Re: ssh-ed25519 implementations
"Mark D. Baushke" <mdb@juniper.net> Sat, 13 May 2017 14:53 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9511129AE9 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sat, 13 May 2017 07:53:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.091
X-Spam-Level:
X-Spam-Status: No, score=-4.091 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RQbs7Csd1c3G for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sat, 13 May 2017 07:53:19 -0700 (PDT)
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E7BE129B98 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Sat, 13 May 2017 07:51:21 -0700 (PDT)
Received: by mail.netbsd.org (Postfix, from userid 605) id B8A70855BD; Sat, 13 May 2017 14:51:18 +0000 (UTC)
Delivered-To: ietf-ssh@NetBSD.org
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 1B5C084DE2 for <ietf-ssh@NetBSD.org>; Sat, 13 May 2017 14:51:13 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (1024-bit key) header.d=juniper.net
Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id T29s9i8mTRAX for <ietf-ssh@netbsd.org>; Sat, 13 May 2017 14:51:12 +0000 (UTC)
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0706.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe40::706]) by mail.netbsd.org (Postfix) with ESMTP id 15DC084CFB for <ietf-ssh@NetBSD.org>; Sat, 13 May 2017 14:51:09 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=9Nt4s5OKzzwQ71fR8G+9+q2tRSH9P0ZPmcF3bBDgeAg=; b=I27Yhj5XxadSpJPzTBLY+ARRpsc+PvocwK4JvtCEgEIt7I5ayLdSI+urhiYfRLEKd9h3kH/9xmblRgtFJj5a39Fq/uKZ+1mCapY0pPzQxY9iG6J1yQDIsIqhJOZDu86flrG3Oa1hvpBcRQG/GOubJioUQcMpIPdmW8Wbaz1Y/4s=
Received: from CO2PR05CA026.namprd05.prod.outlook.com (10.141.241.154) by BY1PR0501MB1303.namprd05.prod.outlook.com (10.160.200.152) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1084.7; Sat, 13 May 2017 14:51:07 +0000
Received: from DM3NAM05FT063.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e51::201) by CO2PR05CA026.outlook.office365.com (2a01:111:e400:1429::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1101.5 via Frontend Transport; Sat, 13 May 2017 14:51:06 +0000
Authentication-Results: spf=softfail (sender IP is 66.129.239.12) smtp.mailfrom=juniper.net; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=fail action=none header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender)
Received: from p-emfe01a-sac.jnpr.net (66.129.239.12) by DM3NAM05FT063.mail.protection.outlook.com (10.152.98.182) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256) id 15.1.1075.12 via Frontend Transport; Sat, 13 May 2017 14:51:06 +0000
Received: from p-mailhub01.juniper.net (10.160.2.17) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Sat, 13 May 2017 07:51:05 -0700
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id v4DEp3rP013222; Sat, 13 May 2017 07:51:03 -0700 (envelope-from mdb@juniper.net)
Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id CFEA51145A; Sat, 13 May 2017 07:51:02 -0700 (PDT)
To: Ron Frederick <ronf@timeheart.net>
CC: Eric Rescorla <ekr@rtfm.com>, Brian Smith <brian@briansmith.org>, denis bider <denisbider.ietf@gmail.com>, Simon Tatham <anakin@pobox.com>, "ietf-ssh@NetBSD.org" <ietf-ssh@NetBSD.org>, "curdle@ietf.org" <curdle@ietf.org>
Subject: Re: ssh-ed25519 implementations
In-Reply-To: <336063E0-135F-4A75-94E4-71540669E21A@timeheart.net>
References: <76FD0F39-1F3D-4476-A3D8-D4C942C2EFD1@juniper.net> <CABcZeBNYUV=-azoZzZjnNtCEu3K0A-THHN2mt02V65oihbbrXw@mail.gmail.com> <36528.1494509552@eng-mail01.juniper.net> <6047C877-67DE-404F-8FBD-5B2C19D16EA6@timeheart.net> <1139.1494566512@eng-mail01.juniper.net> <336063E0-135F-4A75-94E4-71540669E21A@timeheart.net>
Comments: In-reply-to: Ron Frederick <ronf@timeheart.net> message dated "Fri, 12 May 2017 22:24:09 -0700."
From: "Mark D. Baushke" <mdb@juniper.net>
Date: Sat, 13 May 2017 07:51:02 -0700
Message-ID: <74670.1494687062@eng-mail01.juniper.net>
MIME-Version: 1.0
Content-Type: text/plain
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:66.129.239.12; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(39410400002)(39860400002)(39450400003)(39850400002)(39400400002)(39840400002)(2980300002)(377424004)(189002)(199003)(9170700003)(54906002)(86362001)(48376002)(39060400002)(8676002)(6266002)(5003940100001)(305945005)(106466001)(55016002)(76176999)(356003)(189998001)(7126002)(5660300001)(8656002)(81166006)(50466002)(76506005)(2810700001)(7846003)(50986999)(6392003)(53416004)(105596002)(4326008)(93886004)(2950100002)(6246003)(117636001)(54356999)(47776003)(77096006)(478600001)(6916009)(97736004)(110136004)(7696004)(2906002)(53936002)(38730400002)(229853002)(8936002)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY1PR0501MB1303; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; MLV:ovrnspm; MX:1; A:1; PTR:InfoDomainNonexistent; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; DM3NAM05FT063; 1:kK19z7hpP2CdR7cyrLI/gaS/Fqq1IBoedKLbbQJdgdu5VYSFMigv439MaKfuY8WL6HCVoN1FM7qXYoU9lTS5trwcXvrX8c3uqT21qoJC6a0NH7gGSsxtL2Xrx2lQDG5JDDy26k4syPpGdICEHzTDBfhMds7fnzyKiOsFx9pogR9KwbKFCfXLn+SyS6FIuO5/TeQdTrqwxmJLhCBmrxEOAqmO8euYgpXERSL24iiV01YZzNAGQgZx4bCyCkT8ukLkjUG8qdZvK6DvImx/V9C7Bs96ZFDPcTZtC9bJP1yLCzjl5qfECJFOi6yJCHCXA6WzkdIJwJB/1F/t1KF0CsBEs8Z1A/vfe/fZOWSw5TO3gC1KYCBcL3REbG06083N1Zppx5J7VpeXWOqcbUp974wQXWs1B+QJWpMAAUod0t8/z68bK3cyRTYwlj28bJVT/lO1FlyTN6QQ3V4UbPvXGAG2oxWNB7iNF/1JETJHIkAWoHbxQRs+oVibq/0OG988g7CJe1E0psF3Mg6QsBgNTrSrLBZRbOQFOf2VOt6wqZuNsS1F8RKOPrDUNeMEDH7H+hA7p1esW5DRVA9BZwoolc7uFIQCTLrjPah2v+hQ14S4E8uuh38in2pUW7yJqfj7yCOH
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 0d5f404b-5b89-41b1-84c3-08d49a0f7c45
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081); SRVR:BY1PR0501MB1303;
X-Microsoft-Exchange-Diagnostics: 1; BY1PR0501MB1303; 3:JlhY8ih6LLGTxXxEZOF6jyKr/1/SuzS5LltERA/MqfRkeCV9IB1s1ztzOtTS9k3EvwYH5Bn46Un1y3k9HB4pV4UbIcEru0ZrRXlvF3iIaMfxynvpjuU4pTdNHUPV5Sn3rVIYsHQSYGQ8WFzMVHS7VSBGsgPQ8kkwqYYFVQeIijqvBGvJrv2rDDmyeDzfumb/ba1q5Z2bngZtUZCzOyK668KbEolKN/q2e8qYhh8DxXrANR0+WmzgoUwx9746/tdEYUYNKmfdi/QZ0SI0KaqnodHJI+RTEP3n0vw1dAIZ2pDl6abxaZA0cP+Zs/KDvAXafPEhPlw3JVR6/gQXxmgBd+P1eSsKv9lP0ZS3fLWK23GPFLVFXdpM88H6OrFQKPJH4kuYLqZ2OcpITw5U5Imc8EsZZPDUjPh/4mek2CHyJvDp7GZgG8/U9XyvAXI2OePaDS3yJv4SxhzfNMOEEy0fGw==
X-Microsoft-Exchange-Diagnostics: 1; BY1PR0501MB1303; 25:76oreod78rHMAlhf2PiS6rS6/PLHgNnE2B2l8utDbostEfCWiBIeGGOg0JqW2yZYaSwmJ/+8FvHn0YBGzcWZ0+TpI4xul4cd5n7AMp/m6sLMx4FfZGmrk1v/upFjwfwBQ0V2JPkTjDkAvUAQqXlZTgcB9ZFfdcEex6zabawDhnm3YCsCJkl1F4A7flee5DqS/U3/MuQgVmXXpMO9VbhBa40Ev+h4DRFt736tgVglWXaNrWhAA48ts3HvsbcUNnEie2p2JIMhiBMall5povMHKnaIokvCDSHRrTSVWls0XiZB1PxugRUIggPrTH2l2xr07/rWsNotBmLVPZOVppayiazKG7kUPxkNGAUnhrHr/+ve5ePNFu44LLFsLixrD4pVE29dC+JuQZPdddCQ+fAwtiNkob/msmz6wD8fdTibeoBpl2utJ0qAQPjYQVhNmw4E6nWnI0O7uD88LN2P0JZa16eor7aOQTiHu5cnLea0ys0=; 31:vkQrD+PZH9T08+YcUDm4ZytlcruhV5gxt+RT8hk+3WoOSe81xePzkKFVQUNQ2M6VUq76rLrB64obuiNXi1ceF1yD9bbkhUz6S4m+MaCKSuZ3R+JujlvpWZ2LfEduoNvwsfpmIhMdMwHM51QQqaEqaipwgEypK9mTiuliJyqYi+xwwEUhC95kkP1jsOlrwg7jFt9B0zSYmBwPgLklm3uFWnW/dhbn9klluIkFoquXuhCwKlJJGqLNabkdqQqnN9X7zsZt2tnJi/Ky+Z5Te+DW0Q==
X-Microsoft-Exchange-Diagnostics: 1; BY1PR0501MB1303; 20:eL8ls26IRlrJCMtS1dGdNZZU+bmw8/4eD012PMq8Q9rLUVDWNXIsEBgciClsvr6aihPHrPsNoiq8NVWzY5YnByOIkxqDrqnzr6zRHryYM9btWfc50ckPEgqH7YxryRdTky83yVKgRE1xDUFyFAIa+hEgTMIDdWDzZasW7J/Hxf02qufA7wKtdEaYymc99ESVt2S1ERRwo0M2DUIz/SEe4jE9LPhoQpPqkQCfC9D9vR7WB0/U1YpTtFrJYz3mYmqWQH9ox9Z5sKrQXBKJUFpp2TgOP/up0694zlvaPHyUG1BM5myGWBrf3ar6rIBaCg/TGyrnIpykcj6qEMq4S4uuzJknuT5HaGg3nVIrznyqCPnwUI9Wg+hh9x8nS6b2B02qD5Swozkyd4hDplgzVnkiw+3ekgn0JAt0OE4RlU2wF9tvWHtJt7+9T7CzGMpQnz9K29IMiE1mCDMMCJKJ/owcMjmUSisI6WxKjUk5fmCh3Aiq2Z2pmA5Ht5qTY1ovlR3x
X-Microsoft-Antispam-PRVS: <BY1PR0501MB13030020C13A40CD71E9CF9ABFE30@BY1PR0501MB1303.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700036)(100105000095)(100000701036)(100105300095)(100000702036)(100105100095)(6040450)(601004)(2401047)(13023025)(13024025)(13018025)(5005006)(13017025)(8121501046)(13015025)(10201501046)(100000703036)(100105400095)(93006095)(93003095)(3002001)(6055026)(6041248)(20161123564025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(20161123562025)(6072148)(100000704036)(100105200095)(100000705036)(100105500095); SRVR:BY1PR0501MB1303; BCL:0; PCL:0; RULEID:(100000800036)(100110000095)(100000801036)(100110300095)(100000802036)(100110100095)(100000803036)(100110400095)(100000804036)(100110200095)(100000805036)(100110500095); SRVR:BY1PR0501MB1303;
X-Microsoft-Exchange-Diagnostics: 1; BY1PR0501MB1303; 4:I1gJWjc0uGm8iDtG6ehfxB82QmJ1wpU4vaJRKV7u4WFbUZHvyDoFB/ha4JlUZ9FA7m4qNm/NdrqLkhmliMuyadonhXRwVIO3HE5JJmWNZQY10NbwuqHGf7+Wio9dJy/g9m5eBX7sOnOZ8qVKl2BrfteuKYU+VpzEf4aNga+DmcCKeZRxOc7F1Vk2PR4FS6HN235zbfPTpwWQYKAYtO4wawlI9zNvz54gEpLXeSGSgVsHuSxLtwCyA4ZjO8yMxynF6bEA6pBEQJP1gmb1jTnxgw3CtBHWBq2ZfNJCwpWf8vORyOwSpMscGiLnw0sgJQrYICdjUUzcORDyrCmCxdMBvSYv0k940Ofwn4l1E57QIILgY4hoU8lDdbYPclBoVe2AHtTMSpbHPucmbVnXUX7NslpZhSz1r+wnbqeOFTcJIhdzV716FpdFiPGf7r+5De6if5JMb8IF4X2n5C0PCGpzBvjSCpHEQOd9OKtNeN6l4BcuTbjBDTiBZnmVp5M5xp/BQK+wM9Nlsth9YysjApRt1luJ9AeIwyX4qxkNtS3W1pds1hCinQTJmQFOoNg8C/n8/2DBaxKLYFzPWLAQNMk9zxDzN2ybjB84bfCO1gBfDw9nRsVcj6mpYDttabVmLWFHArAGh98CDZyKpYjM6vO7nGLvAldaFXZXBIujvNNu3u55qYuHTPlXHLd78beoWf+6CFoa5QhD6NSQwcVp6whpPZNKneR8cCmoeaRWzcgA/3tOfydVfBzerDvGwTGaPwOZkxqBEN480DO8moZAMp5oVc6yCm9abG6T3zM8c5lEplxWjJIxftw02KOiRCRjhKn9wHPs9SxCdKv12l8Rd9MpB9vSajyPIe3gN9+PzL6Uant3dEhUONVhChz4M6HqjSUwHDQn95deqX81Noa6wSZyFWIukM13meE0AfrFVp1rvIVzNNxuv8cUP34kjiR2PfDrSES895UDoaPDZOA/mXhHlAOMs47V+B2f/NlspDitfSjOAgUpyP+jy6LhdOimF7V7jIPG4lwh0DYJkFPtwlMzPILt0s7DOIUFto5pysFPOPGprn5YhQwtHHJllGIiDvi+KRlAY/R/xlaHPD53nJdJKSNhvGiCbW4Gr9WAKNLhS0CWjPfXBcdhOCTSso3yj8E9xWvVwGHvabJm8j7qloL97fKLl2OA5z4pCDKp0usoKgJxFzNKRTJx+RZFR1r39B/0kb3/jcVb6LzYBSkwQ+rrDICnaE0fUd+Oejo02tUXkWg=
X-Forefront-PRVS: 0306EE2ED4
X-Microsoft-Exchange-Diagnostics: 1; BY1PR0501MB1303; 23:rxPzcEyyZX08EgfqHgbpyOXHAhmN1pJV9KeTyCzp9ANKMTgFzgx13+NPO5HMFzkyTQAg11+COS13qvtYKjalzs9VcBMP1LTsfloLQ+a8VtfjPxDErND8sCUgUnZoIZP48MtK0iy9UcSItDAQIzyvXu8P443cGY2uPAU8K1Zpy4HvxCpEJMN7VMtKh40stFtymH+7C8nAalNDGh749KMHtlhEeoex33zO+FlR/QbUTr4C6IKFFvt6QT36B0flWigrlfyGYcoNvwmHH7vheXXTNEU5B7CXXKf+LEyFo0+I4+To6pbenm2+pe95ywpVeHnRNBBSLtP7JQNFQ0bWM+CE/sMQ22wP5cmoxOY8z8HGkG/6cna1ePliXXhCVryoa4Z2VfMTL4PmOtJbcFzFrs+PHnX5NJZkA1q0l7gxpaUif/wkF2zjWAk7exEV0BqVfWh9ZI7oHaouTikVkdUTqZVy1NoB3XOuFYq93VqxrF55hJcrR2IqxhcOVc5FOUAsVS37/MijTI1/If/3Dg7uQnlev7WRG55WOoy7mUvNqwiizv+RMaLhWM6Z4QQTzGXic1FpWc8f53SRmbsME9+1P80kdefKq+XX28B/HWd+wvLar0jZdPQ8a2TdGEMRZi3Xhbo6+hJhczcHwnLSCZqrxm+lhx3qLOycpqcBhgJteeAVTA6G7i1zHyi77tra2CqdJY4bwHCmounmXA/s0weRqO25CFIixqNAnDI2p2XgS6n6eQ5jc3e7AomuyIea2OfveOTsMlTtvi0L55eMrKU8hvKdljCQ9in/G4ZpCyeGvN+solV20XUm6r73kySfqdslpx8LmaxGVt9270Rcehi5Oj/Efz4aMsxKFKn4f13TFqgrhip2v7DPeH/uHJRMtQqJEH6lMsObAJ0yF0RMOvxogTo6V3YbE3Woi8zhr5BXNUy7sGxbf17YvsE0rZ1uvHIgk/jo95F64nRb4qBOxcdNyoR0CeTa2HTQbnkF97TOl2DnLkkEeO1beegOfhXJSjRfbKwP0uQ2UKWE5AkOk+o7QgTSN8tZoTq4vt4Fp8/8B0DcwEvEYfKx9TizQeb1Ki1/wmVyU023PGOlYaWJ+qq9jMHoixKpMaEFHhdkvKKHQVk+PvBWUvh7c8D+pgglr/CMaWFqJ2CHowMdfUQM15wr3itTP4pFgBtcBmzIUmrQ/zxX5hhd6tH4Cdhb/cxko8jqri3zybMA17PUXjQ4/+bnxDNEWpA2XwGJfXvnRK3XfNakl5cOv0ASk220Swx6EmeUsK4CD5yjJfx6kxqxkpHUT71W7ygMKdp9meaoYVNImOPUIvP8q67gbtU6B8DLMkcqu4t2nCcvBskIEsJwq7Ep4Cg6TAXe6RsBsP3toU7aL4CZJYU=
X-Microsoft-Exchange-Diagnostics: 1; BY1PR0501MB1303; 6:qDDTJzn5O7GYbcpRMdqFtIFeRqDSwrngdBlq/dG0oRhnZC9Ls+9JJuBdnDds50z4bbPCP+CfgtPIwdfZEjlpJJxZef2OeVEae1kNLeeoWM/9kupUqwfKdxW85V+Ywh6HFbDCoy8KV5mcTYltHImAN2HCPwrtQNDM5J6IqYSBVHw7XaWMxdODTMwPl/I/jyhupgqoKJB4j8XhDSpL8xQfsD+a4dkPDPUxu6ODa6JGQjxAtZOWcOIGQFPM9VkK77UmIf3WZzWrovf/hJfVLI8NEwookHMHzeGepgbm7c0F5pCNeMzWF6EFtVSeYVh3Rg9+2YcOxWBmid8GDqKJseOxswDid+k1xwD7+EcFP4g+OKzbLKiXMwEtO4Bhwm1tUx2iTdO+JgxKQgSI2OKCUbnvd2Cc2Al9AnZ10v2dXn5T3m3PlJB23iFXl27oEpRPMnC2zjiyTs+CrJt7ShgkXfwaebxFtO1+SgtUJYydhqskmyoziDJeL4IgHkFJBLC5rcj/wU0ZngGjdA9g6SrvolJaqWOxlUNfwDv5FlKGGKyEoeE=
X-Microsoft-Exchange-Diagnostics: 1; BY1PR0501MB1303; 5:6ssisPHO4++mnalbJMwj/gcIHk7lrzdV6EKdffPVQYNs1OaTVabJLwK+8MMGMJ5yWsRKdzgFRRB00fEn1Oe9j6e63o2IkeFkzrX4uyJDB2ka/8FFMhBAq9DbYHyWnFkEAJqU3BJ8w4I5vjIYyra7wr+eu1WWya15ujNmhuESLmD0FiECSeJRWbP7wFnCCLqPwvgNCQIaLFnjYwATXVX5oGTEhGIp3TDdV7CAyRifoqIhXdpBPCuHJodcatS3sjLZCQlqf33Eh87FRqciozctpscbp2TCjxMQKPdqZh/HRzJTKSfyKJzUL0kPqgPw8w/h/X+04+4MXLzd/k9gwiE1NFcJQSsZ/yWrxTsY75CZ32k8M74jk89SMNCBF2E9ZRdaQUeRZUVR6dMPxqRD6h8ehBoTvt0ucb6/D9Wtf5T8/beUUD2lwyy5gt/e4uBqr0xvYhJgS4/9jJ+NlIHR0wlmzmR3I36V+iEAghTRBmETM0PhGMb0mBHRFKy4J3OZuTPc; 24:rcjb7i8ZX2aAbFR9fyW+ndD0OpCjv6RY3Xp+InR21U1slec7X12q+pAM0hAhZeEBbu1RKIpc1hvv4dtbmh6dG4CCTOI/Ibzs5IRTGOGN2bM=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; BY1PR0501MB1303; 7:QG43vi8ArBJ/xZsSzCLDs7OjtsgboqMi78RBvfTlTslGWZZCs1NuzhDA47EsvhQ8FzaU2/I+Hm3kF0Wn71IwG9IsAD3WpFT8waOBx76UrBH4TPp6kgq4JAuAJB7qycosY4ARAHdY6Q1wwwZMHteemeJ/x67jMxUWrYniwy6qG4hx7Q96CKmHGRiNZXNX7e52j/g3+bkFGYKcMz3RS81ZiYfO5P+bRuy8VKogtbcPqmRNzI7p57NK0S0VgNHCfzvWx8Kb49Uzk7kYEDoMk75si+kFRK9ZamWrYKjvdis8DsM1+z4gbTZxkXD2Q/RXF3Oum3Pnajpg4u4RWa2lNMkAyg==
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 May 2017 14:51:06.2757 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[p-emfe01a-sac.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR0501MB1303
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20ietf-ssh&body=unsubscribe%20ietf-ssh>
Hi Ron,
I have made some adjustments. Here is a unified diff of the relevant
changes to the .txt form of the draft. If the pseudo-code looks bad,
let me know if I should just remove it or not.
--- draft-ietf-curdle-ssh-curves-05.txt 2017-05-11 11:58:23.000000000 -0700
+++ draft-ietf-curdle-ssh-curves-06.txt 2017-05-13 07:46:54.000000000 -0700
@@ -140,47 +140,64 @@
only to be applicable to the scope of the mechanism described in this
document.
- The shared secret, K, is defined in [RFC4253] as a multiple precision
- integer (mpint). Curve25519/448 outputs a binary string X, which is
- the 32 or 56 byte point obtained by scalar multiplication of the
- other side's public key and the local private key scalar. The 32 or
- 56 bytes of X are converted into K by interpreting the bytes as an
- unsigned fixed-length integer encoded in network byte order. This
- conversion follows the normal "mpint" process as described in section
- 5 of [RFC4251].
+ The shared secret, K, is defined in [RFC4253] and [RFC5656] as an
+ integer encoded as a multiple precision integer (mpint).
+ Curve25519/448 outputs a binary string X, which is the 32 or 56 byte
+ point obtained by scalar multiplication of the other side's public
+ key and the local private key scalar. The 32 or 56 bytes of X are
+ converted into K by interpreting the octets as an unsigned fixed-
+ length integer encoded in network byte order.
+
+ The fixed-length integer is then minimized into the minimum number of
+ octets to represent a positve mpint. This conversion follows the
+ normal "mpint" process as described in section 5 of [RFC4251] which
+ requires that unnecessary leading bytes with the value 0 MUST NOT be
+ included. The length of the integer is then prepended with a 4 octet
+ big-endian integer which is the length in octets of the minimized K.
+
+ The mpint K is then fed along with other data to the key exchange
+ method's hash function to generate encryption keys.
To clarify a corner-case in this conversion, when X is encoded as an
mpint K, in order to calculate the exchange hash, it may vary as
follows:
- o Trim all leading zero-bytes of X. If X is all zero-bytes, then
- the key exchange MUST fail.
-
- o If the high bit of X is set, the mpint format requires a zero byte
- to be prepended.
-
- o The length of the encoded K may not be the same as the original
- length of X due to trimming or prepending zero-bytes as needed for
- "mpint" format.
- Or, as pseudo code:
+ o Trim all leading zero-bytes of X, as required in section 5 of
+ [RFC4251]. If X is all zero-bytes, then the key exchange MUST
+ fail as required in section 6 of [RFC7748].
+
+ o Given X is a positive, if the MSB of X is set, then the "mpint"
+ format requires a zero-byte to be prepended.
+
+ o The length of the "mpint" form of K may not be the same as the
+ original length of X due to trimming or prepending zero-byte
+ values as needed for "mpint" format. prepend K with the big-endian
+ number of octets for the length of K.
+
+ Or, as pseudo code (without dealing with side-channel issues):
k := x;
- while (k.length() > 0 && k[0] == 0) k = k[1:];
+ while (k.length() > 0 && k[0] == 0) k := k[1:];
assert(k.length() > 0);
- if 0 != (k[0] & 0x80) k = '\0' .. k;
+ if 0 != (k[0] & 0x80) k := '\0' .. k;
+ l[0] := k.lengh() >> 24;
+ l[1] := (k.lengh() >> 16) & 0xff;
+ l[2] := (k.lengh() >> 8) & 0xff;
+ l[3] := k.lengh() & 0xff;
+ k := l .. k;
Figure 1
When performing the X25519 or X448 operations, the integer values
- there will be encoded into byte strings by doing a fix-length
+ there will be encoded into byte strings by doing a fixed-length
unsigned litle-endian conversion, per [RFC7748]. It is only later
when these byte strings are then passed to the ECDH code in SSH that
the bytes are re-interpreted as a fixed-length unsigned big-endian
- ssh-ed25519 implementations Mark Baushke
- Re: ssh-ed25519 implementations Mark D. Baushke
- Re: ssh-ed25519 implementations Eric Rescorla
- Re: ssh-ed25519 implementations Ron Frederick
- Re: ssh-ed25519 implementations Mark D. Baushke
- Re: [Curdle] ssh-ed25519 implementations Mark D. Baushke
- RE: ssh-ed25519 implementations Daniel Migault
- Re: [Curdle] ssh-ed25519 implementations Stefan Bühler
- Re: ssh-ed25519 implementations Ron Frederick
- Re: ssh-ed25519 implementations Mark D. Baushke
- Re: ssh-ed25519 implementations Ron Frederick
- Re: ssh-ed25519 implementations Mark D. Baushke
- Re: ssh-ed25519 implementations Ron Frederick