Re: ssh-ed25519 implementations

"Mark D. Baushke" <mdb@juniper.net> Wed, 10 May 2017 16:57 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 037F7129B8D for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Wed, 10 May 2017 09:57:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.09
X-Spam-Level:
X-Spam-Status: No, score=-4.09 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jaPU4l9p9xOr for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Wed, 10 May 2017 09:57:44 -0700 (PDT)
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0EDC312945B for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Wed, 10 May 2017 09:57:44 -0700 (PDT)
Received: by mail.netbsd.org (Postfix, from userid 605) id 574E08556D; Wed, 10 May 2017 16:57:42 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 61F2384CEE for <ietf-ssh@netbsd.org>; Wed, 10 May 2017 16:57:38 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (1024-bit key) header.d=juniper.net
Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id Gtn2aTclDqnl for <ietf-ssh@netbsd.org>; Wed, 10 May 2017 16:57:37 +0000 (UTC)
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-cys01nam02on072b.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe45::72b]) by mail.netbsd.org (Postfix) with ESMTP id AA85C84CDB for <ietf-ssh@netbsd.org>; Wed, 10 May 2017 16:57:35 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=HMdb4XeNk35iGPeZ+lwZnRJbAqcSMSaLcbrzDC2Mg58=; b=iudELkJCM01AI157JUSUpMSbR3UpqYC8UG6RJVzOO9iG9rzzsBXa+Y2FIHkntc0+jS6warj1I5baJD06v9l0WsPOlnTqM/bW7xq/cRn1uZoQXIUWMcKEFUytIX2FMmmgE5tdYuv2e4ZAFmzWpbuXN3G3vq/BE9rnEzPaQY73BT4=
Received: from BY1PR0501CA0032.namprd05.prod.outlook.com (10.162.139.42) by MWHPR05MB2911.namprd05.prod.outlook.com (10.168.245.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1084.7; Wed, 10 May 2017 16:57:33 +0000
Received: from DM3NAM05FT034.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e51::203) by BY1PR0501CA0032.outlook.office365.com (2a01:111:e400:4821::42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1101.5 via Frontend Transport; Wed, 10 May 2017 16:57:33 +0000
Authentication-Results: spf=softfail (sender IP is 66.129.239.12) smtp.mailfrom=juniper.net; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=fail action=none header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender)
Received: from p-emfe01a-sac.jnpr.net (66.129.239.12) by DM3NAM05FT034.mail.protection.outlook.com (10.152.98.146) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256) id 15.1.1075.12 via Frontend Transport; Wed, 10 May 2017 16:57:32 +0000
Received: from p-mailhub01.juniper.net (10.160.2.17) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Wed, 10 May 2017 09:57:26 -0700
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id v4AGvQJM029327; Wed, 10 May 2017 09:57:26 -0700 (envelope-from mdb@juniper.net)
Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id 2E0EF11513; Wed, 10 May 2017 09:57:26 -0700 (PDT)
To: Eric Rescorla <ekr@rtfm.com>
CC: "ietf-ssh@NetBSD.org" <ietf-ssh@netbsd.org>, "curdle@ietf.org" <curdle@ietf.org>
Subject: Re: ssh-ed25519 implementations
In-Reply-To: <CABcZeBNYUV=-azoZzZjnNtCEu3K0A-THHN2mt02V65oihbbrXw@mail.gmail.com>
References: <76FD0F39-1F3D-4476-A3D8-D4C942C2EFD1@juniper.net> <CABcZeBNYUV=-azoZzZjnNtCEu3K0A-THHN2mt02V65oihbbrXw@mail.gmail.com>
Comments: In-reply-to: Eric Rescorla <ekr@rtfm.com> message dated "Wed, 10 May 2017 09:20:37 -0700."
From: "Mark D. Baushke" <mdb@juniper.net>
Date: Wed, 10 May 2017 09:57:26 -0700
Message-ID: <46168.1494435446@eng-mail01.juniper.net>
MIME-Version: 1.0
Content-Type: text/plain
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:66.129.239.12; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(39410400002)(39850400002)(39400400002)(39450400003)(39840400002)(39860400002)(2980300002)(199003)(189002)(377454003)(24454002)(9170700003)(2810700001)(229853002)(81166006)(8676002)(7126002)(7696004)(53546009)(77096006)(86362001)(2906002)(5003940100001)(8936002)(5660300001)(7846003)(6916009)(2950100002)(50986999)(345774005)(189998001)(48376002)(50466002)(53936002)(53416004)(55016002)(105596002)(356003)(478600001)(117636001)(76506005)(47776003)(6306002)(6266002)(54356999)(54906002)(4326008)(110136004)(38730400002)(106466001)(305945005)(76176999)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR05MB2911; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; MLV:sfv; A:1; MX:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; DM3NAM05FT034; 1:fLc6js7/Z9FzTN68CzzD8Oz5PemvvkZ6rsvbqckoYcaRGiGGO3GDT/rwEm4aDjatzM6mrxOPF262ftB6nixmdEVVSgf76tYdQx1XoBxlk6uuRnlhqp3wjojiqRtqZCz36Vk8zTCcG7rV3vitsonn6aupg4aAyUGGxb5A8KcCL4/wEe0rXkE47UnnVKktnG4x61eqypSCqt8A6rIPyvxMQBRy6HjhxELV3nQpnHldXmjHwRTykvVIJK+H/VjkMvLIehhGfplDgy0Ky8vdsS0VlFoakOVGHQAAfGLmx4EirMYljDzd5fLgF5p9DGZluHG5tKNBCrkdLXzrPIV19y2YigSu+uK8Kc9zik9oYtZxSG4NyBLsMkoLOSl0QV3TCM+MioiYovRFyNuDq1RoEIxGUUdVZ3zpRTbMFQXHyOwaY5u0LKvvf7F5Ck1g4vpINE1oAKl3XFx1pD1hhGl/x9pYwBs5HtmtCSBtPwg3nbnLbmD7VxzIHQSMOZaSyvjP459kHinL/dMHXI6VhAVFwHLj5EwSYoZPWn7RDBWBFpV+/gcud71UoyTzB2yU93fnVLkRnvNtYyBW1zsoZLFygXW0BYyh5j2kR0L93Mzlqd9VSj0=
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: a4e02a59-14ac-4df3-fcba-08d497c5a6fa
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081)(201702281549075); SRVR:MWHPR05MB2911;
X-Microsoft-Exchange-Diagnostics: 1; MWHPR05MB2911; 3:Zrm7UG1Vdp/e3kSzOXPYecddbl6pWk5G2XCYNOqdFnxQINFw5EQK2Dt01OgPi3Dvfn0es6jy5LyHpMS0nAH1+FH0Is2R5vJt8L4hkMm676gXdhjXGHGzqdybG1dN+VQeYJjAcZ5V/apuzmTQh9GfBomiTnzv2zfpOMZP2tx+3JmIFA14Y015P+z11I8eBFMh+hj/UVt9PSPj3EuDniqVoVjrd+L0FtEbDLyJirlCOc/IazIrpGyuWuK7KPyc4KqC6BkW46PT1g7CyDgcsq40ogPRRgCWplh+LrK2ZkxqYh6hZZwa5zFlaPrOeISI0qJCHPImkcWKt8aL92+hw01eUawUqgNNCag+dTMPAdlNznMU4YNGOg1Ktsv7zPP/684K2NVBhbC96RCzLruhqMMw7ID72FTkyeUWEGj8OWc6xBb9iSueoD4HxHVEcHwrG5dcqEF9BBfodVDwRqFbboJyx19VUEDZrzb3Rnz0Td7fBSPQelmWbTyTCNDsbFNSNTve
X-Microsoft-Exchange-Diagnostics: 1; MWHPR05MB2911; 25:x0tfS421EZmzkCCi7SDA57v5BumqTxZ3lzlqo375UF/DoumszhkaSgjzbeE/85PXq5ae3uEK3I7a5P3xZ2TzgoBvr4fUmiAS/yfIyLVbW6uy/M4hEwU6QC00rI2PwCk9Aprc6MvgjnYZsTY84xzBjmgM2bUxdSow9Y+PDyPdcRwWR3yeEOVXhYPsLEdk6O5QTXdHM0zUY5X4KaZUbw1fML7GW/S1OVPBQR5sHBFB9YRMYh8GLBxwc9Wx6ZmnTJf8iULg2U1b4FGM5ipyqKBISkExyVsQjiq8YBMD+iUZx7HMiiA8o7CL2/YDLNSz3VkbVchI13qdaDiA3rijhjbSrWAx4aLTOcSyEKxhfdb8uuPqIY+DMVWH6EocRcEdNPOOePnut3AcVQfDb5Je0/u3jR0x5NGac6B1tvXDcgWld8yiZz/sLhVFGKd7bHwoiew2LqnCyd+TxMs2cag/GxZ9mudo0sAnl7Ytb1zPHkAK3mQ=; 31:9rOzBfe5m89zTnK+wxkagUDH02mvpPMikf233V5Nu2UX23Ue6kqk5tBLWUoQ9v1HjzgXUmaUSDtIe0jkrx/ZCxNS9P6LqNxd+HBtdWiwk7g857ZQsfgybcjk4oyHh/CbV1LamWkpirNkPm8QvoNCl/T5WQHgk6SouTdghphDlDB/QJ7b9SKVyjvhfXdSeeSMOegHEVoH/TvI/H22YqtUxa3fcLBcpgi9MVOy0PDZ2cMHTLn1k1S+x/FRdtueoMT0xla2AEV3aAbCQjEF3n1M2oOk3hafJhzSN7nnKELQVrU=
X-Microsoft-Exchange-Diagnostics: 1; MWHPR05MB2911; 20:Yt2128DOb+Vo/NxYujn6RN3A2Qwvdu1ECS83S4YYqEIQueBarOwsAU0Qnmds551fSegVC391aPMVhWzusc7C3bwDVn0DiLXMmsEbMg/xkJ9QsnlU+2hQH8CVX8cw+KJJXr+4ETthVXWWFg4gRPjojfYxQsw/ylZcPhA83EoBwgxHuMQ1IuQYUtFXTDM70EWnUve9cD3tZQ537Kjl3huiYhp7KfPkiMtcN1oE71D/4Ta/V7oal170WjjuwHz9C8+b80GKPXaOCpCRQe+7Zpg/7Kpu230vZVkw623uzMLWuSCY+FrxLst+SHJzxEn+0hqvs0W+4GG96Dqm+OZ6crDRqjXSfitZw6OfGtEdge3nJ5+ZCEisyWqm53v487PVonOOWmdTDbQurL9mqfNUFQQWz4mi4K/t0NFWVIiel/pg4N5NiNVTq78g42YpnF/tHjdfS1SP4XxpuuvPSDj6xUrDOhybBXH8FAreByNMRcjBf72AHGDJxmG1KwFf0d7b3jMI
X-Microsoft-Antispam-PRVS: <MWHPR05MB2911FACC451363C0C147077BBFEC0@MWHPR05MB2911.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(138986009662008)(100405760836317);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(5005006)(13017025)(13015025)(13024025)(8121501046)(13023025)(13018025)(93006095)(93003095)(3002001)(10201501046)(6055026)(6041248)(20161123555025)(20161123560025)(20161123564025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(6072148); SRVR:MWHPR05MB2911; BCL:0; PCL:0; RULEID:; SRVR:MWHPR05MB2911;
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; MWHPR05MB2911; 4:zgJd3k+Q4J5fHuG2/p1EKqokrEFqwIxwrJ4Xpvravj?= =?us-ascii?Q?5U70Hpkb90tEkUwPFIJw3ECr/8DKrC+Yht8p4hguScjqopXr1wOpQ4Az5w2u?= =?us-ascii?Q?cvd8jPVc4sq1YzzT3ZFPy/GVSBMdSHx340LGkyM5ZoqALEsc/zXMIPmQ75M3?= =?us-ascii?Q?42Yk2H9xOFvBDEgIVhtGvQzJEE79pEdO5WrGcTgBA5sUfQiUDS1z/w4FRSUe?= =?us-ascii?Q?+Y+pJP75WVWsrZDXnGMcVq3s14tdRBIoXk2xkJPXHH9ReYFzQcQGmHRgjQbZ?= =?us-ascii?Q?ba4TXYryj/Qhu0/rxGHNlfG4wQe+hsSeLQ98H74Kn78vMFlBIL9oPgkqufFz?= =?us-ascii?Q?VNrDzQzmcgyas8AyeajV1abmgCeL9/EWV8P7wxNhnJ3GMGRfDW0bgs7PbmEv?= =?us-ascii?Q?WAZlCy3eCCUaY5BQ3jlpWfguCj0uL5xl12+QCXj9Le4kXXATaDBIQ1aFV2Wd?= =?us-ascii?Q?WY2jLFfiB6kEhPI0cPK08+0Tq4ssAiGHMs+hKo5JSHVp+mZBN55ieTk5F6gw?= =?us-ascii?Q?1OzdlpVPYiSAgHnLz3avVVPUF8uMLPehTrtJxmIEqF53EIejmAmO/kiPG5D3?= =?us-ascii?Q?Kv+s/umYjCYwOrjdd+K+4iuXmJv1GD4beDFZ9bTlGSrdOwO5oxh0rBpeVbG1?= =?us-ascii?Q?pUSRUvuuCmqAKTAILtmH2Cay5l8yVpJ2r9EhMG1PfV2Krs+OSTGQ6SdkbElh?= =?us-ascii?Q?uWW8/jqQ1dZj2jqu77fW1wudtd1goV9JUQ9xmth0xdCcaL2yOVUmYi5XnvuE?= =?us-ascii?Q?Uaajq8QoEFMUXWfJ3ZdztX5YT4jBZ77zABOn9yPLLcyR9R20RY+RmxXvvIcU?= =?us-ascii?Q?/cGaZUjhLKQNOpwOj7wkiTVcOoHD4cJTsueuk1LBImqEFOBwKK0633f93mGp?= =?us-ascii?Q?eXZDfTg2XKa2FJAmF4vqY9EHXTk7b7un6texMV1cHYSsjpuuLNSlLNuowOP3?= =?us-ascii?Q?/yYjpeQPF2FuS9qsU7VeSBVjWTJZEwtzKRSVUM1N2sbdHYcNybDO7jzOzhlJ?= =?us-ascii?Q?M=3D?=
X-Forefront-PRVS: 03030B9493
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; MWHPR05MB2911; 23:GTZv/7sjGUWPb+5fw7niVGGO/J9tbwjjktCNBIC9C?= =?us-ascii?Q?0W8j3H6jD8ghf3h+6uINF/w1IHKd2U6IXQ1MqwTANyUTRQm4utXQwyRIeVYP?= =?us-ascii?Q?lUX7APpVNW9lnlVd6tvxZqMdXirjBvzhD5IReIkZfsmUCiyj1T4i+yeCeoUJ?= =?us-ascii?Q?UHmE47mglOFxQLnAFlgQZ7A/MddKOdrpFmZrpwfQthCGO3tdx+ykGAAXA4bI?= =?us-ascii?Q?aW9zmrpdZhCtc675HLJSnNMEJ0TyG/OTATIBi4UvkgAMMGBvqVawT2BnFA2K?= =?us-ascii?Q?eMoAQjGLtEPsN2fOx0sNIbZuIkuCgw/tHypo4NaQqFm1g97Lz9yIl5qGxzPh?= =?us-ascii?Q?fzOWuH2LiCsudUgns0CilGG+jfWjsRj7kpm2aM2hVjcKlqrJ8O2Fhhrc59oC?= =?us-ascii?Q?1czposVUlNcij2JrICwNJVq7nO8FbotRLMPujV8r8MqUIET6pp5a5C6ujN4j?= =?us-ascii?Q?9+EjOCvn5eKykvS+eNuarV8MM4TRJv2QUa2O14qy77sMl5U08SoAfqgk/tYc?= =?us-ascii?Q?5N+jQhZjfprCqSftYQbgPInsbJSQRVQJ+4VESTPIOdnLcFVUztkQoiYb/u81?= =?us-ascii?Q?vY7DdIiMY2/CZg9CJGtugzdem9qCGco4rRmBlByxnUZEQOHOb223ochasDW+?= =?us-ascii?Q?5jkmKDIDwiaDRlk+gHbIfIPMUNMuoo9YzFsEj3ETJH5ts+63KhR857q7D9JQ?= =?us-ascii?Q?Cpbn04lpKmhtRLYEOg3hRRWZQqCNgbwi7fdDv0o8sKc4rj14xJtE4PvG31/5?= =?us-ascii?Q?6UeVJhfsmql2iQd0AqBBWDMZowO/B+z6uvTIyT/NxIEXJeSSy1+K5G+uL+mF?= =?us-ascii?Q?XTBwvpqHdPU/MwZ7BQMQHjYMHMbHx6s1Lg8LGm7f8UqFry3APYRvJBTjIIKa?= =?us-ascii?Q?Gup/hMZG9lM+njMUUTwyt0P4y88OwfxUSDLXWtYt2p+RDr4/+jkowXe6R+NG?= =?us-ascii?Q?lCoN6z9yIypi3pyHy7XdIX+gZlf1ShsrYVRDamj4yLeES0rDL5erHnXCzn1/?= =?us-ascii?Q?D1K63ulKUVqDVDDq8j/le2/2/a+R9xDTrzTKGhYp+PO1ZkkB4g/hjskzjWgK?= =?us-ascii?Q?4BP88EaAhj1bO0/rJqr3RzetSDgK/q6jKkmZ0qzqjB5BgAloD2kfhezUFzec?= =?us-ascii?Q?jJkdjJ2d0cQwAiwyZqAOZiHzouPp6yzgALQHx/+QPe1G1qUoyJ8VtJ+zWYfr?= =?us-ascii?Q?VTty4qi6iwuXEaFZTigVV4U1kuJJIZurVuKCwQtHMnOIuJWM+qKkpRxD3GYb?= =?us-ascii?Q?4mI2JMqR8GGYPiWSTHyoK6ky4Ruul2UJcx8ogGbBsdz7M6Zx+Vm+keBpPsfo?= =?us-ascii?Q?qd7n6VhJeE6OT1gWqMWjcT3OM0DwrHSMD+MMf9XCkYf?=
X-Microsoft-Exchange-Diagnostics: 1; MWHPR05MB2911; 6:dq+wNX8gyETl/bfbqgkS0k5BxP5k9thPm6MApkngntQUg4/uI39B87Gkj3trCiQAJpTPjw7EZu+i3lD+Iq0M1SZASpbgI3nUgxv+99ffP+/aZ9gUkO1sP9hfI5gOGoZb3TUg+Q/X/cWvER9RjF6v+FJlGpMKPfEs438/xy5ZmxKNS6beDRxplJzsoDIRbyVYltbTF4+gbGyhnNQHZ0jnTCG6zl6ZyBbZZ+vFm3LqmJmiwWk44h1VEtHNiB3n9kA6V1mya0uFbDTTtAlpI37gUA3Wlb9KTBk9+KGqoFPyP0Bt76SFmuFFAUpZjYU64JfHlPz9iYae8agafyav3aiIeFjvVoiuNlvi3UtIc0EpxEL7GmdozX1mNNLI9j32Y+aiv0M0GDBI0LwZ3oDg7wmoAG86j00Cn/yFyXQiyCPjTvdMjtMgRlz7+T56BsQPu/sOSwsfo5lLR7Iw3UeMXXarZMBi7kzLVYRd2sHDIKnpvuQ7iUoQxVZMf62iDywGigtDp9IfH5E9fXt76rStpvGwr47niqDUBwW01o2yYWDz67A=; 5:B/zK53qa5dnjIbMT569poA0CvLHkk5QxZdxfzmezbc9ah6fqTSjtIyVXfvNrBSxWH5fOnERq70rM7QxQrvinYr6UDEcr019ES8T92DHiajyfpauD4r76cgkbPuwRGrGWIf24xxBHsm80W3bkNXOFjA==; 24:gdRC41hFq/SvGRprBDO9mkz1qbqcf22jv3V3WtR5ZUE7F/alQLl+IBotcDHpsmU42mrb086624OkzLjDckYrcZ3LoMpxuTQVf8azpcdVdQQ=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; MWHPR05MB2911; 7:Fv6XPXdKSwKjeI0fu5Mr1JzviJrEx6giNSafrLuCuNkyxE/Ns2EO2CogcoctVMoGhjcjJFMBEET+FHyTZgE6k30caVZ5zVP2Rmkt0iFvfUcUqYCTRJuNaw4paGvTjWH5VxrPuhQamZffikbf5DvEwFpbly3RKKVxUgq6hVz7wGDsBhKZCW6F4W1w+0zaSvzoeJvOPgTVysXJX2wdaPkZpfufoMoee5KKdk9kN/oGzxHpYqvqdB0jiMql6ebPxpbqYGVwJtr1PQ63Mvn2JKn4OFjhHtU5Uhqa3zBYCnXPAc3y+YCFqhm0QvojfFu2mcHa0WjD2qaIULdiZjN4CG4exA==
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 May 2017 16:57:32.8537 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[p-emfe01a-sac.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR05MB2911
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20ietf-ssh&body=unsubscribe%20ietf-ssh>

Eric Rescorla <ekr@rtfm.com> writes:

> On Wed, May 10, 2017 at 9:18 AM, Mark Baushke <mdb@juniper.net> wrote:
> 
> > Hi,
> >
> > Eric Rescorla <ekr@rtfm.com> has brought to my attention that in
> > https://tools.ietf.org/html/draft-ietf-curdle-ssh-curves-04 it is
> > currently specifying the SSH encoding of secrets on the wire using the
> > mpint process as described in section 5 of [RFC4251] while RFC 7748
> > describes using a little-endian format:
> >
> >   GF(2^448 - 2^224 - 1) and are encoded as an array of bytes, u,
> >   in little-endian order such that u[0] + 256*u[1] + 256^2*u[2] + ... +
> >
> > This seems to be what is being implemeneted for
> > curve25519-sha256@libssh.org, so I should make
> > an explicit note of this in the draft.
> >
> 
> Thanks. To be clear, I'm not saying this is the wrong thing in the draft
> (though I do think it's kind of an unfortunate outcome). I just think it's
> critically important to be clear.

Thank you for the clarification. I agree it is unfortunate.

> > However, I am unaware of any curve448-sha512 implementations at
> > present and would like consensus that it should also follow the mpint
> > method rather than the RFC 7748 method.
> >
> 
> I tend to think the 7748 method, but all the options are pretty terrible
> here

I am agnostic on the best way to deal with curve448 for SSH.
I agree all options are unlpleasant.

RFC 8032 vs implementations for ssh-ed25519 will have the same issue.

So, if https://tools.ietf.org/html/draft-ietf-curdle-ssh-ed25519
is updated to point to RFC 8032, it will likely need to worry about
the mpint vs little-endian encoding issue as well. :-(

	-- Mark