On 1/02/17 12:37, Damien Miller wrote: > On Tue, 31 Jan 2017, JCA wrote: > >> I have noticed that the EC public key sent in the SSH2_MSG_KEX_ECDH_INIT >> message is sent without point compression. Are there any plans to use point >> compression eventually? I imagine that, in part, you guys are not yet >> implementing it for patent reasons, right? > I'm not aware of any plans for implementing point compression and I > don't plan on adding it myself. Motivation for not including it was > as much keeping the pre-auth code as simple as possible as anything > else. When I implemented ecdsa and ecdh in libssh I couldn't even find the code relevant to point compression in OpenSSL, because it does not exist. Apparently solving a second order equation in GFp is patented. Curve25519 and ed25519 don't have that problem, because they don't need point compression. Aris _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev