Re: [Curdle] [Technical Errata Reported] RFC9142 (7799)
mbaushke ietf <mbaushke.ietf@gmail.com> Wed, 07 February 2024 16:20 UTC
Return-Path: <mbaushke.ietf@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 277BCC14F6AC for <curdle@ietfa.amsl.com>; Wed, 7 Feb 2024 08:20:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xqyB4v11hjd3 for <curdle@ietfa.amsl.com>; Wed, 7 Feb 2024 08:20:52 -0800 (PST)
Received: from mail-pg1-x52d.google.com (mail-pg1-x52d.google.com [IPv6:2607:f8b0:4864:20::52d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F332C14F6B1 for <curdle@ietf.org>; Wed, 7 Feb 2024 08:20:52 -0800 (PST)
Received: by mail-pg1-x52d.google.com with SMTP id 41be03b00d2f7-5c6bd3100fcso615147a12.3 for <curdle@ietf.org>; Wed, 07 Feb 2024 08:20:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1707322851; x=1707927651; darn=ietf.org; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=hMADVhvnM/kpuqT+BlJmjTt3jW7engYxtIpLdv2lCgM=; b=gy10yoJu6WtJxegckAb/+wsGmva/GRfP0GJU/xHHmPeI5fMhTxTzjofMc7nrmtFNt2 APGNOZjwgjqCOPXbCL5ALGehf4puIYvbs9PtuK8I2UCA1TZdRitMscwdSO0T2t4nliqt tNJTcee7Fp2xZpuPduE3AuQBzHU6D7xlP3a0LIwzRjFRosZ4VzY4ExU9YAYOxxxwblXk OCR+iWptB7gvKZg9LqoQBqSkvXp1yelPekynB7pgdP0BGsCH1ZwBf5oQ/DTteOzfhnFf R20eqEDeQf63DcXwjWlbt6oGrFfEgpVNJSl1CcZpyFIM4G9mkbzRG5IC9WKG/ghjtOsy Rgig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707322851; x=1707927651; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hMADVhvnM/kpuqT+BlJmjTt3jW7engYxtIpLdv2lCgM=; b=g7Fw3ijldEPl+t/EgXLFzgf8OGhvHgyI6FAPbilc3B8B5Y3KrezHYL417qdBDlXXb1 bSTHAjc4Tw2UaAB9YJZbcgQO3EyA4F3pjbkUCSty3l8d0RsRhdXRS5Ls45cHcdVO2npr wZDWMx4zO7dVzQ3rQ3J7m8Kp9XLUALv29MQh8n5auNO56es5h5/hLVNiQphwqhplKRBZ xH9fici0sSmzGjmGIRqYvOyGOOkNEqhYklYQucnTsmlrTDpAfxSb6Vbjq+T9GCgTBvIs mW2lWHdm6B6YQre/VE4LsBtuyMmMHR1eIi7pq5JitckrmyHRaUAYVaDbxUXdHWdlVBYo s3tg==
X-Gm-Message-State: AOJu0YzJcauQ0qdbsLNQ+7tTeEAclaOVihXogw7pBK76X5H8xw8I/myh Lv+Fx2hDi9amSN5zoZn8UXQlBggR8l3sCv9xpeC7kYP07LrsFK5j
X-Google-Smtp-Source: AGHT+IEJnVaTjcFP1NhnVTzYqgfOB9azRS3unJFJugiAZ55TN4ICorh6a2tXN9tlr8beJagHD/9SRQ==
X-Received: by 2002:a05:6a20:979a:b0:19e:40d8:7112 with SMTP id hx26-20020a056a20979a00b0019e40d87112mr5303888pzc.6.1707322851197; Wed, 07 Feb 2024 08:20:51 -0800 (PST)
X-Forwarded-Encrypted: i=1; AJvYcCUPg5XNExV9RJe38oeBE0MJ/ahx1KUJoIniK4QY/FqJROMoTWjF7Hlz8Q3M52iW6gtbCwyhGkPqWP/lHhfo7nC6HKoRyTbs3+/ZjH2lcKG25R3DbAzX2IZM/uGmMlECa6hLjzxwWFrGP4pHLF2xXWD+MHsdbz+M5RHMw/Ygh+xT3pAZP54lA7pVlCg95Kvt32qbsRZh0daD/YRUL0Svk5syityaqdwP239V4F735JJXa5dL
Received: from smtpclient.apple (c-98-42-218-139.hsd1.ca.comcast.net. [98.42.218.139]) by smtp.gmail.com with ESMTPSA id n29-20020a056a000d5d00b006e0322f072asm1776695pfv.35.2024.02.07.08.20.50 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Feb 2024 08:20:50 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.4\))
From: mbaushke ietf <mbaushke.ietf@gmail.com>
In-Reply-To: <20240207151307.56DF718F0F68@rfcpa.amsl.com>
Date: Wed, 07 Feb 2024 08:20:49 -0800
Cc: rdd@cert.org, paul.wouters@aiven.io, daniel.migault@ericsson.com, rsalz@akamai.com, ben.s3@ncsc.gov.uk, curdle@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <3716D01F-FF03-4DB1-8127-7576E307F160@gmail.com>
References: <20240207151307.56DF718F0F68@rfcpa.amsl.com>
To: RFC Errata System <rfc-editor@rfc-editor.org>
X-Mailer: Apple Mail (2.3696.120.41.1.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/JDolrGVgoeqSe5Ve1AS69CPkx0Y>
Subject: Re: [Curdle] [Technical Errata Reported] RFC9142 (7799)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Feb 2024 16:20:56 -0000
The suggested revision is correct.
The nistp521 curve provides 256 bits of estimate security strength.
Please approve the update.
-- M. Baushke (author of RFC9142)
> On Feb 7, 2024, at 7:13 AM, RFC Errata System <rfc-editor@rfc-editor.org> wrote:
>
> The following errata report has been submitted for RFC9142,
> "Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH)".
>
> --------------------------------------
> You may review the report below and at:
> https://www.rfc-editor.org/errata/eid7799
>
> --------------------------------------
> Type: Technical
> Reported by: Ben S <ben.s3@ncsc.gov.uk>
>
> Section: 1.2.1
>
> Original Text
> -------------
> +============+=============================+
> | Curve Name | Estimated Security Strength |
> +============+=============================+
> | nistp256 | 128 bits |
> +------------+-----------------------------+
> | nistp384 | 192 bits |
> +------------+-----------------------------+
> | nistp521 | 512 bits |
> +------------+-----------------------------+
> | curve25519 | 128 bits |
> +------------+-----------------------------+
> | curve448 | 224 bits |
> +------------+-----------------------------+
>
> Corrected Text
> --------------
> +============+=============================+
> | Curve Name | Estimated Security Strength |
> +============+=============================+
> | nistp256 | 128 bits |
> +------------+-----------------------------+
> | nistp384 | 192 bits |
> +------------+-----------------------------+
> | nistp521 | 256 bits |
> +------------+-----------------------------+
> | curve25519 | 128 bits |
> +------------+-----------------------------+
> | curve448 | 224 bits |
> +------------+-----------------------------+
>
> Notes
> -----
> P-521 has approximately 256 bits of security (rather than 512), as per Table 1 of Section 6.1.1 of FIPS 186-5, and Section 9 Paragraph 5 of RFC 5656.
>
> Instructions:
> -------------
> This erratum is currently posted as "Reported". (If it is spam, it
> will be removed shortly by the RFC Production Center.) Please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party
> will log in to change the status and edit the report, if necessary.
>
> --------------------------------------
> RFC9142 (draft-ietf-curdle-ssh-kex-sha2-20)
> --------------------------------------
> Title : Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH)
> Publication Date : January 2022
> Author(s) : M. Baushke
> Category : PROPOSED STANDARD
> Source : CURves, Deprecating and a Little more Encryption
> Area : Security
> Stream : IETF
> Verifying Party : IESG
>
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle
- [Curdle] [Technical Errata Reported] RFC9142 (779… RFC Errata System
- Re: [Curdle] [Technical Errata Reported] RFC9142 … Russ Housley
- Re: [Curdle] [Technical Errata Reported] RFC9142 … mbaushke ietf
- Re: [Curdle] [Technical Errata Reported] RFC9142 … Paul Wouters
- Re: [Curdle] [Technical Errata Reported] RFC9142 … Deb Cooley
- Re: [Curdle] [Technical Errata Reported] RFC9142 … Paul Wouters