Re: [Curdle] AD Review of draft-ietf-curdle-ssh-kex-sha2-09

"Mark D. Baushke" <mdb@juniper.net> Tue, 30 July 2019 22:17 UTC

Return-Path: <mdb@juniper.net>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86FE912013F; Tue, 30 Jul 2019 15:17:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GQtR5GHw0tMU; Tue, 30 Jul 2019 15:17:02 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF562120113; Tue, 30 Jul 2019 15:17:02 -0700 (PDT)
Received: from pps.filterd (m0108156.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x6UMDn5K010756; Tue, 30 Jul 2019 15:17:02 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : cc : subject : in-reply-to : references : from : mime-version : content-type : content-id : date : message-id; s=PPS1017; bh=rRmiNxBpCkcwb4zBpy/fQhsXKRc+oCx9w4Xi9ol8D6o=; b=h7MynZXBZgspOyc6NZ/vUDVeyaZu/yyrXxUtRSVPvYg6KWQacRavgVOxtD5ggsEw7rz+ n4w9KyAOvTnSofiCLsYqfNIFfDunRXH9qN58ZnKP953XrwhTnyY4LYfXhRvmC2MhvNbm S9EIdLgUBunqUiiQVwwRVBaa3sAkdnXn02s+CWU/aaUHMSv/LT2sZVohPKM/L8tJDSIL AthHKXsrWs1orlXTE/E2UkCluf8sa5NLMqasV5CJh9rANVpfSt6RARystu0z4gGphXpL lisKsZb90BeCW8NsPwLDhE8JwLAIaGzoBupzWatR5eShLxY/NzMk86/M0Tfhad9siVyP sw==
Received: from nam02-cy1-obe.outbound.protection.outlook.com (mail-cys01nam02lp2050.outbound.protection.outlook.com [104.47.37.50]) by mx0a-00273201.pphosted.com with ESMTP id 2u2uwy08tp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 30 Jul 2019 15:17:01 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bQDvP1rB9SwsprnDDsVOUpPVVEI9GiUkz0CZMbATARS74c8lNqgj/3HWczY1wqV8QT6U/nhZ2MBbucK4u6dz/Qf8W35HotqhEr1TA5+6aeMxtyaKxxKVnGVv38f7w5fSCQY8fZTAeYwSJuISgeM8jIGElrzTse+PS1j79zk1mfDJA6YrEuUmoWztzB8GvCkrv5EpA1XyaB88OHSmwxix1UzWRvbJgbsdy1bxhbzohachLSn5h+HiHWN8fqZmNA+O4QirqNO7i/wrU6KcFnR3amuTnuGk7B2/jxCOqSO4dDMMri+suYugMnNYHr5I6xQgPdqCgYsGYXirvucs8hR9Ug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rRmiNxBpCkcwb4zBpy/fQhsXKRc+oCx9w4Xi9ol8D6o=; b=g6PMghr7yISvmYgAseNSftwt/S7lMg9IeVCgWHAOvKVqHebgkj5EgfTJK+686aQ/VRZ84KKEdBb/LukV5bowePmQEQJGjeL9lwXqRfnoetS5dENDpAZM5xbrcO6h5UhXHJL8W00rQudZozz18cwAACWe/IrnItgfh3s/u7JbjfeKFVchiwV0Z2fhZQywyZh8B6OibCgriiNbFNCvRDr9BvB9GjfaIDFtwOQlKmXcY7SIVlfFC4lBDI3x+fwpX40wsBXrPM8MXDlP7XQOBvvqKdEyUI8z/pXp77YN3w/p02rY8+suivfA1C3nC8ZluqRRumiA3A6VHjthHtQQTTTx/w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip is 66.129.239.12) smtp.rcpttodomain=mit.edu smtp.mailfrom=juniper.net; dmarc=fail (p=reject sp=quarantine pct=100) action=oreject header.from=juniper.net;dkim=none (message not signed);arc=none
Received: from MN2PR05CA0004.namprd05.prod.outlook.com (2603:10b6:208:c0::17) by BN8PR05MB6564.namprd05.prod.outlook.com (2603:10b6:408:57::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.10; Tue, 30 Jul 2019 22:16:59 +0000
Received: from CO1NAM05FT035.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e50::200) by MN2PR05CA0004.outlook.office365.com (2603:10b6:208:c0::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.10 via Frontend Transport; Tue, 30 Jul 2019 22:16:59 +0000
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender)
Received: from P-EXFEND-EQX-01.jnpr.net (66.129.239.12) by CO1NAM05FT035.mail.protection.outlook.com (10.152.96.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2136.7 via Frontend Transport; Tue, 30 Jul 2019 22:16:59 +0000
Received: from P-EXBEND-EQX-02.jnpr.net (10.104.8.53) by P-EXFEND-EQX-01.jnpr.net (10.104.8.54) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Tue, 30 Jul 2019 15:16:58 -0700
Received: from p-mailhub01.juniper.net (10.104.20.6) by P-EXBEND-EQX-02.jnpr.net (10.104.8.53) with Microsoft SMTP Server (TLS) id 15.0.1367.3 via Frontend Transport; Tue, 30 Jul 2019 15:16:58 -0700
Received: from contrail-ubm16-mdb.svec1.juniper.net ([10.163.18.199]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id x6UMGvPH013368; Tue, 30 Jul 2019 15:16:57 -0700 (envelope-from mdb@juniper.net)
To: Benjamin Kaduk <kaduk@mit.edu>
CC: <draft-ietf-curdle-ssh-kex-sha2.all@ietf.org>, curdle <curdle@ietf.org>
In-Reply-To: <20190730214600.GR47715@kduck.mit.edu>
References: <CABcZeBO9yTFwc0aUBoMOEbESbxaPiPHpGFTpBH=5RKJogLS2vg@mail.gmail.com> <20190730214600.GR47715@kduck.mit.edu>
Comments: In-reply-to: Benjamin Kaduk <kaduk@mit.edu> message dated "Tue, 30 Jul 2019 16:46:01 -0500."
From: "Mark D. Baushke" <mdb@juniper.net>
X-Phone: +1 408 745-2952 (Office)
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
X-Face: #8D_6URD2G%vC.hzU<dI&#Y9szHj$'mGtUq&d=rXy^L$-=G_-LmZ^5!Fszk:yXZp$k\nTF? 8Up0!v/%1Q[(d?ES0mQW8dRCXi18gK)luJu)loHk, }4{Vi`yX?p?crF5o:LL{6#eiO:(E:YMxLXULB k|'a*EjN.B&L+[J!PhJ*aX0n:5/
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <31216.1564525017.1@contrail-ubm16-mdb.svec1.juniper.net>
Date: Tue, 30 Jul 2019 15:16:57 -0700
Message-ID: <31217.1564525017@contrail-ubm16-mdb.svec1.juniper.net>
X-EXCLAIMER-MD-CONFIG: e3cb0ff2-54e7-4646-8a04-0dae4ac7b136
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:66.129.239.12; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(4636009)(396003)(136003)(39860400002)(376002)(346002)(2980300002)(189003)(199004)(68736007)(126002)(356004)(23726003)(316002)(8676002)(4744005)(476003)(426003)(86362001)(50226002)(8936002)(117636001)(47776003)(11346002)(70586007)(50466002)(478600001)(70206006)(81156014)(486006)(229853002)(446003)(336012)(97756001)(4326008)(2906002)(54906003)(53936002)(5660300002)(81166006)(2171002)(46406003)(6246003)(69596002)(16586007)(97876018)(26005)(6916009)(186003)(305945005)(76176011)(7696005)(62816006); DIR:OUT; SFP:1102; SCL:1; SRVR:BN8PR05MB6564; H:P-EXFEND-EQX-01.jnpr.net; FPR:; SPF:SoftFail; LANG:en; PTR:InfoDomainNonexistent; MX:1; A:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 05a085d6-fa3e-44bb-2763-08d7153ba3ed
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(4710121)(4711136)(1401327)(2017052603328); SRVR:BN8PR05MB6564;
X-MS-TrafficTypeDiagnostic: BN8PR05MB6564:
X-Microsoft-Antispam-PRVS: <BN8PR05MB65649D2106151DC389F346D8BFDC0@BN8PR05MB6564.namprd05.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-Forefront-PRVS: 0114FF88F6
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: NOyJgpdH2/CNWOpmk2UDAymjXwvYEd4HRYVxB0Me958/TSx82Eynk9WEhnlQvxNjwSM+q4cRP3vJhYrDdhQPtim3xw/Zq1KMLIBHBsTaQAmpDKzoyekCRgNhEXlsY1VCaQH2O/ow/eZzG9SXOwyWfxBpeW4Cwz27Q8+hjP3PxwAp6a/QPz4sMxhelGwCqb00M94fD2H2OTvPe1c9Zculs8ACAUcaR+HWmXjViwhsz6kaaBFzVPb+um/l/KUz/kAHWKI/C+sBiSfudSuTrJDcU9PhjwrE5aHW0M5M9+9TKWnjcPVB+BHHUunJfAwZ4DANvhYA44KmxN86BPTQkDjvVYBBtNvvgu6gDB2SLwLjM1Ls/CmqJEoZlqtRrQY7STc56/Eu+X6VDgxVFpqNHs5Ua3+C/K/9tPr419JFPrPWA8g=
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Jul 2019 22:16:59.1935 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 05a085d6-fa3e-44bb-2763-08d7153ba3ed
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[P-EXFEND-EQX-01.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR05MB6564
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-30_10:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=702 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1906280000 definitions=main-1907300222
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/Bmt_100BMUuVyUhNyNzVPVyGvlY>
Subject: Re: [Curdle] AD Review of draft-ietf-curdle-ssh-kex-sha2-09
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jul 2019 22:17:05 -0000

Hi Ben,

I did send private email to Eric suggesting that this draft should wait
until the other drafts had been published and all of CURdle could come
to consensus on what needs to be recommended or not.

My goal was to have a vehicle to deprecate diffie-hellman-group1
completely from a REQUIRED group to one that should not be supported and
the rest of the document was trying more to be a best practice document.
(I suspect it failed at conveying that.)

	-- Mark