X448 Key Exchange

Joseph S. Testa II jtesta at positronsecurity.com
Fri Sep 14 02:26:59 AEST 2018

Hi all,

    I'm interested in having X448 protocol available as an option, as it 
gives a larger security margin over X25519.  For anyone unfamiliar, it 
is an Diffie-Hellman elliptic curve key exchange using Curve448 (defined 
in RFC7748: https://tools.ietf.org/html/rfc7748).  Furthermore, it is 
included in the new TLS 1.3 specification (RFC8846: 

    A few questions:

      1. What has been OpenSSH's involvement in this related IETF draft, 
if any?: https://tools.ietf.org/id/draft-ietf-curdle-ssh-curves-08.html

      2. Has there been any (even informal) plans for including X448?

      3. Has anyone begun an implementation yet?

    I've got some experience with OpenSSH development, so I wouldn't 
mind writing a first draft of a patch.  I just don't want to duplicate 
efforts if its already ongoing, nor make a lone-wolf diff with no chance 
of merging.

    - Joe

Joseph S. Testa II
Founder & Principle Security Consultant
Positron Security

More information about the openssh-unix-dev mailing list