Re: SSH in ECC Internet Draft

To: Nicolas Williams <Nicolas.Williams%sun.com@localhost>
Subject: Re: SSH in ECC Internet Draft
From: Bill Sommerfeld <sommerfeld%sun.com@localhost>
Date: Tue, 10 Oct 2006 12:51:27 -0400

On Tue, 2006-10-10 at 11:17 -0500, Nicolas Williams wrote:
> On Wed, Oct 11, 2006 at 01:52:24AM +1000, Damien Miller wrote:
> > IMO that (some) ECC libraries happen to use ASN.1 is not a good reason
> > to use it as protocol element.
> 
> The draft defines one ASN.1 type ('curves', a SEQUENCE of OIDs) where
> existing SSHv2 constructs could be used instead.  The draft's other uses
> of ASN.1/DER do not require an implementation of SSHv2 to implement
> ASN.1/DER outside ECC libraries, but this one type does.

actually, it looks to me like there may be a deeper problem: the same
"two level negotiation" issue which affected the gssapi key exchange.

I think you need to define a family of ssh key exchanges, one per
defined "curve", so that two implementations which support
noninteresecting sets of ECC curves but also support other KEX
mechanisms can find other common mechanisms.

							- Bill

Follow-Ups:
- Re: SSH in ECC Internet Draft
  - From: Joseph Galbraith
- Re: SSH in ECC Internet Draft
  - From: Ben Harris
- Re: SSH in ECC Internet Draft
  - From: Nicolas Williams

References:
- SSH in ECC Internet Draft
  - From: Jon Green
- Re: SSH in ECC Internet Draft
  - From: Markus Friedl
- Re: SSH in ECC Internet Draft
  - From: Sam Hartman
- Re: SSH in ECC Internet Draft
  - From: Damien Miller
- Re: SSH in ECC Internet Draft
  - From: Nicolas Williams

Prev by Date: Re: SSH in ECC Internet Draft
Next by Date: Re: SSH in ECC Internet Draft
Previous by Thread: Re: SSH in ECC Internet Draft
Next by Thread: Re: SSH in ECC Internet Draft
Indexes:

Home | Main Index | Thread Index | Old Index