Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?
"Mark D. Baushke" <mdb@juniper.net> Mon, 13 July 2020 18:52 UTC
Return-Path: <mdb@juniper.net>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 6DFEF3A1733;
Mon, 13 Jul 2020 11:52:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.12
X-Spam-Level:
X-Spam-Status: No, score=-2.12 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=juniper.net header.b=OmnWV5b1;
dkim=pass (1024-bit key)
header.d=juniper.net header.b=hk2IAZLI
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id fABOM82UWhgp; Mon, 13 Jul 2020 11:52:18 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com
[208.84.65.16])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id D64A53A172A;
Mon, 13 Jul 2020 11:52:18 -0700 (PDT)
Received: from pps.filterd (m0108156.ppops.net [127.0.0.1])
by mx0a-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id
06DIqHQZ003806; Mon, 13 Jul 2020 11:52:17 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net;
h=to : cc : subject :
in-reply-to : references : from : mime-version : content-type : content-id
: date : message-id; s=PPS1017;
bh=EVJfH+GfHJkgRyFmJwsYGXV2NA82dmNJgSvKB8eiwEY=;
b=OmnWV5b1xmFTx3n95559D4ZMTTyYvftfC7InFg0R5MTyaBGBRUw+OQQ1QXJWtP8z165m
PoC1PRxnqFd3emsYhJ/Z99V3ZouMlFR3FTbAQnG/1BDqo4bGz0ZKCbYTBxZCYBXHVvy8
80OgWMpzUfdD26V6yataIdQpk+oQABDu9cxgKy99oQYDVFA/tl/kbke3WF8/zh78FUIn
6TfKYSO5v1ja6GSMMeQqkvtD5lSiyBZMfitl/vOLTWNgAeuKIX0xAAlGx8n5itciVtLp
dM/7IAtMsX3rJUStO63xjnggdLqhsfICUEqk4zpQbxXcS8k4s43+/NWgAIfBIhnmoVWg sw==
Received: from nam02-cy1-obe.outbound.protection.outlook.com
(mail-cys01nam02lp2052.outbound.protection.outlook.com [104.47.37.52])
by mx0a-00273201.pphosted.com with ESMTP id 327cemb6qq-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
Mon, 13 Jul 2020 11:52:17 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=BChUVcrzhHvBA1CnliI3FIaTWg2ATy4HEbwy8KWyfAvLrEQGnqat3zeV5HzjZXheK4nNMeo5ahmXHgI3cKJMDElCTH63kb9A8bmRqMub4WaWreKpyOlImGhN1QB8nk81i46UmtniZHgb8t3zxNfmKsSkORCdpFTYtzHS0VDdfOSdEpPNmsQP7TYsvG/dJ0BIPZPwZMzDb/rhR/xjoJQM+eapZ5GDTZW3Aq3y+FjFEL6Ixxt5X2maRIuaJQChN+ZCqRYYSTU3OT/m3lqt8ovPfTj+YVF44MAjPNipaYADEaSguPJmjzQVK576fFpfaepFOfbyK3bLDF+ZkQaSVuvxdA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=EVJfH+GfHJkgRyFmJwsYGXV2NA82dmNJgSvKB8eiwEY=;
b=G1rQbGUzmRczwAojtRZ8xuJx9yk4oz7PH1kBkUdCt1F0PrDx3pdtC7bGwq/m5F1BuN2VyZ+kzgrPJXGdeQkLaLwLR7ZfuvUk1nqiTb6wuxm2NLwKjvXAnJZqud0dDYUk1uMg6o7iSbL3y/LWP8w2gi/dPlaDOUhLiZvjUsNfyIDh9zlJOI19ZG40sRjfksXzkNOCYRijnrDF/mh10uuhEzOSsKaBAtOBDUCsQ6HMgZ/k75BAP0QVAwxOo1LO8akEx8e9BbPiNBaBnat+lKLDG+JlPWIAwY1jJOaGN+bHcLXDTyVhrh917UNysuJXh43B8ud3R850sVO2kOIW226WyA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip
is 66.129.239.12) smtp.rcpttodomain=gmail.com smtp.mailfrom=juniper.net;
dmarc=fail (p=reject sp=reject pct=100) action=oreject
header.from=juniper.net; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=EVJfH+GfHJkgRyFmJwsYGXV2NA82dmNJgSvKB8eiwEY=;
b=hk2IAZLImdvzz/st4RKiXGTsKZZssy+Xm4J69LIMhncEW3edl72wQrSk7uIDBrnd1hH+DQp1UWAUu11TQF2z01i4QiBupGqsAkVaJu4qiQzLWb7v/tjZbXRiOGSpJaVncipFYnZdEc8NaZfVd3bnVEXqgrJBSMPQNaAKP5LcKwY=
Received: from MWHPR2201CA0054.namprd22.prod.outlook.com
(2603:10b6:301:16::28) by BL0PR05MB5634.namprd05.prod.outlook.com
(2603:10b6:208:6f::19) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3195.9; Mon, 13 Jul
2020 18:52:09 +0000
Received: from CO1NAM05FT012.eop-nam05.prod.protection.outlook.com
(2603:10b6:301:16:cafe::47) by MWHPR2201CA0054.outlook.office365.com
(2603:10b6:301:16::28) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.21 via Frontend
Transport; Mon, 13 Jul 2020 18:52:08 +0000
X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is
66.129.239.12) smtp.mailfrom=juniper.net; gmail.com; dkim=none (message not
signed) header.d=none;gmail.com; dmarc=fail action=oreject
header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
juniper.net discourages use of 66.129.239.12 as permitted sender)
Received: from P-EXFEND-EQX-01.jnpr.net (66.129.239.12) by
CO1NAM05FT012.mail.protection.outlook.com (10.152.96.119) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id
15.20.3195.9 via Frontend Transport; Mon, 13 Jul 2020 18:52:08 +0000
Received: from P-EXBEND-EQX-01.jnpr.net (10.104.8.52) by
P-EXFEND-EQX-01.jnpr.net (10.104.8.54) with Microsoft SMTP Server (TLS) id
15.0.1497.2; Mon, 13 Jul 2020 11:52:03 -0700
Received: from P-EXBEND-EQX-01.jnpr.net (10.104.8.52) by
P-EXBEND-EQX-01.jnpr.net (10.104.8.52) with Microsoft SMTP Server (TLS) id
15.0.1497.2; Mon, 13 Jul 2020 11:52:02 -0700
Received: from p-mailhub01.juniper.net (10.104.20.6) by
P-EXBEND-EQX-01.jnpr.net (10.104.8.52) with Microsoft SMTP Server (TLS) id
15.0.1497.2 via Frontend Transport; Mon, 13 Jul 2020 11:52:02 -0700
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [10.160.0.88])
by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id 06DIq1ER027192;
Mon, 13 Jul 2020 11:52:01 -0700 (envelope-from mdb@juniper.net)
To: IETF curdle <curdle@ietf.org>, IETF ssh <ietf-ssh@netbsd.org>
CC: "Mark D. Baushke" <mdb=40juniper.net@dmarc.ietf.org>, curdle-chairs
<curdle-chairs@ietf.org>, denis bider <denisbider.ietf@gmail.com>, "Ron
Frederick" <ronf@timeheart.net>, Loganaden Velvindron <loganaden@gmail.com>
In-Reply-To: <CAOp4FwQMcNHRd65U1A+zfT1Xyrqv7+kHU_Lh1tqMGsBQB2LrVA@mail.gmail.com>
References: <CADPMZDB8oXAg0g0oJvZmkK1XPhb28SQPnxwRmL9umzFXkH0ogQ@mail.gmail.com>
<2306.1594546601@eng-mail01.juniper.net>
<CAOp4FwQMcNHRd65U1A+zfT1Xyrqv7+kHU_Lh1tqMGsBQB2LrVA@mail.gmail.com>
Comments: In-reply-to: Loganaden Velvindron <loganaden@gmail.com>
message dated "Mon, 13 Jul 2020 00:23:56 +0400."
From: "Mark D. Baushke" <mdb@juniper.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <53535.1594666321.1@eng-mail01.juniper.net>
Date: Mon, 13 Jul 2020 11:52:01 -0700
Message-ID: <53536.1594666321@eng-mail01.juniper.net>
X-EXCLAIMER-MD-CONFIG: e3cb0ff2-54e7-4646-8a04-0dae4ac7b136
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:66.129.239.12; CTRY:US; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:P-EXFEND-EQX-01.jnpr.net;
PTR:InfoDomainNonexistent; CAT:NONE; SFTY:;
SFS:(4636009)(376002)(136003)(396003)(346002)(39860400002)(46966005)(186003)(5660300002)(54906003)(110136005)(83380400001)(4744005)(7696005)(26005)(4326008)(82740400003)(47076004)(426003)(8676002)(478600001)(8936002)(316002)(86362001)(81166007)(70206006)(70586007)(336012)(82310400002)(2906002)(356005);
DIR:OUT; SFP:1102;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 5bce5c26-414b-459a-5da2-08d8275dd82d
X-MS-TrafficTypeDiagnostic: BL0PR05MB5634:
X-Microsoft-Antispam-PRVS: <BL0PR05MB563425B77E08E8F7AF46D050BF600@BL0PR05MB5634.namprd05.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:8882;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 9HqzYrhTtaulc3V8+CBYLd5bQ/U4Ww1FsDA6/w1/lplzK53YIE5hsnVSa1sbKSkS4CBffQ1p7l/yxMxcS3cXH26hD2lVf0X0+7ns8jSAjE3aJEBvW2Ntr0sP1rshsPlZJQ66s2zuEM8sdMQ27HgXIviQL0hYSAwaykuAlSLC94/jLNUNrX7GMkMRdZ56vpBOP+hygRie5xZrSgzgNnQnD1yXLfa/dS7JKztpkOZUJcV8z8F01bJRzGSeOticpQQdrkb1qN9OxveXlzFh8QNCA2Lzv6mACbtsjBIj21pPO+DGSZEFqFuwg3m3IBkUbOTNVEHO1Oaojq48ZuTZaJp8oLPnE8CUGHppj2fvtFSVks/D248NM1mN3y4MqVC91Pg7Pwi2XrEtbesG4dhfMUF57g==
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Jul 2020 18:52:08.4109 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 5bce5c26-414b-459a-5da2-08d8275dd82d
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12];
Helo=[P-EXFEND-EQX-01.jnpr.net]
X-MS-Exchange-CrossTenant-AuthSource: CO1NAM05FT012.eop-nam05.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR05MB5634
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687
definitions=2020-07-13_16:2020-07-13,
2020-07-13 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam
score=0 clxscore=1011
malwarescore=0 bulkscore=0 impostorscore=0 priorityscore=1501 phishscore=0
mlxscore=0 suspectscore=1 mlxlogscore=444 adultscore=0 spamscore=0
lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1
engine=8.12.0-2006250000 definitions=main-2007130134
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/2mjHezIkd19cK-5eJY_3yhypwd0>
Subject: Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg."
<curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>,
<mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>,
<mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jul 2020 18:52:26 -0000
Hi Folks, I have updated a new revision of draft-ietf-curdle-ssh-kex-sha2-11 for your review which gives a survey of the Key Exchange Algorithms for Secure Shell. The current revision does NOT have any 'MUST' implement algorithms, but does provide 'SHOULD NOT' for most of the algorithms using sha1. As I understand it, the following are candidates for MUST: * diffie-hellman-group14-sha256 [It is not clear to me how much longer 2048-bits will be considered strong enough.] * curve25519-sha256 * ecdh-sha2-nistp256 [Some folks are not happy with the current ECDH curves.] I would look for discussion on the list about which Key Exchange Algorithms are Mandatory to Implement going forward. Fwiw: I will be attending the IETF 108 virtual conference, I believe there will not be an IETF Curdle meeting. Be safe, stay healthy, -- Mark
- [Curdle] State of draft-ietf-curdle-ssh-kex-sha2? denis bider
- Re: [Curdle] State of draft-ietf-curdle-ssh-kex-s… Salz, Rich
- Re: [Curdle] State of draft-ietf-curdle-ssh-kex-s… Salz, Rich
- Re: [Curdle] State of draft-ietf-curdle-ssh-kex-s… denis bider
- Re: [Curdle] State of draft-ietf-curdle-ssh-kex-s… Mark D. Baushke
- Re: [Curdle] State of draft-ietf-curdle-ssh-kex-s… denis bider
- Re: [Curdle] State of draft-ietf-curdle-ssh-kex-s… Ron Frederick
- Re: [Curdle] State of draft-ietf-curdle-ssh-kex-s… denis bider
- Re: [Curdle] State of draft-ietf-curdle-ssh-kex-s… Loganaden Velvindron
- Re: [Curdle] State of draft-ietf-curdle-ssh-kex-s… Mark D. Baushke
- Re: [Curdle] State of draft-ietf-curdle-ssh-kex-s… Salz, Rich
- Re: [Curdle] State of draft-ietf-curdle-ssh-kex-s… Ron Frederick
- Re: [Curdle] State of draft-ietf-curdle-ssh-kex-s… Mark D. Baushke
- Re: [Curdle] State of draft-ietf-curdle-ssh-kex-s… Mark D. Baushke
- Re: [Curdle] State of draft-ietf-curdle-ssh-kex-s… denis bider