Fwd: First steps to add an authenticated key agreement protocol (private branch).
ross.snider at gmail.com
Tue Nov 10 13:49:02 AEDT 2015
Thanks you Damien, this will help a lot.
Authenticated key exchange. Yes. It will be tricky. I am going to use a
library with a trusted implementation and just do the 'plumbing'.
The keys unfortunately are in a new format. I am going to start with a very
ugly solution (some base64 serialization) and do not know if I will ever
need to get more serious. If I iterate on this format and move towards
standardization or something, I'll definitely reach out.
Both directions, but the primary application is client->server.
The last question about playing nicely with existing auth is a good
question. I have no idea. I think I will 'hack it on' first and iterate
toward something better.
The name of the cipher is Yuan-Li IBE authenticated key agreement.
More information about the openssh-unix-dev