Re: SSH in ECC Internet Draft

To: Sam Hartman <hartmans-ietf%mit.edu@localhost>
Subject: Re: SSH in ECC Internet Draft
From: Damien Miller <djm%mindrot.org@localhost>
Date: Wed, 11 Oct 2006 01:52:24 +1000 (EST)

On Mon, 9 Oct 2006, Sam Hartman wrote:

>     Markus> is it really necessary to use ASN.1 encoding?  this is
>     Markus> rather scary and does not fit well into the data type
>     Markus> scheme defined in RFC 4251.
> 
> I think you should look at how this will likely work in common
> implementations.  If your ECC library is likely to want to take ASN.1
> parameters as input, then that's probably how you want to transport
> them.
> 
> Certainly there are a lot of IETF protocols that use ASN.1; ASN.1 is
> complex but sometimes that complexity is necessary.

I agree with Markus; the use of ASN.1 adds a lot of complexity and
attack surface to an implementation. In this case, this additional
complexity must be in the critical pre-authentication code.

IMO that (some) ECC libraries happen to use ASN.1 is not a good reason
to use it as protocol element.

-d

Follow-Ups:
- Re: SSH in ECC Internet Draft
  - From: Nicolas Williams

References:
- SSH in ECC Internet Draft
  - From: Jon Green
- Re: SSH in ECC Internet Draft
  - From: Markus Friedl
- Re: SSH in ECC Internet Draft
  - From: Sam Hartman

Prev by Date: WG Action: Conclusion of Secure Shell (secsh)
Next by Date: Re: SSH in ECC Internet Draft
Previous by Thread: Re: SSH in ECC Internet Draft
Next by Thread: Re: SSH in ECC Internet Draft
Indexes:

Home | Main Index | Thread Index | Old Index