Re: [Curdle] draft-ssorce-gss-keyex-sha2-00

"Mark D. Baushke" <mdb@juniper.net> Mon, 17 April 2017 05:15 UTC

Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender)
To: Simo Sorce <simo@redhat.com>, Hubert Kario <hkario@redhat.com>
CC: curdle@ietf.org
From: "Mark D. Baushke" <mdb@juniper.net>
Date: Sun, 16 Apr 2017 22:15:08 -0700
Message-ID: <39113.1492406108@eng-mail01.juniper.net>
Sender: mdb@juniper.net
MIME-Version: 1.0
Content-Type: text/plain
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Apr 2017 05:15:25.1613 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[p-emfe01a-sac.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR05MB2483
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/DHaXn85tAA4WAvYUYiHtVwCiHcA>
Subject: Re: [Curdle] draft-ssorce-gss-keyex-sha2-00
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Apr 2017 05:15:29 -0000

Hi Simo & Hubert,

Regarding your draft:
https://www.ietf.org/id/draft-ssorce-gss-keyex-sha2-00.txt

The reference to the -05 I-D.ietf-curdle-ssh-kex-sha2 should probably be
replaced with a reference to draft-ietf-curdle-ssh-modp-dh-sha2-04

Likewise, I-D.draft-ietf-curdle-ssh-curves-00.xml should become
I-D.draft-ietf-curdle-ssh-curves-04.xml for now.

I am somewhat curious why the same curves identified in RFC5656 as
nistp256, nistp384, and nistp521 are being called secp256r1, secp384r1,
secp521r1 in your draft in section 6. Is there a good reason to select
this form of the names?

I will note that gss-secp384r1-sha512-* should probably be
gss-secp384r1-sha384-* to be consistent with how RFC5656
felt security should be handled.

I do know that there is some controversy about supporting SHA2-384
rather than SHA2-256 and SHA2-512, but it has been argued that SHA2-384
does not expose as much of its internal state as does SH2-512 and that
it aligns more closely with the nistp384 curve.

	-- Mark

Re: [Curdle] draft-ssorce-gss-keyex-sha2-00 Mark D. Baushke
Re: [Curdle] draft-ssorce-gss-keyex-sha2-00 Mark D. Baushke
Re: [Curdle] draft-ssorce-gss-keyex-sha2-00 Hubert Kario
Re: [Curdle] draft-ssorce-gss-keyex-sha2-00 Simo Sorce