Re: [secdir] secdir review of draft-moonesamy-sshfp-ed25519-01

S Moonesamy <> Fri, 30 May 2014 19:04 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id ED9901A0527; Fri, 30 May 2014 12:04:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.441
X-Spam-Status: No, score=-2.441 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RP_MATCHES_RCVD=-0.651, T_DKIM_INVALID=0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 0y_awhjKtpWq; Fri, 30 May 2014 12:04:20 -0700 (PDT)
Received: from ( [IPv6:2001:470:f329:1::1]) by (Postfix) with ESMTP id 574051A01B5; Fri, 30 May 2014 12:04:20 -0700 (PDT)
Received: from ([]) (authenticated bits=0) by (8.14.5/8.14.5) with ESMTP id s4UJ3sN2028788 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 30 May 2014 12:04:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=mail2010; t=1401476647; bh=GX3wHqne2sz+PSAdaKDryItfsfWDa+OgwB5pxInOFqM=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=lieCCRn38bWXEyutmZvfqQpp0voyFIispuyGO1CEi0ksrc/ib0jPLpPyrVVzFbN3Q zdIE/MXm9gdoeXQe9dbE4KO4dGfGv/OANAdu5hwuObcTfP5JsRZg5WNTdGdwLwpE15 laHwLQjnNvpBC7EX4gfLHNI9MxRLqPMrk+IO7gkM=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=mail; t=1401476647;; bh=GX3wHqne2sz+PSAdaKDryItfsfWDa+OgwB5pxInOFqM=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=Sj4Xvrqn7W3zA5c5qhaunBG3nl9/v9Q+NO7xHjje7Px0a32MzhNq/4EIbYfe/cL+5 tBSjKkNIJ8+4peTG3Tm3TXp5TDevYramgjuCBdUMtOPKgY5mkwZIG3B1sRVFthgKc2 8q9QWDQgZptfZ2H8wxziIPKhKl1Ay3WTjvksPw90=
Message-Id: <>
X-Mailer: QUALCOMM Windows Eudora Version
Date: Fri, 30 May 2014 11:44:30 -0700
To: "Joseph Salowey (jsalowey)" <>
From: S Moonesamy <>
In-Reply-To: <>
References: <> <> <>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Subject: Re: [secdir] secdir review of draft-moonesamy-sshfp-ed25519-01
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 30 May 2014 19:04:22 -0000

Hi Joe,
At 09:52 30-05-2014, Joseph Salowey (jsalowey) wrote:
>[Joe] Running code is certainly good, but I don't think the ed25519 
>paper by itself provides enough information to create an 
>interoperable implementation.   Without this information I'm not 
>sure its possible to implement the draft.  For example, as you 
>mention below the format for the key is undocumented is it well 
>enough understood what the format of the data to be hashed in the 
>fingerprint is from the draft and its references?  It seems the only 
>documentation of the protocol is in the source code.  I'm not sure 
>if there is a precedent for referencing a source code, but if it is 
>source controlled perhaps it is acceptable.

According to OpenSSH is used by "companies 
like NetApp, NETFLIX, EMC, Juniper, Cisco, Apple, Red Hat, and 
Novell; but probably includes almost all router, switch or unix-like 
operating system vendors".  The source code has been under revision 
control since over 10 years and it is publicly accessible.  The 
source code is distributed under a liberal license.  I could have 
argued for "Proposed Standard".  I thought that it was better to go 
for "Informational" to document what has been implemented as I would 
have raised arguments similar to the ones quoted above is a review 
about a "Proposed Standard".

There was a comment from Rene Struik during the Last Call about the 
hash and the ed25519 paper ( ).  I 
think that he understood how it works.  The well understood test 
happens after publication as it depends on the unknown reader.

There is a precedent for referencing source code.  In my opinion it 
is better not to do that unless it is really necessary.  I prefer not 
to use the precedent argument.

I'll note that this draft does not break anything on the internet.

Please let me know whether the above addresses the issues in the review.

S. Moonesamy