Re: ssh-ed25519 implementations
Eric Rescorla <ekr@rtfm.com> Thu, 11 May 2017 05:21 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8908127444 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Wed, 10 May 2017 22:21:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.09
X-Spam-Level:
X-Spam-Status: No, score=-4.09 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (body has been altered)" header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Iuuo8LNyITcR for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Wed, 10 May 2017 22:21:20 -0700 (PDT)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:470:a085:999::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9031E126C2F for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Wed, 10 May 2017 22:21:20 -0700 (PDT)
Received: by mail.netbsd.org (Postfix, from userid 605) id 48320855B0; Thu, 11 May 2017 05:21:20 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: by mail.netbsd.org (Postfix, from userid 1347) id E5636855AA; Thu, 11 May 2017 05:21:19 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 9DCAA84DA8 for <ietf-ssh@netbsd.org>; Wed, 10 May 2017 16:21:19 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id fIhzGWLCe3VT for <ietf-ssh@netbsd.org>; Wed, 10 May 2017 16:21:19 +0000 (UTC)
Received: from mail-yb0-x22c.google.com (mail-yb0-x22c.google.com [IPv6:2607:f8b0:4002:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id E038B84CDB for <ietf-ssh@netbsd.org>; Wed, 10 May 2017 16:21:18 +0000 (UTC)
Received: by mail-yb0-x22c.google.com with SMTP id j17so198514ybj.0 for <ietf-ssh@netbsd.org>; Wed, 10 May 2017 09:21:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=v5q25DHV0VtWSwMMM3z71duY/zhjrRsrpeNjuvpEKHU=; b=hQqf7Ns4qcUDjC+y9g42+obT1yRyTHGMZAM8hmf2UzbxJQvfb/QG6tRf3xJGW55fda u2k6TpQY/N1E5HwUDU7iZnr+nt4jvBCi8OCvsiVMrjJMsZJXaCKWD9csi9i6DNG7o18h iLMkr+haiTDPlXQkNyrdIEpatK6B6Vvxi96K7pEqFIpOK+uWOJL5VjQ+nCfAvUhXP4zX KjwZ7VRihtDzZITHf8UuGFk0G60n17nUckvagfIamCDu9iLRba0GcC03SwWGcd9F+nko JE4Muh3MktRUZsPCI3MyscPA6nuyMxKL30WJSyOO3KFEOOriZ8kjVQjcHDn2+FJRTwWc OTmg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=v5q25DHV0VtWSwMMM3z71duY/zhjrRsrpeNjuvpEKHU=; b=n6hYxR4eOINeGvSE4rE/a2UPNBol78Y/+Ph5vNszl9Ae1dO8yz4FsA6lScFhJ5UfJx oSdy/cRbsbw5+OzCtRvpRLaFNH7cRMYtFrk0erAZPYZ6K3W+p1x+fGaNXwA7RDogOw8j FY6S7G5iWZfuZdLoO4AoQg1UUbg5oBan/aiVw/JshEdCtrYLnuGVDd6qOEFZt4pVIqTK MA8GGmhDnPCkeYL/jufbiDYwKGN4p7/zQbE2/Ez6sx9mjnCb4l2EMdR0SxvPCjnxQX07 6gxX6Q+cc8fKDhjMDPy6LgLm8f28/OMarJYY9py1nQEnR13ElVVcdKyRi7jGCds6rlc7 bSfQ==
X-Gm-Message-State: AODbwcCob+LuTsXjQvGdxza+MbnRFhgCkwAEMSQfYZ4wzeyYd6ioPD7Y 1gXKPjEFDSbHHi96jWDHrPtnIHo0uUbM
X-Received: by 10.37.218.145 with SMTP id n139mr5487597ybf.117.1494433277914; Wed, 10 May 2017 09:21:17 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.131.150 with HTTP; Wed, 10 May 2017 09:20:37 -0700 (PDT)
In-Reply-To: <76FD0F39-1F3D-4476-A3D8-D4C942C2EFD1@juniper.net>
References: <76FD0F39-1F3D-4476-A3D8-D4C942C2EFD1@juniper.net>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 10 May 2017 09:20:37 -0700
Message-ID: <CABcZeBNYUV=-azoZzZjnNtCEu3K0A-THHN2mt02V65oihbbrXw@mail.gmail.com>
Subject: Re: ssh-ed25519 implementations
To: Mark Baushke <mdb@juniper.net>
Cc: "ietf-ssh@NetBSD.org" <ietf-ssh@netbsd.org>, "curdle@ietf.org" <curdle@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c07e820abd3f4054f2ddcac"
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20ietf-ssh&body=unsubscribe%20ietf-ssh>
On Wed, May 10, 2017 at 9:18 AM, Mark Baushke <mdb@juniper.net> wrote: > Hi, > > Eric Rescorla <ekr@rtfm.com> has brought to my attention that in > https://tools.ietf.org/html/draft-ietf-curdle-ssh-curves-04 it is > currently specifying the SSH encoding of secrets on the wire using the > mpint process as described in section 5 of [RFC4251] while RFC 7748 > describes using a little-endian format: > > GF(2^448 - 2^224 - 1) and are encoded as an array of bytes, u, > in little-endian order such that u[0] + 256*u[1] + 256^2*u[2] + ... + > > This seems to be what is being implemeneted for > curve25519-sha256@libssh.org, so I should make > an explicit note of this in the draft. > Thanks. To be clear, I'm not saying this is the wrong thing in the draft (though I do think it's kind of an unfortunate outcome). I just think it's critically important to be clear. > > However, I am unaware of any curve448-sha512 implementations at > present and would like consensus that it should also follow the mpint > method rather than the RFC 7748 method. > I tend to think the 7748 method, but all the options are pretty terrible here -Ekr > > Please reply to curdle@ietf.org with your opinions. > > Thank you, > -- Mark > >
- ssh-ed25519 implementations Mark Baushke
- Re: ssh-ed25519 implementations Mark D. Baushke
- Re: ssh-ed25519 implementations Eric Rescorla
- Re: ssh-ed25519 implementations Ron Frederick
- Re: ssh-ed25519 implementations Mark D. Baushke
- Re: [Curdle] ssh-ed25519 implementations Mark D. Baushke
- RE: ssh-ed25519 implementations Daniel Migault
- Re: [Curdle] ssh-ed25519 implementations Stefan Bühler
- Re: ssh-ed25519 implementations Ron Frederick
- Re: ssh-ed25519 implementations Mark D. Baushke
- Re: ssh-ed25519 implementations Ron Frederick
- Re: ssh-ed25519 implementations Mark D. Baushke
- Re: ssh-ed25519 implementations Ron Frederick