I have noticed that the EC public key sent in the SSH2_MSG_KEX_ECDH_INIT message is sent without point compression. Are there any plans to use point compression eventually? I imagine that, in part, you guys are not yet implementing it for patent reasons, right?
On Tue, 31 Jan 2017, JCA wrote:> I have noticed that the EC public key sent in the SSH2_MSG_KEX_ECDH_INIT > message is sent without point compression. Are there any plans to use point > compression eventually? I imagine that, in part, you guys are not yet > implementing it for patent reasons, right?I'm not aware of any plans for implementing point compression and I don't plan on adding it myself. Motivation for not including it was as much keeping the pre-auth code as simple as possible as anything else. -d
On 1/02/17 12:37, Damien Miller wrote:> On Tue, 31 Jan 2017, JCA wrote: > >> I have noticed that the EC public key sent in the SSH2_MSG_KEX_ECDH_INIT >> message is sent without point compression. Are there any plans to use point >> compression eventually? I imagine that, in part, you guys are not yet >> implementing it for patent reasons, right? > I'm not aware of any plans for implementing point compression and I > don't plan on adding it myself. Motivation for not including it was > as much keeping the pre-auth code as simple as possible as anything > else.When I implemented ecdsa and ecdh in libssh I couldn't even find the code relevant to point compression in OpenSSL, because it does not exist. Apparently solving a second order equation in GFp is patented. Curve25519 and ed25519 don't have that problem, because they don't need point compression. Aris
Possibly Parallel Threads
- kex protocol error: type 7 seq xxx error message
- [PATCH] curve25519-sha256@libssh.org key exchange proposal
- curve25519
- chaining AUTH methods -- adding GoogleAuthenticator 2nd Factor to pubkey auth? can't get the GA prompt :-/
- Subsystem sftp invoked even though forced command created