Re: [Curdle] Which curves are MUST and SHOULD ?

"Mark D. Baushke" <mdb@juniper.net> Wed, 02 December 2020 05:02 UTC

Return-Path: <mdb@juniper.net>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32D283A0FF8 for <curdle@ietfa.amsl.com>; Tue, 1 Dec 2020 21:02:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.12
X-Spam-Level:
X-Spam-Status: No, score=-2.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=hhroGdBv; dkim=pass (1024-bit key) header.d=juniper.net header.b=ZKwtx80A
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cUrUV9KYkjMH for <curdle@ietfa.amsl.com>; Tue, 1 Dec 2020 21:02:47 -0800 (PST)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F2353A0FF6 for <curdle@ietf.org>; Tue, 1 Dec 2020 21:02:46 -0800 (PST)
Received: from pps.filterd (m0108156.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 0B24tNBx016667; Tue, 1 Dec 2020 21:02:44 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : cc : subject : in-reply-to : references : from : mime-version : content-type : content-id : date : message-id; s=PPS1017; bh=DDhj0pN4irfT7ChLeypDcfw2Q0RgerdsW7BDje8j9pE=; b=hhroGdBvNLHskJOh/C6X7RQNfdsrYYY4p3IAqV2JKJllBtumHlLkaYk43q16OL72N8sp GT/2BGiS8RaTaWl2geb15WuIec4USKRnUb5ieetaYiUWnSTbb6hV8LJLAnakPolJAXR2 ANyigH2uLh1pMKPR7h+6zFjetrPluBEvQJCG/VC9K7GlQKU754lrkD68jZxm85/VlINV +ub4N+TN6xjkTWdZqYaZZe2dXYHFKpZiFKD5jAt3q1bWxPjyIqOSN81RlR6ocv0o+nEU tXeyEF4jNwCCPmqGZ9RGcN/zX0LDsc4Q3pBALDOSF0mJSTNtKjGRxoBzlhqTl0Vj05Fx gA==
Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2100.outbound.protection.outlook.com [104.47.58.100]) by mx0a-00273201.pphosted.com with ESMTP id 355vjd8ttd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 01 Dec 2020 21:02:44 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DNP+aFDpOHqZqR4Four9FnbDI2U2I/4SLigGOtA3TbVE4Nwv/F3Yes+Gbp1SmyX00m0yyV+xogcrPdMWmUStNuvpYF2GWCptbDNNHnETs/VpUF3nqZdV5MyFGJygDCOT9QKCC0XTZZGp+AzVfxQTh0HskOtAAqruHWJUfhfl4r7aU7KKkTIUpEDyhbW7ckngCsVSRLMbn6KNnaIbftIfUbIBhRTBNGseZ+ZGbTZYyNJasjU9aq/R89TvQlH9c1osXgnqaQizKrTUqMp5aJIaZDkkUfFuBkHXnTnPzp2Uw9+/RtI7BMmL1LIi8t9WDvmSr4z3M08fABznCz/n+H83AQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DDhj0pN4irfT7ChLeypDcfw2Q0RgerdsW7BDje8j9pE=; b=LEBkgmoJECaUQYDks5sonPnjv5S7orZT0YrtXtEq9u1rUxjpNIQwWPoX+/eHxruc4KZFWaC3yJ18UiPrm2hISUDxHh83Nh8fSJJwbnUnfzkjYTgX1V6Eq4P5LAE+96f1lxlS7ZQdvsW7/+WAb6Ic8SMIa+DPw5XYLjT+iDsOAu6PD4cGN0oeILFu4D8teIadHXlmyOz4z3FaPtHJsXmmIfPeMV8iBY2hCCXwn0Bx1ymeWDBjHIKQLit1qqYmATPttRe0jRFjsXZPKSTEaBMPmFCpUEh6GKvffwtwfN5bEOAevVLF5iWV7s3UDIpgRGKlIwf1QGoPhuAru3qAVeBcXA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip is 66.129.239.12) smtp.rcpttodomain=gmail.com smtp.mailfrom=juniper.net; dmarc=fail (p=reject sp=reject pct=100) action=oreject header.from=juniper.net; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DDhj0pN4irfT7ChLeypDcfw2Q0RgerdsW7BDje8j9pE=; b=ZKwtx80AeGdsK2hwMYVHc9Jxk6sZT2otOaXYOsmQks/BXvLWempHhL+z+yx4sDkJYl34lZNw1ZyzcKLvwHpl27DHgmwah4Cm/DuoggUwapU5JYc++9ZsrU19sx+dfGmmgr9OjReiy84fyELWuNA+NfAl6nscBw8yZ85e7MhtDWE=
Received: from DM3PR12CA0137.namprd12.prod.outlook.com (2603:10b6:0:51::33) by MWHPR0501MB3706.namprd05.prod.outlook.com (2603:10b6:301:7e::38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.16; Wed, 2 Dec 2020 05:02:41 +0000
Received: from DM6NAM12FT058.eop-nam12.prod.protection.outlook.com (2603:10b6:0:51:cafe::a) by DM3PR12CA0137.outlook.office365.com (2603:10b6:0:51::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.17 via Frontend Transport; Wed, 2 Dec 2020 05:02:41 +0000
X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is 66.129.239.12) smtp.mailfrom=juniper.net; gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=fail action=oreject header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender)
Received: from P-EXFEND-EQX-01.jnpr.net (66.129.239.12) by DM6NAM12FT058.mail.protection.outlook.com (10.13.179.205) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3589.12 via Frontend Transport; Wed, 2 Dec 2020 05:02:40 +0000
Received: from P-EXBEND-EQX-01.jnpr.net (10.104.8.52) by P-EXFEND-EQX-01.jnpr.net (10.104.8.54) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 1 Dec 2020 21:02:39 -0800
Received: from p-mailhub01.juniper.net (10.104.20.6) by P-EXBEND-EQX-01.jnpr.net (10.104.8.52) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Tue, 1 Dec 2020 21:02:39 -0800
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [10.108.17.159]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id 0B252cet030564; Tue, 1 Dec 2020 21:02:38 -0800 (envelope-from mdb@juniper.net)
To: Daniel Migault <mglt.ietf@gmail.com>, Rich Salz <rsalz@akamai.com>
CC: Curdle Mailing List <curdle@ietf.org>
In-Reply-To: <CADZyTkk--kCWqE7q0Xi5C40V92MuZBktDzQGt_vPSZPiBy7v9w@mail.gmail.com>
References: <2CCABC30-F757-4659-9FF3-5AADDD51EE30@akamai.com> <4b681efd49274f03c7e0521e127e031426632ad0.camel@redhat.com> <CADZyTkk--kCWqE7q0Xi5C40V92MuZBktDzQGt_vPSZPiBy7v9w@mail.gmail.com>
Comments: In-reply-to: Daniel Migault <mglt.ietf@gmail.com> message dated "Tue, 01 Dec 2020 21:37:43 -0500."
From: "Mark D. Baushke" <mdb@juniper.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <18476.1606885358.1@eng-mail01.juniper.net>
Date: Tue, 01 Dec 2020 21:02:38 -0800
Message-ID: <18479.1606885358@eng-mail01.juniper.net>
X-EXCLAIMER-MD-CONFIG: e3cb0ff2-54e7-4646-8a04-0dae4ac7b136
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 5791e418-e9ec-4048-04ee-08d8967f7f1b
X-MS-TrafficTypeDiagnostic: MWHPR0501MB3706:
X-Microsoft-Antispam-PRVS: <MWHPR0501MB37069C6F4AE6C66894A76F67BFF30@MWHPR0501MB3706.namprd05.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: zhCWyikA8rFVpOOB1Yba9R1Fp7G0GCBJZ5q0oHwNuijIQQNUkTcWuQ9cjE57BgEWiMBn9G0U7xQKcfnA4mmaocsZ1aSJikg/i4XLTRnRlv/dCd7T3zU6uUhMDAySSYuh249EhFxu3OXGwingrr85Twn8kOm7EICXHEoQWUJ6eMKalB+zRpxJ43mAegf03VupthBlRa+Ersuna1fHr20Z4cgRC88NvxhY9CNoZ6LUBcO0EAuY26A0rUzdxZxKlIn3dBa5nHyYa4yHAmEXqRdAY/mlbc+Ac1ZiBjO2Mek90uprLP4wuA3Bc9v4JjWW+g8r7Kbk0ssQkYhHnK/uGvrJjGVIIPUpjYLozJuRgebijW5e49+OwAJ3zrHPVO0s+XQ85A0ptItD3YR6W32LghlmHXfnyCsSq8Sb9EY4egxzhlQ+Ka8FugQbhcgvDE+7leYjN2YtfrbpX8BeR0DwJtr0Q7GIVRjviukSMo2CeV6JnhrdMxY8MfhjitCcSpi0F8ptSubRazQpVvIAhDFn/WWbzzImnHdVS+3FxSwi3OBjrh0=
X-Forefront-Antispam-Report: CIP:66.129.239.12; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:P-EXFEND-EQX-01.jnpr.net; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(4636009)(376002)(136003)(346002)(39860400002)(396003)(46966005)(47076004)(70586007)(34020700004)(70206006)(81166007)(356005)(82740400003)(110136005)(316002)(966005)(478600001)(82310400003)(5660300002)(4326008)(83080400002)(86362001)(7696005)(8936002)(186003)(2906002)(26005)(426003)(336012)(8676002); DIR:OUT; SFP:1102;
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Dec 2020 05:02:40.9076 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 5791e418-e9ec-4048-04ee-08d8967f7f1b
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[P-EXFEND-EQX-01.jnpr.net]
X-MS-Exchange-CrossTenant-AuthSource: DM6NAM12FT058.eop-nam12.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR0501MB3706
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.312, 18.0.737 definitions=2020-12-01_12:2020-11-30, 2020-12-01 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 spamscore=0 priorityscore=1501 mlxlogscore=999 bulkscore=0 clxscore=1011 mlxscore=0 adultscore=0 lowpriorityscore=0 phishscore=0 suspectscore=0 impostorscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2012020030
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/3OHCVwkrlneNkCek51eJ7gaxpFE>
Subject: Re: [Curdle] Which curves are MUST and SHOULD ?
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2020 05:02:49 -0000

Hi Folks,

Daniel Migault <mglt.ietf@gmail.com> writes:

> I think the reason for SHOULD is to let time for implementations to
> integrate it,

Yes.

> but since that is already the case I agree we can have it to MUST.

Actually, I am aware of only ten implementations that have support for
curve25519-sha256 ... if you know of more, please let me know.

> This also aligns with recommended modern TLS profile from mozilla.

Is there an Informative Reference I should add to this draft to
reference the TLS profile?

Looking at this URL:

  https://ssh-comparison.quendi.de/comparison/kex.html

(which I suspect does NOT include all SSH implementations some of which
are commercial).

I will note that the count of SSH implementations in support Key
Exchange algorithms and is not entirely relevant to this IETF Draft
given the intent of the draft is to increase the implementations that
support the SHOULD algorithms.

My primary intent for this draft is to deprecate 'weak' key exchanges
and to try to promote at least one new Mandatory to Implement algorithm
as well as provide guidance from this community as to which key
exchanges are desirable for implementors to converge on using. It is my
hope that the 'best' key exchanges for each of FFC and ECC and IFC
algorithms. I fully expect this RFC to be replaced in a few years as
techniques to attach the key exchanges in this draft are found to be
weak or vulnerable.

 Count         Key exchange

    45         diffie-hellman-group1-sha1
    44         diffie-hellman-group14-sha1
    38         diffie-hellman-group-exchange-sha1
    35         diffie-hellman-group-exchange-sha256
    30         ecdh-sha2-nistp256
    25         ecdh-sha2-nistp521
    25         ecdh-sha2-nistp384
    14         curve25519-sha256@libssh.org
    10         diffie-hellman-group14-sha256
    10         curve25519-sha256
     9         diffie-hellman-group16-sha512
     7         diffie-hellman-group18-sha512
     5         rsa2048-sha256
     5         rsa1024-sha1
     4         gss-gex-sha1-*
     4         ext-info-c
     4         diffie-hellman-group15-sha512
     3         gss-group14-sha1-*
     3         gss-group1-sha1-*
     3         ecdh-sha2-1.3.132.0.10 (this is the ansip256k1 curve)
     3         diffie-hellman-group17-sha512
     3         diffie-hellman-group16-sha256
     3         diffie-hellman-group15-sha256
     3         curve448-sha512
     2         diffie-hellman-group18-sha512@ssh.com
     2         diffie-hellman-group16-sha512@ssh.com
     2         diffie-hellman-group16-sha384@ssh.com
     2         diffie-hellman-group15-sha384@ssh.com
     2         diffie-hellman-group15-sha256@ssh.com
     2         diffie-hellman-group14-sha256@ssh.com
     1         kexguess2@matt.ucc.asn.au
     1         gss-nistp521-sha512-*
     1         gss-nistp384-sha256-*
     1         gss-nistp256-sha256-*
     1         gss-group18-sha512-*
     1         gss-group17-sha512-*
     1         gss-group16-sha512-*
     1         gss-group15-sha512-*
     1         gss-group14-sha256-*
     1         gss-gex-sha256-*
     1         gss-curve448-sha512-*
     1         gss-curve25519-sha256-*
     1         gss-13.3.132.0.10-sha256-*
     1         ext-info-s
     1         diffie-hellman-group14-sha224@ssh.com
     1         diffie-hellman-group-exchange-sha512@ssh.com
     1         diffie-hellman-group-exchange-sha384@ssh.com
     1         diffie-hellman-group-exchange-sha224@ssh.com
     0         ecmqv-sha2

Of course, this draft will NOT be listing the 'private' @domain.name
exchanges.

	Be safe, stay healthy,
	-- Mark