denis bider <ietf-ssh3%denisbider.com@localhost> writes: > Hello Simon, > > very nice. :-) Thank you! > > Work is currently underway to make safe curves available in the next > Crypto++ version. Assuming that's ready in a reasonable timeframe, I > intend to use it for both curve25519-sha256, and curve448-sha512, for > our SSH Client and Server. > > If Crypto++ takes too long, I will look into alternative implementations. Thanks. The other SSH implementation that considered Curve448 decided, after looking into it, to postpone it due to lack of suitable Curve448 implementation. If you manage to complete an implementation and ship it in some well known SSH implementation, we could keep the description. Otherwise I'm inclined to remove Curve448 from ssh-curves if nobody is looking to implement. I prefer descriptive standards over prescriptive. Especially related to crypto where the devil is always in the details, and you won't notice the details until you implement it. It can always be done later when there is sufficient groundwork to motivate it. Right now that is long overdue for Curve25519 but far from the case for Curve448. So coupling them comes with a high cost. /Simon > denis > > > ----- Original Message ----- > From: Simon Josefsson > Sent: Tuesday, March 1, 2016 04:08 > To: ietf-ssh%netbsd.org@localhost ; curdle%ietf.org@localhost > Subject: draft-josefsson-ssh-curves-04 > > All, > > I have updated ssh-curves to use SHA-512 for Curve448 as requested by > several people. We are waiting for a Curve448 implementation to confirm > that the description is correct. Otherwise I am not aware of any open > issues with the document. All feedback is welcome. > > https://tools.ietf.org/html/draft-josefsson-ssh-curves-04 > > Thanks, > /Simon >
Attachment:
signature.asc
Description: PGP signature