Re: SSH in ECC Internet Draft

To: Bill Sommerfeld <sommerfeld%sun.com@localhost>
Subject: Re: SSH in ECC Internet Draft
From: Joseph Galbraith <galb-list%vandyke.com@localhost>
Date: Tue, 10 Oct 2006 12:19:09 -0600

Bill Sommerfeld wrote:
> On Tue, 2006-10-10 at 11:17 -0500, Nicolas Williams wrote:
>> On Wed, Oct 11, 2006 at 01:52:24AM +1000, Damien Miller wrote:
>>> IMO that (some) ECC libraries happen to use ASN.1 is not a good reason
>>> to use it as protocol element.
>> The draft defines one ASN.1 type ('curves', a SEQUENCE of OIDs) where
>> existing SSHv2 constructs could be used instead.  The draft's other uses
>> of ASN.1/DER do not require an implementation of SSHv2 to implement
>> ASN.1/DER outside ECC libraries, but this one type does.
> 
> actually, it looks to me like there may be a deeper problem: the same
> "two level negotiation" issue which affected the gssapi key exchange.
> 
> I think you need to define a family of ssh key exchanges, one per
> defined "curve", so that two implementations which support
> noninteresecting sets of ECC curves but also support other KEX
> mechanisms can find other common mechanisms.

You could take the route that gssapi did and base64 encode
the curve oid and make it part of the name:

"ssh-ecc-<base64 encoded curve oid>,ssh-ecc-<a-different-oid>"

Thanks,

Joseph

References:
- SSH in ECC Internet Draft
  - From: Jon Green
- Re: SSH in ECC Internet Draft
  - From: Markus Friedl
- Re: SSH in ECC Internet Draft
  - From: Sam Hartman
- Re: SSH in ECC Internet Draft
  - From: Damien Miller
- Re: SSH in ECC Internet Draft
  - From: Nicolas Williams
- Re: SSH in ECC Internet Draft
  - From: Bill Sommerfeld

Prev by Date: Re: SSH in ECC Internet Draft
Next by Date: ECC in SSH draft version -01
Previous by Thread: Re: SSH in ECC Internet Draft
Next by Thread: Re: SSH in ECC Internet Draft
Indexes:

Home | Main Index | Thread Index | Old Index