Re: [PATCH] Enabling ECDSA in PKCS#11 support for ssh-agent

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Damien Miller <djm@xxxxxxxxxxx> writes:

> On Thu, 8 Oct 2015, Douglas E Engert wrote:
>
>> Then what is:
>> 1.3.6.1.4.1.11591.15.1 Ed25519
>> 
>> defined here:
>>  https://www.gnu.org/prep/standards/html_node/OID-Allocations.html
>> 
>> The whole idea of namedCurve was you did not have to pass in the parameters,
>> and PKIX certificates only allow namedCurve.
>
> Ed25519 is a different algorithm to ECDSA, not just a different curve.

Still it might work anyway.  We noticed this with TLS and PKIX.  While
EdDSA is different from "normal" ECDSA, by using a namedCurve value
corresponding to Ed25519 you tell implementations you really mean EdDSA.
This is usually enough.  Then EdDSA can be used in the already existing
ECDSA umbrella.  Of course, it has to be implemented and tested to iron
out any problems.

/Simon

Attachment: signature.asc
Description: PGP signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux