Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2
Tero Kivinen <kivinen@iki.fi> Wed, 29 March 2017 16:08 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08073129443 for <curdle@ietfa.amsl.com>; Wed, 29 Mar 2017 09:08:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.12
X-Spam-Level:
X-Spam-Status: No, score=-1.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zYSRhYOL16WW for <curdle@ietfa.amsl.com>; Wed, 29 Mar 2017 09:08:56 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 453E7127201 for <curdle@ietf.org>; Wed, 29 Mar 2017 09:08:56 -0700 (PDT)
Received: from fireball.acr.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id v2TG8hIu021299 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 29 Mar 2017 19:08:43 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id v2TG8hn5023940; Wed, 29 Mar 2017 19:08:43 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Message-ID: <22747.56331.274710.114550@fireball.acr.fi>
Date: Wed, 29 Mar 2017 19:08:43 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: "Mark D. Baushke" <mdb@juniper.net>, "Salz, Rich" <rsalz@akamai.com>, curdle <curdle@ietf.org>
In-Reply-To: <1490771481840.11723@cs.auckland.ac.nz>
References: <CADZyTkmr0WF3BOBby3rObBGGQaqMUq=0Ssc7NB9PAgPFDrk7dA@mail.gmail.com> <30381.1490720068@eng-mail01.juniper.net> <6ab576118c6945f4ba888dd403cf2471@usma1ex-dag1mb1.msg.corp.akamai.com> <1490766071333.6018@cs.auckland.ac.nz> <57287.1490768257@eng-mail01.juniper.net> <1490771481840.11723@cs.auckland.ac.nz>
X-Mailer: VM 8.2.0b under 25.1.1 (x86_64--netbsd)
X-Edit-Time: 7 min
X-Total-Time: 20 min
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/F34Gn9yysiKgBppFFVzjvbOtvKA>
Subject: Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Mar 2017 16:08:58 -0000
Peter Gutmann writes: > You do however need to get one or more people to actually verify them. Until > I asked about this a few years ago and Henrick Hellström (who probably doesn't > work for the NSA or CIA :-) kindly obliged by running the tests, I don't know > if anyone else had ever independently verified the values in RFC 2409 and 3526 > (someone may have, but if they did they didn't publish the fact). I did verify the RFC 2409 primes (768, 1024, and 1536 bit groups) when I generated the RFC3526. I do not know if anybody else has verified the RFC3526 primes. I did verify the RFC 7919 groups in Honolulu IETF, and there was even typo in the draft at that point: https://www.ietf.org/mail-archive/web/tls/current/msg15716.html I also have page having primality proofs for the IKE and TLS groups on my web page: https://kivinen.iki.fi/primes/ > Uhh, that's kinda missing the point, you want values that *won't* be adopted > by everything else out there. Unless you compartmentalised and said "these > values are for SSH, these are for SSL, these are for IKE, these are for > everything else". I certainly don't want my SSH keyex to become collateral > damage in some government agency that really just set out to break IKE, or > VoIP, or SSL. Actually breaking SSH is much more useful than breaking IKE or TLS. The first time the adminstrator types sudo and his root password inside his ssh connection, the stored SSH stream comes very valuable for the attacker... Breaking IKE and TLS will most likely just give some boring email text from the IETF mailing lists :-) -- kivinen@iki.fi
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 denis bider
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Peter Gutmann
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Daniel Migault
- [Curdle] minutes for IETF98 Daniel Migault
- [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Mark D. Baushke
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Salz, Rich
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Martin Thomson
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Yoav Nir
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Peter Gutmann
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Mark D. Baushke
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Peter Gutmann
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Yoav Nir
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Tero Kivinen
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Tero Kivinen
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Tero Kivinen
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Anna Johnston
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Anna Johnston
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Peter Gutmann
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Peter Gutmann
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Salz, Rich
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Tero Kivinen
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Tero Kivinen
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Hubert Kario
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Hubert Kario
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Anna Johnston
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Hubert Kario
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Ilari Liusvaara
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Hubert Kario
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Ilari Liusvaara
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Kyle Rose
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Hubert Kario
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Mark D. Baushke
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Kyle Rose
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Ilari Liusvaara
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Mark D. Baushke
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Kyle Rose
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Hubert Kario
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Tero Kivinen
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Peter Gutmann
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Peter Gutmann
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Peter Gutmann
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Hubert Kario
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Tero Kivinen
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Anna Johnston
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Hubert Kario
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Anna Johnston
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Hubert Kario
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Anna Johnston
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 denis bider
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Hubert Kario