[Curdle] Straw Poll still in progress for draft-ietf-curdle-ssh-kex-sha2

"Mark D. Baushke" <mdb@juniper.net> Tue, 12 January 2021 20:29 UTC

Return-Path: <mdb@juniper.net>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 818683A118B for <curdle@ietfa.amsl.com>; Tue, 12 Jan 2021 12:29:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.349
X-Spam-Level:
X-Spam-Status: No, score=-2.349 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.25, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=L8xVynA0; dkim=pass (1024-bit key) header.d=juniper.net header.b=lCRAj05F
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o7rFT2SJ4624 for <curdle@ietfa.amsl.com>; Tue, 12 Jan 2021 12:29:10 -0800 (PST)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18DD23A1189 for <curdle@ietf.org>; Tue, 12 Jan 2021 12:29:09 -0800 (PST)
Received: from pps.filterd (m0108162.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 10CKJY9m031669 for <curdle@ietf.org>; Tue, 12 Jan 2021 12:29:09 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : subject : in-reply-to : references : from : mime-version : content-type : content-id : date : message-id; s=PPS1017; bh=75FLvXLuNS3x9Q/yXqkoPVjZUoiroRz89BE4wU2lNJQ=; b=L8xVynA0uIHBW3bx1txC+i3e6wkkVrMSrcbtpmUnZrPO4hIhUmWjiNJlZyH0ENEoMsNx zLBPQDlYwHxFTdGWlawWa14fIHvfDG6jww7cxY5YG18T46F3eFmDzkC+kDWbv3/fwdB6 2B9BzsfOaeXYQLWFzmxagDiOv5Fyyzq6apnfr41RwvO7uiX3Lsxt5jKHPMGQH4AGoBkP gz24UFkDtnK4v7OrDdDP/QVsJWS8OcAL7eEg1N29N6MXsPsrX1lfO8l3Jcpyw9fKkdyZ yIkHzzSd8Apm0thqwombBQdcrHFVaZLhz5X0F8kFEpRoo1gS8YjlGOHDgwtWTeirAgqW 7w==
Received: from nam04-co1-obe.outbound.protection.outlook.com (mail-co1nam04lp2052.outbound.protection.outlook.com [104.47.45.52]) by mx0b-00273201.pphosted.com with ESMTP id 3612329t9m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <curdle@ietf.org>; Tue, 12 Jan 2021 12:29:09 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JHevacrjogW21qgLcwFlwerWArCCaoQg6H9/dnAjkOuRq2Xz8As9foIl9+j1WYfse4sVpBsaynzyhGDYaI/RMKCLeWkhJK1rv1qVa+wRoxQoanE8COZVL16LsAYZPo6Y4mtvaH/Tf5iYvwfoqUdiKkS2pEiVtTOth3o5tzUccNIc4kStP50YYnzM3V6S8pvUF5DPIWEbiXqIqx2JaRphPyxHIUAXnueebMaxoULHbTSuzB3+JFcEWi3dDMGfFsZxEd+86TU/yWNWiw09wWBy0aGGUPxeT3W6kbrAQ+2RjywlMpuaJFycXXtZQXC4QZXjOCUClCbmmj8/tuLjrG8CzQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=75FLvXLuNS3x9Q/yXqkoPVjZUoiroRz89BE4wU2lNJQ=; b=nRwy+lLvomU+8+W+G7quIr4pD1qDm+F6IBl6vJsd5Bo5KGliLD1FJ35rtg533ts6qH//BCIcHeR1CRhTqgi9QjasqxEh5bb8Wj5gIpc3gaU9OqH9uNqWuIrixao1n9qmQ2bRuydqJ41k6mVrnYWUKLornZGMyAcccUl1e8ryneAzcw04V8SZvY60zFKzgmy5FdbCIgK/SoPmKnvOeMwdSxLqDP12jOvFX4iSF4swi8Z9gaZtf0cBVxf64LJHvh4vP96EYQ54NNQz8aiIj+yz7rvTvxoQh4nUWc0qfY2WY0EZtVZOBIsGty7mi3ZBZpLhiUs4FMGJ1avWuGnTkv04nQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip is 66.129.239.13) smtp.rcpttodomain=ietf.org smtp.mailfrom=juniper.net; dmarc=fail (p=reject sp=reject pct=100) action=oreject header.from=juniper.net; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=75FLvXLuNS3x9Q/yXqkoPVjZUoiroRz89BE4wU2lNJQ=; b=lCRAj05FF9j+VNZQG8tG9JXg+7HY0pChh1128+HT6LDkoVdQ20NWV56T+b8oxX8OgDDC3dgS3JjIPs0cggbK3JTImNBe3VbTFEhEx9EQ0dgKDadVFJ8hBgAqxgAMv09Ip4hZYGn61L3eNPp44pOgzjqmZ75KbPoaRM+o8DailB8=
Received: from MW4PR04CA0368.namprd04.prod.outlook.com (2603:10b6:303:81::13) by CO2PR05MB2679.namprd05.prod.outlook.com (2603:10b6:102:6::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3763.4; Tue, 12 Jan 2021 20:29:07 +0000
Received: from MW2NAM12FT003.eop-nam12.prod.protection.outlook.com (2603:10b6:303:81:cafe::18) by MW4PR04CA0368.outlook.office365.com (2603:10b6:303:81::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3763.9 via Frontend Transport; Tue, 12 Jan 2021 20:29:07 +0000
X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is 66.129.239.13) smtp.mailfrom=juniper.net; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=fail action=oreject header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.13 as permitted sender)
Received: from P-EXFEND-EQX-02.jnpr.net (66.129.239.13) by MW2NAM12FT003.mail.protection.outlook.com (10.13.180.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3763.2 via Frontend Transport; Tue, 12 Jan 2021 20:29:06 +0000
Received: from P-EXBEND-EQX-02.jnpr.net (10.104.8.53) by P-EXFEND-EQX-02.jnpr.net (10.104.8.55) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 12 Jan 2021 12:29:06 -0800
Received: from p-mailhub01.juniper.net (10.104.20.6) by P-EXBEND-EQX-02.jnpr.net (10.104.8.53) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Tue, 12 Jan 2021 12:29:06 -0800
Received: from eng-mail03.juniper.net (eng-mail03.juniper.net [10.108.22.11]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id 10CKT5wK007833; Tue, 12 Jan 2021 12:29:05 -0800 (envelope-from mdb@juniper.net)
Received: from eng-mail03 (localhost [127.0.0.1]) by eng-mail03.juniper.net (8.16.1/8.14.9) with ESMTP id 10CKUPim025127; Tue, 12 Jan 2021 12:30:25 -0800 (PST) (envelope-from mdb@juniper.net)
To: <curdle@ietf.org>
In-Reply-To: <758.1609814329@eng-mail03>
References: <2CCABC30-F757-4659-9FF3-5AADDD51EE30@akamai.com> <4b681efd49274f03c7e0521e127e031426632ad0.camel@redhat.com> <CADZyTkk--kCWqE7q0Xi5C40V92MuZBktDzQGt_vPSZPiBy7v9w@mail.gmail.com> <18479.1606885358@eng-mail01.juniper.net> <20201205194724.GB64351@kduck.mit.edu> <37691.1607621661@eng-mail01.juniper.net> <1607647129866.76532@cs.auckland.ac.nz> <2917.1607672034@eng-mail01.juniper.net> <012AE120-2516-44F6-B729-ED342A137535@timeheart.net> <ED8F3B46-A5CC-4D14-A714-FD1C0AA67486@akamai.com> <12959BD6-F3AB-418B-8CE0-C3BE43999435@timeheart.net> <40887.1608233724@eng-mail03> <0f4dce32-b362-43d8-85e0-9608ca3427ab@redhat.com> <90135.1609791710@eng-mail03> <7f27ed9c52fbbabd6047b2a1a860afff2656ad76.camel@redhat.com> <758.1609814329@eng-mail03>
Comments: In-reply-to: "Mark D. Baushke" <mdb@juniper.net> message dated "Mon, 04 Jan 2021 18:38:49 -0800."
From: "Mark D. Baushke" <mdb@juniper.net>
X-Phone: +1 408 745-2952 (Office)
X-Mailer: MH-E 8.6+git; nmh 1.7.1; GNU Emacs 27.1
X-Face: #8D_6URD2G%vC.hzU<dI&#Y9szHj$'mGtUq&d=rXy^L$-=G_-LmZ^5!Fszk:yXZp$k\nTF? 8Up0!v/%1Q[(d?ES0mQW8dRCXi18gK)luJu)loHk, }4{Vi`yX?p?crF5o:LL{6#eiO:(E:YMxLXULB k|'a*EjN.B&L+[J!PhJ*aX0n:5/
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <25125.1610483420.1@eng-mail03>
Date: Tue, 12 Jan 2021 12:30:20 -0800
Message-ID: <25126.1610483420@eng-mail03>
X-EXCLAIMER-MD-CONFIG: e3cb0ff2-54e7-4646-8a04-0dae4ac7b136
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 7c6ad4e1-09e3-4a6e-02ca-08d8b738b5d6
X-MS-TrafficTypeDiagnostic: CO2PR05MB2679:
X-Microsoft-Antispam-PRVS: <CO2PR05MB26798BA8CA73C1F0E528721BBFAA0@CO2PR05MB2679.namprd05.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: NdJDM7HhZtSPA0Ppkp04MCHe3gk8azQZZeB6N7jbeMJGR12x4vr6ifzGXKsCDKBsVQQh2zqCoqDX3e7P96auiolKfoZODONvfy3tHlfyzEeCUOKHE4aV98oCikEJsfqVixpxmmgfP9Pl7yHTc2NvyWvLmXiKxk71Y2kcK6CLki4rOXC2ItOXn7By01rOAWSFYU4VJiDEH7I1TSQOlkHNHSIXOsNOZ77lbaBJ+Y1Lp1/nP8Uph8a+3vhfoJqQEgWCGQzFffwDZ8w6+HOwX8YT0qPRnxC+yNNxy/ZTs0G3JEPPYfNDMm0qyQzOB4sZcyZCRMYUoR1OD5I2Wlb5wlUQLyL3Zrn8H2XlnNmc6MEHOnNb/WAMb0o7PrqJaXDvX9/s2LlhmvxdqGhdegQ89vK1sO/Zn77KtPYWERoJMZoth7UpHqbW4WgC/qaOGprzFbBHEknK+I2DFkfDg1Pu6x2Znbo+Ki5wBUpUCDSY9HDo6hpUYYfRx3K4z7bmVC/O7GUw6+nUt0hqEJAy3J4UCdyoSQ==
X-Forefront-Antispam-Report: CIP:66.129.239.13; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:P-EXFEND-EQX-02.jnpr.net; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(4636009)(396003)(376002)(39860400002)(346002)(136003)(46966006)(5660300002)(82310400003)(34020700004)(81166007)(86362001)(6916009)(33716001)(478600001)(26005)(2906002)(70586007)(186003)(9686003)(83380400001)(7126003)(8936002)(316002)(70206006)(47076005)(426003)(336012)(6666004)(356005)(8676002)(82740400003)(62816006); DIR:OUT; SFP:1102;
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Jan 2021 20:29:06.8688 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 7c6ad4e1-09e3-4a6e-02ca-08d8b738b5d6
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.13]; Helo=[P-EXFEND-EQX-02.jnpr.net]
X-MS-Exchange-CrossTenant-AuthSource: MW2NAM12FT003.eop-nam12.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO2PR05MB2679
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737 definitions=2021-01-12_16:2021-01-12, 2021-01-12 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 spamscore=0 suspectscore=0 clxscore=1015 impostorscore=0 phishscore=0 adultscore=0 mlxscore=0 malwarescore=0 mlxlogscore=999 bulkscore=0 lowpriorityscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2101120120
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/-rcH8svNrbBgw4BUKYaTIaMCkqg>
Subject: [Curdle] Straw Poll still in progress for draft-ietf-curdle-ssh-kex-sha2
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jan 2021 20:29:12 -0000

A reminder to the CURdle list members. There is a poll running for
draft-ietf-curdle-ssh-kex-sha2 recommendations on the *sha1* key
exchange algorithms. The poll ends at 17:00 UTC on 2021-01-19. At that
time, I will take the poll responses and tally up the votes to see what
recommendation to put into the -13 draft which I hope will go to WGLC.

At present, I have straw poll input from the following individuals:

    Mark Baushke <mdb@juniper.net> (user)
    Ron Frederick <ronf@timeheart.net> (implementor)
    Daniel Migault <mglt.ietf@gmail.com> (user)
    Simo Sorce <simo@redhat.com> (implementor)
    Peter Gutmann <pgut001@cs.auckland.ac.nz> (implementor)

Current weighted voting favors this set of recommendations:

  Kex Algorithm                       Recommendation
====================================================================
 diffie-hellman-group1-sha1:         SHOULD NOT (8)
 diffie-hellman-group14-sha1:        MAY (8)
 diffie-hellman-group-exchange-sha1: SHOULD NOT (6), MAY (2)
 rsa1024-sha1:                       MUST NOT (6), SHOULD NOT (2)
 gss-gex-sha1-*:                     SHOULD NOT (8)
 gss-group1-sha1-*:                  SHOULD NOT (6), MAY (2)
====================================================================

I hope that after I publish the -13 draft on 2021-01-19, we can move the
draft to WGLC.

Anyone who wants to vote in the next week, please do so. The template
to use is:

Template::

----------%<----------%<----------%<----------%<----------%<----------
From:
Implementor-or-User: 
diffie-hellman-group1-sha1: 
diffie-hellman-group14-sha1: 
diffie-hellman-group-exchange-sha1: 
rsa1024-sha1: 
gss-gex-sha1-*: 
gss-group1-sha1-*: 
----------%<----------%<----------%<----------%<----------%<----------

I will assume that an Implementor is also a User.
I will also give an Implementor double the vote for this reason.

If you give a vote like "MAY or SHOULD NOT" I will assume "MAY" as it is
the least restrictive.

You may change your vote, just send a new message to the list or to me
personally with the update.

	Be safe, stay healthy,
	-- Mark