac.jnpr.net (66.129.239.12) by CO1NAM05FT040.mail.protection.outlook.com (10.152.96.153) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256) id 15.1.1075.12 via Frontend Transport; Fri, 5 May 2017 21:16:43 +0000
Received: from p-mailhub01.juniper.net (10.160.2.17) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Fri, 5 May 2017 14:16:40 -0700
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id v45LGdpP000981; Fri, 5 May 2017 14:16:39 -0700 (envelope-from mdb@juniper.net)
Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id 66D1C11446; Fri, 5 May 2017 14:16:39 -0700 (PDT)
To: Eric Rescorla <ekr@rtfm.com>
CC: curdle <curdle@ietf.org>
In-Reply-To: <CABcZeBMFWE35S0okfF378YMWoWmWuZRZCe4oHsHagN0LF9W0WA@mail.gmail.com>
References: <CABcZeBMFWE35S0okfF378YMWoWmWuZRZCe4oHsHagN0LF9W0WA@mail.gmail.com>
Comments: In-reply-to: Eric Rescorla <ekr@rtfm.com> message dated "Fri, 05 May 2017 12:33:00 -0700."
From: "Mark D. Baushke" <mdb@juniper.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Date: Fri, 05 May 2017 14:16:39 -0700
Message-ID: <7050.1494018999@eng-mail01.juniper.net>
Sender: mdb@juniper.net
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:66.129.239.12; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(39840400002)(39410400002)(39860400002)(39400400002)(39850400002)(39450400003)(2980300002)(189002)(199003)(9170700003)(6916009)(2950100002)(50466002)(356003)(4326008)(7126002)(7696004)(110136004)(38730400002)(229853002)(5660300001)(230783001)(117636001)(47776003)(305945005)(105596002)(76506005)(2906002)(7846003)(2810700001)(53416004)(77096006)(8936002)(81166006)(8676002)(8746002)(50986999)(478600001)(106466001)(55016002)(189998001)(23676002)(6266002)(6306002)(53936002)(54356999)(966004)(6392003)(76176999)(86362001)(6246003)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:CO2PR05MB729; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; MLV:sfv; MX:1; A:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; CO1NAM05FT040; 1:uDW2cUTiWepQRx41IDiOHlhWNCOXCnM7KRms5FPmxWlFn0RE3buEzy7TVaprvM8eUDv+E4syljWjtTmn7zx+WMXbZpjlJC5g2VX454p+Wff51F9tqbhnZT1YDZQtVDK6Vl46d1ED/zGBOxjbyrbbLniLnv+AcKj7AJCdPtN5m0sCIaSyZjIuYWHrcxbNIMTce6/krVulSHhowHUHWHlPQIJsldOYdmsJd3ywQr8y/uAN2IruY2HoSbnyCNlprnRvrKpYqDZ9J0Km5CzfekFrBmm2O1osQ2Eq3pGOOb2WpaMNUCnDcMcJeDxXgUJE8riv/G/jRsnVTzhbLzZC9fLlKNpz1LaEGeiER95Fb2Rqah+XS+LXfSDfHxgewoPUdzXFPoSKsypATGFweQJcoXXWGraSnLG/ZKg9AGE2OdwwNZ2fysXNDoV5mHqfyK+o/XdjVmt6KUvyvd4aVAKXaGVvZnohsyimcdbZkU5cZyvWNJ/BKKXUWqokDUp977Zh6s3JKf9yvOE/NvoZrlatJ/EGNG45SN5Qo+jrqkkU1qbdQVBu0ovEdrp7FkUG89hqdyG+OPVPS1HaKO4P2vTuwBE5hRMqchWFiTp4IIf6rKq640g=
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 057f7ae6-c5d0-4bee-cef7-08d493fc07f9
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081); SRVR:CO2PR05MB729;
X-Microsoft-Exchange-Diagnostics: 1; CO2PR05MB729; 3:k9iox0jmEiToOsLCWzR3FPQjaxg6bD3BBuHwxoQmyhe6OqVAVQUSxz2RrEp+3rqmc7DqlCOO/mJmNcr4KjmKv3WXY1kEF+fnj/via84QJuT77apyNAtk+T1TSMdXqQtG2MbQw/EQSvxLJTQADzRxroxVS2RleMWAi90QJNdxNiVRnMNGi2d4nGysFwUalOfI9I2vszFyd5qsgKvWIGhmChyOxuRrXnfYGrxvNW8OMHK6t08y5kVSWWL3rFI3F/D8W4ddqDdtD9LOww0k7FknP4trwqB4bIrHmpdjrhSdNdKwJnQRe0ZtjvxWQ1ms0RZ0FDRqd8otmP29TH+inTn8cZQnJ3vfueCj8VKfWJiIf1VImeU4ctvc/u9SiF4vcU3LYWm+O8rTrBxOi+1WbfhrBUNp/4ZYcz9tuqVrTh5haW2gphtW40fACWHli/2kjL+7UxT+e4H7ZmrLX7dYeHlj5A==
X-Microsoft-Exchange-Diagnostics: 1; CO2PR05MB729; 25:Utss8JTfiSr5e5dYdpCv6jBpET+CVSTGzwBWh0sMKlw7ljpJ5WEJ0bvs5xrkaOVg3GTFbvZp2RO52tJcOnIErzncn+4TgaziwcgOUuRFM5jyyom+UV544HbOeSYA9Rjp1bh+K6DrTlqtUUUCl8OcUUjKmFXsFmE2SJiVcowFnmi44EfdBvcYTZFl/n8ZHf9GpI+3PWrSecBKiN9fZq8EUyK7cEBCoRUWu+EVlCmTTbkvc4QUtEaPdio0cH+b9QydV8poaz3D1NMEBEJTvcqiEotW4enDQNM1or2jtTnmCqafJIewPz5MK3Wd9toNR+EiHtjczJLlWXQ2aR4VokVW4rJdjrFnFb8lKFfgO5XmXbcJLTTbSABFz+V/P/d8NONiufIETckqpMF4gRcUYcaBnIhrm7GEqTDvzGeTBinMRKc5oM53b2R0CvAJ56VYZl1N5/Zvjax99ZTseZVz3/9yp4O+N3Rt3N0BXEohFD/XtDw=; 31:qH2Ji2As8apJJivcTICiVcGXqWeVWSGv9A7eRFcII/vpwG5OXPLwb7Ig4s0ctsB/Rypv1YDdvjjLMnQx1Qp1sQjwRm/yiGn3xdHYHjyvTVwbR+SBRAj/0Gcux+ABlV0LJBTJz5SBUYVCX9StweQrtNDHcGV0IP5UEoeFCU6c3I7c2r8743bJrx2puTonnI7sDWsHT9imPIs27yolJFJQczaN94/v7Vs/9YURdxHFv87LMmfBidoMDVd8gCKNOgmiAnQGCBv2wMImuV84shRUPg==
X-Microsoft-Exchange-Diagnostics: 1; CO2PR05MB729; 20:aOosrpLg+9N1qJXbSjxTkD1nj0FHfvW4e1lUMjzHdJgW5/iWXHpPAK8t2v15mn6bklGCjIDdqV5zylACegkILb44u+s24KhvTUOWsoJvOt8nJ2qa9B1xZ5ia0+1GKDoFWl9B+U2aplBAo7em91JkPdHuDms4j2QLCD12sKUCzO0Hyv33ThH48y4+ACn6ebjqbPn6chhA86sLn4ooh4iReVE+jEOrrGtjTnubPVVt6a5iZxs5SQ7L1pNifwtZfv88BCekDERVLTfEYjeWD0O+ZSCv+Gpja0Z0YyFytAYnQoa2DsIag+k/Trfcl36yJCToXoNcdBoU0O14uIpnRLU3IB6mqr9QluE2orxYgyM+pGv+u4mVrnNrPsGJjP1WXIJmevc+f/zErPIVcmjFY139Bk4NBGNtWkWNjNwW2TntugqFYyckLd1sCdtrHtq4yGZuuzCk2bJwhRZ13oyaraPq6Z0v48TQ8rZAhhG7FDvtSlX0mwv3OhtqWiKraTtQ2T6l
X-Microsoft-Antispam-PRVS: <CO2PR05MB72919C8F9ED012947097BA8BFEB0@CO2PR05MB729.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(192374486261705);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(13018025)(5005006)(13024025)(13023025)(13017025)(8121501046)(13015025)(3002001)(93006095)(93003095)(10201501046)(6055026)(6041248)(20161123558100)(20161123555025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123560025)(6072148); SRVR:CO2PR05MB729; BCL:0; PCL:0; RULEID:; SRVR:CO2PR05MB729;
X-Microsoft-Exchange-Diagnostics: 1; CO2PR05MB729; 4:4twSeDVsJiakOr3aLmIrr3TzNjCN96OVgLV1IKPxX07Ae3zGfvcVJkbt3NweX36/j9DswwzC6LRGuYfnutKlf5/CtKjLxwxblU9hf7P55W7CCctl+Ik60/MjciGIMjG1geWp/FaOZUbHSjCUZE3iqrifuZzAn4FgOR31+ITZ/BiYt9+6vn6GfuAj26svgLTesIx8J7oqQSZ7I3gwfn+7bPymsVSOvk+pbKIwwPDCM4n12bbXNdhQfaiSV3FvUsouxJbC2WQaq7g5USLgG4gwzAL3v/3kyIg35klsGEwriAQVOKH4mTGFP8aH9EvIpSKnY5hcae52iT7QIIx1yUMuo3B/uw5FhrWjtDIBUiSwne34+tQTpsAiSS2vTIHX/RjIPLB35CxrVjbvkep44IiBem261EEQHCCj7BTfrbDQTkupVefvk/5yMaUGQB37nZPKU0Fb8rpwmmdyo31hzEnGVH1NeonQqg/6BcRXk5j6VNGAnu9f3IhwZ+OrFqdrxyNKdhgYdmcYAtmpfGb7MjrcOMTzJ3AxbnCFwaey8Vd03u0Qj9yVBjX6Nk03bSUYcEvFblkxtJYVyHbtr3K1Tjz7jbOWswiopWthPuH02VaXdafT36SpMs7TsIDXDDlnIKDOB2QYvrvSSVGRiaCDscfEUzSzMLX1YNHWdWH4Dme7VUzl8twunNdp9aR5mDFsqy7mSy2+JHvc/1wXf6zwr2twG/A0s/nYFgXjQx1hwUJ2FlTG3jpqQz0Td3OoYj5ZYvZwr9VbbsLBL/tfEL/1FYLmB2QGZs9zos7lVu/fEMOa42LxgqO2xpataWDIZpQ+tOG1DPMmlsI2AQk1HOlLkWkPf9KK37dMnQNKtOU9Nqq4DDSNr6luR/yBGp1wrzfkWMy7oeAok3SJFFET2zx6uU0EZBcro4rsWNaKL1IECyhq0rDC5GEl6FkBYyqBkVuJIwjt
X-Forefront-PRVS: 02981BE340
X-Microsoft-Exchange-Diagnostics: 1;CO2PR05MB729;23:vMQkcrmE/1tv8ToO0Ir3nlv97Dr0Ec9RTBxpKEPxZaq3hWZGYw/XtlxvNPyMqMMpL2rQUFZQYF+8IcfJ6y4F93/boErFm2hVKwJ9XELJFiRd4FYjniOOhIT1u9RzVsnqEcDesx8rWdhl8fk0mdJv11SPnaPTEeR3xWE2vAH2uBEJWpu+WyACYs2h0PcnaJoii0I6eYddyi0Qf4KkLDfyWV8QnfvDPYZLPAzuzr72TsSWdtiHohiWhwYg2rAvn2lRpi50TupD5G5QHdXdbSn7GPJ6b9xjLsoRhUd9ny0wIJbFCudal9wqnKs72zAjYc61qxpNK498ZsxDETjSl9myeVkzUDr9XVKVzY5uVDePSwre7KiCWN5eO8I2JQ7HMQ40pz901WlTJ+ehYwiNUN3n8ZUP+z1maHa8Q1EXukcDqyyQbpkq3dU+D058apLz9YC5HqH/QVnU93fCLQC3CSgGcO8Pr4VlpQahPJvj2NhTSgdfX1jNGPBvY3oZv5thnXPYkdURAHjfzlhX2II+z47yxAdoBfohrrRWQjr9wELhDYOudwbS8kUMQfei/DlwvB1E/kKOneCVh1C5BlQfQBpiatNX70aC9LBuFINJNlxCVi06GeN73M8iewqPlpeGcI29i5epRUeAqdMphRk69Q+BD/K7duYeKNeV2ZRSC6DvuS3VZorGqMSnlu14USMr4bv72qvOEHqE64jFV8yG+K1efRRH64gPclJbHJHHG42P8u/gMjV6Y+/+OKGxpkWaL0RfET9XDPu6ohYs/7nDb/7HZeQDzg1xuVIU0cRcoBKHEzH7xvxNlpnFMPkuB4Y2PiPnHk8Hh1S/NzPRREcVqZ64EU0afuyqgORClrfAczW4CGjXzQ1VmH1UdMIql9usgo12MnZbhpu4fHUIReHEGs8/z7BenEM2iFf6aBBnM3yM6Ixr4W76USF2NuItzVBopkUmvY9XRF86WFeSfhzFDWbuCJEGWqMDy89B1itPr9V/a5RKnurwuYfWPV9UARouSc2SoZYX/e+PWhFhP5gsDAAVUdVUV/FzWbsyzBdrAIoRS7/SyRiHT5ob3YUaU1JDPf1F8pr5wi2xa4xg7ahdWaQhwvIX824Yg4kMst3m8Udi4gr3rvVoVW3s9PilPeUowAo+A63UMG9PUhMDzLZIEy16Bg7EHMDVOkB8fZOmR6fNcTzqtVZ1EzYzN7hmfE3vU0NGRf5eGhS4o4NgDc6YfIrDQ3WTOCVPdqz+3r0my/+VDNSBP8zbApEkQagLsmG/qIMm
X-Microsoft-Exchange-Diagnostics: 1; CO2PR05MB729; 6:h5DjALPCdNZ537zPV83IopefcOuczkw/giiaHee1h+TqI1Bk6CkmwIIC1LIuoX2PjXh7ny15czsQzyZaL2U9w5EDrmH8fwxN4eDYV1qWe+NGsB4/M4BAl0Zy8/HXQw8BK8SsYJh3h+0u/UTdWRcv9V+0qKw8Q8xUQ5kBXCaVTWrufUgORxaf1n75zLv3WeJsg2qmxbZOC0/Axig4Im+v575gRTZO12kZGzEdPPZ4+HcWj9t2IcRCaNxaaUnBPjJpd8Vnb/dEzD7FFrc/0hJZvKLMmB5wArUN7IgDuPXeJCzX5aI19fgT42NkUnFr5XDl+7V9xIR21tJ4gPp/7wZpwF/NLgSOKpZ2upSplNuDJyGHgtHtVpnrbPfcmUCy77082D0XknW4+uKq7LSsvT1dwmbwKFh94jzgqqPioGk5o7UMvJUUAcAPryNYVP6Im9QoCnk6p/N+6tXLhsN2JUq3raPSVBt1wblvhJiXDR0f9wzukw5rugW4EXFHvSdx3H0z9MihjyQNSRF+H0wqLqFoOZ/uFbBu4pC7HjAAZj1yN/4=; 5:qoJRmLdJXffsXRlEULjOCvkm088vo4rhYhOIzUmknQQBdNvvV3TkxR+UUfBED0IVP9QqBfn65iW4sVbxXrXe/l+jjJYWMGGhmUEmjYBp6BO0OJ6DEq1AVx8qTGP6M9sjaXaergifw/l3nUowP+pC0Q==; 24:Q+wFhGuQcnmO/nlCpj9mMoF5SIx9FgOLAyhEtY1XROWAvyBMPoeaLQou6UV3TZQ2MyVQt1CmtkR6DJZv1jNKAGgMK8oZCLf5SxwUBLrRwoM=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; CO2PR05MB729; 7:bTA3QW6XfZF3k73Xa525jbp/VKc72H7taR/e1ERTihsJiRLLmC9e3vYA0LbqZo3/QubOGBlC8YtORhgIBFbCbsZsKXAwOtZOY6tA+PQj3EqY4HSbq3m9HychSyu/FyNeLFj5aPMDOtroFz+Ps1RYl/WKl2NRGwlvhGH+ZsvM3TlDJKjbbHFQI5mzvUqnczvSGrbFsK+FKg0m5ZzFXmWwEBstYS7x+CoJuDLLawhFyXDTSco8w9LmQi35ChsPQHjy2vlZDSmlUd/twJKSOso59nudW06w/T1QQ5CMjEdLJwl5iX2XdWdYuJFhlImIWt3vMo4hrtvO9OE4Ug+Xld7z4w==
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 May 2017 21:16:43.8263 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[p-emfe01a-sac.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO2PR05MB729
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/zDXuKwiCUgo2hv0ffSDYhcAY8Cs>
Subject: Re: [Curdle] AD Review of: draft-ietf-curdle-ssh-curves-04.txt
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 May 2017 21:16:48 -0000

Hi Eric,

Eric Rescorla <ekr@rtfm.com> writes:

> Document: draft-ietf-curdle-ssh-curves-04.txt
> 
> TECHNICAL
> S 2.
> 
>    The methods are based on Curve25519 and Curve448 scalar
>    multiplication, as described in [RFC7748].  Private and public keys
>    are generated as described therein.  Public keys are defined as
>    strings of 32 bytes for Curve25519 and 56 bytes for Curve448.
>    Clients and servers MUST fail the key exchange if the length of the
>    received public keys are not the expected lengths, or if the derived
>    shared secret only consists of zero bits.  No further validation is
>    required beyond what is discussed in [RFC7748].
> 
> Is any other validation specified? Maybe I'm missing it, but I don't
> see any.

Hmmm... When I read it, I was under the impression that this was
referencing the concept of batched verification via the referenced via
the [goldilocks] paper http://eprint.iacr.org/2015/625.pdf reference in
RFC 7748. It is possible that my reading is flawed.

I am willing to consider alterations to the text to make it better if
you have something in particular to propose.

> S 2.1. IMPORTANT:
>    other side’s public key and the local private key scalar.  The 32 or
>    56 bytes of X are converted into K by interpreting the bytes as an
>    unsigned fixed-length integer encoded in network byte order.  This
>    conversion follows the normal "mpint" process as described in section
>    5 of [RFC4251].
> 
> It appears you are specifying the opposite encoding from RFC 7748 which
> says:
> 
>    or GF(2^448 - 2^224 - 1) and are encoded as an array of bytes, u, in
>    little-endian order such that u[0] + 256*u[1] + 256^2*u[2] + ... +
> 
> First, I want to confirm that this is in fact true and that I'm not
> missing something. Second, if it's not true, this needs to be called out
> in big letters.

I regret that I did not do anything to implement Curdle448 myself.

I suspect that only Aris or Simon will be able to be authoritative on
this set of paragraphs.

> 
> 
> EDITORIAL
>    Curve25519 provide strong security and is efficient on a wide range
>    of architectures, and has properties that allows better
>    implementation properties compared to traditional elliptic curves.
>    Curve448 with SHA-512 is similar, but have not received the same
> 
> has not received

Good catch, I have incorporated this change into my copy of the
document. I will publish an update after more folks have commented on
the points you raised.

	-- Mark

v2.23.0 | Report a Bug | By Email