Re: [Curdle] Which curves are MUST and SHOULD ?

Peter Gutmann <pgut001@cs.auckland.ac.nz> Fri, 11 December 2020 00:39 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E3B33A137A for <curdle@ietfa.amsl.com>; Thu, 10 Dec 2020 16:39:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kYSBsfIWfAzS for <curdle@ietfa.amsl.com>; Thu, 10 Dec 2020 16:39:02 -0800 (PST)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [103.96.23.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CB2F3A1379 for <curdle@ietf.org>; Thu, 10 Dec 2020 16:39:00 -0800 (PST)
Received: from AUS01-ME3-obe.outbound.protection.outlook.com (mail-me3aus01lp2237.outbound.protection.outlook.com [104.47.71.237]) (Using TLS) by relay.mimecast.com with ESMTP id au-mta-8-a1nHAkVQNIWoWcHdGG39GA-1; Fri, 11 Dec 2020 11:38:55 +1100
X-MC-Unique: a1nHAkVQNIWoWcHdGG39GA-1
Received: from SG2PR03CA0150.apcprd03.prod.outlook.com (2603:1096:4:c8::23) by SYAPR01MB2255.ausprd01.prod.outlook.com (2603:10c6:1:2::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12; Fri, 11 Dec 2020 00:38:52 +0000
Received: from SG2APC01FT041.eop-APC01.prod.protection.outlook.com (2603:1096:4:c8:cafe::8e) by SG2PR03CA0150.outlook.office365.com (2603:1096:4:c8::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.7 via Frontend Transport; Fri, 11 Dec 2020 00:38:52 +0000
X-MS-Exchange-Authentication-Results: spf=none (sender IP is 130.216.95.224) smtp.mailfrom=cs.auckland.ac.nz; akamai.com; dkim=none (message not signed) header.d=none;akamai.com; dmarc=none action=none header.from=cs.auckland.ac.nz
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (130.216.95.224) by SG2APC01FT041.mail.protection.outlook.com (10.152.251.61) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3654.12 via Frontend Transport; Fri, 11 Dec 2020 00:38:50 +0000
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 11 Dec 2020 13:38:49 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) with mapi id 15.00.1497.010; Fri, 11 Dec 2020 13:38:49 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "Mark D. Baushke" <mdb=40juniper.net@dmarc.ietf.org>, Benjamin Kaduk <kaduk@mit.edu>
CC: Rich Salz <rsalz@akamai.com>, Curdle Mailing List <curdle@ietf.org>, Daniel Migault <mglt.ietf@gmail.com>
Thread-Topic: [Curdle] Which curves are MUST and SHOULD ?
Thread-Index: AQHWyABeDuwiXv4Yn0mKui9S8AiiXqnhvagAgACAoYCAACh9AIAFrjIAgAe2fICAAU/nWg==
Date: Fri, 11 Dec 2020 00:38:48 +0000
Message-ID: <1607647129866.76532@cs.auckland.ac.nz>
References: <2CCABC30-F757-4659-9FF3-5AADDD51EE30@akamai.com> <4b681efd49274f03c7e0521e127e031426632ad0.camel@redhat.com> <CADZyTkk--kCWqE7q0Xi5C40V92MuZBktDzQGt_vPSZPiBy7v9w@mail.gmail.com> <18479.1606885358@eng-mail01.juniper.net> <20201205194724.GB64351@kduck.mit.edu>, <37691.1607621661@eng-mail01.juniper.net>
In-Reply-To: <37691.1607621661@eng-mail01.juniper.net>
Accept-Language: en-NZ, en-GB, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: e844a831-23f4-4d35-b4e3-08d89d6d212a
X-MS-TrafficTypeDiagnostic: SYAPR01MB2255:
X-Microsoft-Antispam-PRVS: <SYAPR01MB2255DA5EEE91A964EEBE4424EECA0@SYAPR01MB2255.ausprd01.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:7691
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0
X-Microsoft-Antispam-Message-Info: AddDa3U4bnTIARRFai3wQ9v6MQrKd5uv8GmHZfQzfQ+pFzkh3Kxq3janLRNpdcjP3ku+L41ol+bvXBkynOy/ngjwVmZTrqBxjG6Me73zTT3XLzk6EVeKNB6HMeMb4Wown31OD1D41Fh1F4x3Wib001Pd2+EKexiSidwU2lhynmAQIH4f22K43NWB63PTR9PNv8Qc4CeLvH84LdRGaeacuxy3CGrxvkJL7hjs75fZY6GvjI0JHvflTprOCGWJFS4u050pcV94U49gPfLSzL5toQ4Sxlqv9vooNHP1V5kuYFu7Tv0m0F4A9HnkA2JXkqFx53qpbGBwIAh2y/ArrEAgUG1X4ZFjlMND5g+SUiSI2jYZyWdoK8k/3NgKcpuFwWlH7tNyYMp+3tBhJMaYPwXs5g==
X-Forefront-Antispam-Report: CIP:130.216.95.224; CTRY:NZ; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:uxcn13-ogg-d.UoA.auckland.ac.nz; PTR:natgate2-1.auckland.ac.nz; CAT:NONE; SFS:(4636009)(346002)(376002)(39860400002)(136003)(396003)(46966005)(82740400003)(5660300002)(86362001)(786003)(7636003)(8676002)(82310400003)(316002)(47076004)(110136005)(336012)(54906003)(478600001)(36906005)(8936002)(26005)(186003)(4744005)(4326008)(70586007)(70206006)(2906002)(356005)(2616005); DIR:OUT; SFP:1101
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Dec 2020 00:38:50.3529 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: e844a831-23f4-4d35-b4e3-08d89d6d212a
X-MS-Exchange-CrossTenant-Id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d1b36e95-0d50-42e9-958f-b63fa906beaa; Ip=[130.216.95.224]; Helo=[uxcn13-ogg-d.UoA.auckland.ac.nz]
X-MS-Exchange-CrossTenant-AuthSource: SG2APC01FT041.eop-APC01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SYAPR01MB2255
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CAU17A13 smtp.mailfrom=pgut001@cs.auckland.ac.nz
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset=WINDOWS-1252
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/2Csz1surt_Xnk9vx6yYz9T3X4Y4>
Subject: Re: [Curdle] Which curves are MUST and SHOULD ?
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Dec 2020 00:39:03 -0000

Mark D. Baushke <mdb=40juniper.net@dmarc.ietf.org> writes:

>MAY diffie-hellman-group14-sha1
>SHOULD NOT diffie-hellman-group-exchange-sha1

Just wondering why the hardcoded group is MAY but the negotiated, and probably
more secure, group is SHOULD NOT?  Is it because lots of legacy stuff will
only do the hardcoded group?

Peter.