Re: [Curdle] AD Review of draft-ietf-curdle-gss-keyex-sha2-05
denis bider <denisbider.ietf@gmail.com> Sun, 08 April 2018 02:19 UTC
Return-Path: <denisbider.ietf@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69BCC12741D for <curdle@ietfa.amsl.com>; Sat, 7 Apr 2018 19:19:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.393
X-Spam-Level:
X-Spam-Status: No, score=-1.393 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, TRACKER_ID=1.306] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 46iZfokLJOhp for <curdle@ietfa.amsl.com>; Sat, 7 Apr 2018 19:19:24 -0700 (PDT)
Received: from mail-qk0-x233.google.com (mail-qk0-x233.google.com [IPv6:2607:f8b0:400d:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8F31126B6E for <curdle@ietf.org>; Sat, 7 Apr 2018 19:19:23 -0700 (PDT)
Received: by mail-qk0-x233.google.com with SMTP id j73so5546482qke.6 for <curdle@ietf.org>; Sat, 07 Apr 2018 19:19:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=RqJq5souGhV6VJg2989iBWp9kQhVSBolRRawcq5lOqE=; b=qgIo9Zq9yOzx0wJiXyMuY8qVEpYnOE0Zj8hdc1XtSar7DIggyHtrAFP3vorYXLkbRy 1Lq2YR7gRNqmdBiE+W2lOAq8WKTuA+RjQEuDWqM4mapl2pk93nhsXMrj/URWz0CpBRze JHqfdhek21PPFjbANqIRlnM+M1Nw1WSORNg9a2Em3vrcZdGwJqE8LPvAwxX41viGDpZ2 zn7G9Hu1G/Qdt1sDd0oe4c9y7nbgfclP+NwM+rObdtf4+9e9YGmQwTOaAtAHmhlj3O6P ABPIXpS/yMO5F6UXqZWKlOZdLlALJyYRlhchU0EcA12qykl2NmHaQFPnMBGo01+e6x5I wWDg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=RqJq5souGhV6VJg2989iBWp9kQhVSBolRRawcq5lOqE=; b=HL49fQFAXMw2xV6CruBF215r+4s4+gU01cKu96svvanadvVd6mobSQ2HTMiroZCROX /16wYyxSVygdNyzDzpeXpP1pjTZK/wsxbE7k8Hg5BhJpbl1kVnVssYhdAW8ZLz6pq02N o7zkb/d/in7h/hDJD21NiZ9v3ISX7RkMKOTI+giUxOwgGtvc6Y983su1hy2GI6ddD5m3 jueLXWewoblTiBi/KZJ8IwXT6nDoBCiP6JLlZN03x7YocKsKUERfUTqefaYJp3USnFhq 9HotTtwkzLM0slNzYVUDsaZConnpo9wK0hXPM5/gZ3Q2Oi5DxdyuAKADi+czwURD+LOU UNOg==
X-Gm-Message-State: ALQs6tA+rTYgNhNcN29ASewjWaueO710l1hDqfaIK8CJbs+op/Wrm8JG nT12EvGA/5JO24oVlWoZTUeZ6LV2ehCHzQzRDTw=
X-Google-Smtp-Source: AIpwx4/njXfeb+G93+AACcqOIXgBIBIfQ/yrmZd6Esy4QAB8gTL+cyUzXW0OxrZ8eEwxKJHqgxaws/jxv3uaDggXct8=
X-Received: by 10.55.79.81 with SMTP id d78mr40970312qkb.20.1523153962824; Sat, 07 Apr 2018 19:19:22 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.12.158.146 with HTTP; Sat, 7 Apr 2018 19:19:22 -0700 (PDT)
In-Reply-To: <CABcZeBOnd7yBgYf4-bfK1vLoX5DdeKafG8GeX+95dn6YrXW7bg@mail.gmail.com>
References: <CABcZeBNCUSpGihHz6bPBSALS4-34Tm7W36BCZ_Ev8OQz3KtVag@mail.gmail.com> <CADPMZDDjFghyj=1L+kq_XAXiea1W2LNEG9d13YY+OSyyd61niA@mail.gmail.com> <CABcZeBN=aHSTGusNWaCDcyv5BtnCjTU9jaTcohY4L-PHYk8e2Q@mail.gmail.com> <CADPMZDAe0HVz8NKCEPthV6AfZHJPuvk_S7-vMmVZQpyy_0F+vw@mail.gmail.com> <CABcZeBM-XKUjAWA7jX=ShnQaRdXmAChxNis_PCrqfMXd+yfRmg@mail.gmail.com> <186956AD-4D35-4CA4-9864-81B57080E0EA@akamai.com> <CABcZeBOnd7yBgYf4-bfK1vLoX5DdeKafG8GeX+95dn6YrXW7bg@mail.gmail.com>
From: denis bider <denisbider.ietf@gmail.com>
Date: Sat, 07 Apr 2018 21:19:22 -0500
Message-ID: <CADPMZDAvxqd0SGb2QomxuoBTjM=V96FR8qVTFnsWG5EjJvQ0JA@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: "Salz, Rich" <rsalz@akamai.com>, curdle <curdle@ietf.org>, "draft-ietf-curdle-gss-keyex-sha2@tools.ietf.org" <draft-ietf-curdle-gss-keyex-sha2@tools.ietf.org>
Content-Type: multipart/alternative; boundary="001a114a758ee47a5605694cea03"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/1HeK6O8YdRIchgC4N6gyxXG9xMQ>
Subject: Re: [Curdle] AD Review of draft-ietf-curdle-gss-keyex-sha2-05
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Apr 2018 02:19:25 -0000
I think this misunderstands the scope of the GSS draft. The GSS draft discusses GSS key exchange methods for SSH. These are not the main key exchange methods for SSH, they are a *version* of the main key exchange methods for use with GSS. Because these are a *version* of the main key exchange methods, the main value of this draft is that it updates the GSS key exchange methods to be in line with how the main key exchange methods for SSH have evolved. As Mark has pointed out, we have already added these key exchange methods to SSH in RFC 8268: diffie-hellman-group14-sha256 diffie-hellman-group15-sha512 diffie-hellman-group16-sha512 diffie-hellman-group17-sha512 diffie-hellman-group18-sha512 The whole argument about which groups and which hashes we should have has already been staged, multiple times, and this is what we arrived at. The GSS draft is merely mirroring what we have already done for use with the GSS key exchange methods. It does not make sense for the GSS key exchange methods to do something entirely different than what the main key exchange methods do. It makes sense for the GSS key exchange methods to be consistent with what we have already done for the main ones. On Sat, Apr 7, 2018 at 6:38 PM, Eric Rescorla <ekr@rtfm.com> wrote: > > > On Sat, Apr 7, 2018 at 7:23 AM, Salz, Rich <rsalz@akamai.com> wrote: > >> I see no point in adding another hash. What’s the reason? >> > > So that you can have an implementation that spans a variety of groups with > just SHA-256. > >> >> > >
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Simo Sorce
- [Curdle] AD Review of draft-ietf-curdle-gss-keyex… Eric Rescorla
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… denis bider
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… denis bider
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Salz, Rich
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Russ Housley
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Mark Baushke
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… denis bider
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Simo Sorce
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… denis bider
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Simo Sorce
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Benjamin Kaduk
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Hubert Kario
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… denis bider
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Hubert Kario
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Hubert Kario
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Simo Sorce
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Simo Sorce
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Mark D. Baushke
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Daniel Migault
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Salz, Rich
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Hubert Kario
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Simo Sorce
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Eric Rescorla
- Re: [Curdle] AD Review of draft-ietf-curdle-gss-k… Simo Sorce