Fwd: First steps to add an authenticated key agreement protocol (private branch).

Ross Snider ross.snider at gmail.com
Tue Nov 10 13:49:02 AEDT 2015

Thanks you Damien, this will help a lot.

Authenticated key exchange. Yes. It will be tricky. I am going to use a
library with a trusted implementation and just do the 'plumbing'.

The keys unfortunately are in a new format. I am going to start with a very
ugly solution (some base64 serialization) and do not know if I will ever
need to get more serious. If I iterate on this format and move towards
standardization or something, I'll definitely reach out.

Both directions, but the primary application is client->server.

The last question about playing nicely with existing auth is a good
question. I have no idea. I think I will 'hack it on' first and iterate
toward something better.

The name of the cipher is Yuan-Li IBE authenticated key agreement.


More information about the openssh-unix-dev mailing list