Re: [Curdle] AD Review of draft-ietf-curdle-gss-keyex-sha2-05

denis bider <> Sun, 08 April 2018 02:19 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 69BCC12741D for <>; Sat, 7 Apr 2018 19:19:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.393
X-Spam-Status: No, score=-1.393 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, TRACKER_ID=1.306] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 46iZfokLJOhp for <>; Sat, 7 Apr 2018 19:19:24 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400d:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B8F31126B6E for <>; Sat, 7 Apr 2018 19:19:23 -0700 (PDT)
Received: by with SMTP id j73so5546482qke.6 for <>; Sat, 07 Apr 2018 19:19:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=RqJq5souGhV6VJg2989iBWp9kQhVSBolRRawcq5lOqE=; b=qgIo9Zq9yOzx0wJiXyMuY8qVEpYnOE0Zj8hdc1XtSar7DIggyHtrAFP3vorYXLkbRy 1Lq2YR7gRNqmdBiE+W2lOAq8WKTuA+RjQEuDWqM4mapl2pk93nhsXMrj/URWz0CpBRze JHqfdhek21PPFjbANqIRlnM+M1Nw1WSORNg9a2Em3vrcZdGwJqE8LPvAwxX41viGDpZ2 zn7G9Hu1G/Qdt1sDd0oe4c9y7nbgfclP+NwM+rObdtf4+9e9YGmQwTOaAtAHmhlj3O6P ABPIXpS/yMO5F6UXqZWKlOZdLlALJyYRlhchU0EcA12qykl2NmHaQFPnMBGo01+e6x5I wWDg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=RqJq5souGhV6VJg2989iBWp9kQhVSBolRRawcq5lOqE=; b=HL49fQFAXMw2xV6CruBF215r+4s4+gU01cKu96svvanadvVd6mobSQ2HTMiroZCROX /16wYyxSVygdNyzDzpeXpP1pjTZK/wsxbE7k8Hg5BhJpbl1kVnVssYhdAW8ZLz6pq02N o7zkb/d/in7h/hDJD21NiZ9v3ISX7RkMKOTI+giUxOwgGtvc6Y983su1hy2GI6ddD5m3 jueLXWewoblTiBi/KZJ8IwXT6nDoBCiP6JLlZN03x7YocKsKUERfUTqefaYJp3USnFhq 9HotTtwkzLM0slNzYVUDsaZConnpo9wK0hXPM5/gZ3Q2Oi5DxdyuAKADi+czwURD+LOU UNOg==
X-Gm-Message-State: ALQs6tA+rTYgNhNcN29ASewjWaueO710l1hDqfaIK8CJbs+op/Wrm8JG nT12EvGA/5JO24oVlWoZTUeZ6LV2ehCHzQzRDTw=
X-Google-Smtp-Source: AIpwx4/njXfeb+G93+AACcqOIXgBIBIfQ/yrmZd6Esy4QAB8gTL+cyUzXW0OxrZ8eEwxKJHqgxaws/jxv3uaDggXct8=
X-Received: by with SMTP id d78mr40970312qkb.20.1523153962824; Sat, 07 Apr 2018 19:19:22 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Sat, 7 Apr 2018 19:19:22 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <> <> <> <>
From: denis bider <>
Date: Sat, 7 Apr 2018 21:19:22 -0500
Message-ID: <>
To: Eric Rescorla <>
Cc: "Salz, Rich" <>, curdle <>, "" <>
Content-Type: multipart/alternative; boundary="001a114a758ee47a5605694cea03"
Archived-At: <>
Subject: Re: [Curdle] AD Review of draft-ietf-curdle-gss-keyex-sha2-05
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 08 Apr 2018 02:19:25 -0000

I think this misunderstands the scope of the GSS draft.

The GSS draft discusses GSS key exchange methods for SSH. These are not the
main key exchange methods for SSH, they are a *version* of the main key
exchange methods for use with GSS.

Because these are a *version* of the main key exchange methods, the main
value of this draft is that it updates the GSS key exchange methods to be
in line with how the main key exchange methods for SSH have evolved.

As Mark has pointed out, we have already added these key exchange methods
to SSH in RFC 8268:


The whole argument about which groups and which hashes we should have has
already been staged, multiple times, and this is what we arrived at.

The GSS draft is merely mirroring what we have already done for use with
the GSS key exchange methods. It does not make sense for the GSS key
exchange methods to do something entirely different than what the main key
exchange methods do. It makes sense for the GSS key exchange methods to be
consistent with what we have already done for the main ones.

On Sat, Apr 7, 2018 at 6:38 PM, Eric Rescorla <> wrote:

> On Sat, Apr 7, 2018 at 7:23 AM, Salz, Rich <> wrote:
>> I see no point in adding another hash.  What’s the reason?
> So that you can have an implementation that spans a variety of groups with
> just SHA-256.