[Ach] OpenSSH

Aaron Zauner azet at azet.org
Mon Dec 30 23:45:19 CET 2013

On 30 Dec 2013, at 23:35, Kurt Roeckx <kurt at roeckx.be> wrote:
> So one thing I've noticed is that for the KexAlgorithms, all the
> ECC versions have been removed.  It's not really obvious why.  I'm
> wondering if this is going to break for people using ECDSA keys,
> or what the behavior in that case is going to be.
> I can understand that for ssh ECDH is probably less important
> since I assume most people do not get a lot of connections / second and
> that they tend to be longer living than in https.

Yup. Simply because there are only NIST ECC curves available. Those have also been excluded by me for other critical infrastructure such as VPNs.

See: http://safecurves.cr.yp.to and discussions on the ML about ECC.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1091 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131230/12a833df/attachment.sig>

More information about the Ach mailing list