Re: [Curdle] Last Call: <draft-ietf-curdle-ssh-kex-sha2-14.txt> (Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH)) to Proposed Standard

denis bider <> Thu, 25 February 2021 19:51 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4EE493A1F2E; Thu, 25 Feb 2021 11:51:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id NPCuP-UdcRnO; Thu, 25 Feb 2021 11:51:47 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::329]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3A5A93A1F2B; Thu, 25 Feb 2021 11:51:47 -0800 (PST)
Received: by with SMTP id f33so6857652otf.11; Thu, 25 Feb 2021 11:51:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=o6kUKhOSt/UqzDdAJj/7CNVdfLwy/W/XgqUvV6kQxHw=; b=F8yI0Sd0c9D7DCMulBZ/N1xnGGPnYvTsi/weoAheCv32G1/6VBDZ1OkPp7LE2htSsl 1P2BeOGobr8/Nat/0tANIX4XaJac3Bc1pNvMvV8wW9RwbLlQ+Me+3ELaHZPAV1ne1sYb IK7ttioE1MPIEtpEyhPnF8bZ3LPEKRA73PHyQyla8NWm0U3Ucvok9vf4ZdnaDdWKwrSc U5fh/GSung2lFDBr+oIfFplnT0x90FW5Grtfzkk17y9dSgsBZxy5vb63oyEqs/QKxnUi Xzj9uC1d2Cq5Q5l2CzdxpjB1ilY12DceBS6M8QdnoGJD9TSyWkeX0eLPg+wCkAdMgE6y lIYQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=o6kUKhOSt/UqzDdAJj/7CNVdfLwy/W/XgqUvV6kQxHw=; b=eEGy4EU0feYTJBqvpAqBlH2XTRby+c3j6bApNxUV36O2MZzeaYpm2Ncc1biGbOnWBU V+lEaQU7USAueSwy0wkyzJwJqSdQYUIgn2EhvV0Qk6whS8nwSWT8Kbs4zrjPjX6Hp9Lc JbWjfdaMgPIRu2mOpISHchq4wYRcFx3C5wHUxjPWGANBnnrQHLe0Fe4i9ClbtWOwQRUa REpia7O+ck01LGj7GnUueRW9u3m0jIKaQX1A1dkj4Zz/Abu/WkBa1dwqjCkh35JkNmAK HaoSFlCp/PEMCEnUcv+Snk+jOF7bbufxZ7kWS1zlRfm2aM3co0mCbZkldQ0VWvgOCvqj +lQA==
X-Gm-Message-State: AOAM533aifncV8JkErQp5kcqzY8ZMPatCvkjrh5E3nzMorIQ92JZrCon 8n1XdwlvoW9luL4OIWhliSWf30YtyYMGAu22qr13DZd6
X-Google-Smtp-Source: ABdhPJzJjVCeqegz1U7/XP3OLskMIFNnZeQcuRMSguRqwYyIM4inNJpTXLQf6efdNmzjGBBapRXeU8ObsuQYLzufP3c=
X-Received: by 2002:a9d:4b1a:: with SMTP id q26mr1888110otf.117.1614282706555; Thu, 25 Feb 2021 11:51:46 -0800 (PST)
MIME-Version: 1.0
References: <> <> <> <> <> <> <>
In-Reply-To: <>
From: denis bider <>
Date: Thu, 25 Feb 2021 13:51:35 -0600
Message-ID: <>
To: "Salz, Rich" <>
Cc: Rene Struik <>, "Mark D. Baushke" <>, "" <>, "" <>, "" <>, "" <>, Daniel Migault <>
Content-Type: multipart/alternative; boundary="0000000000004a95eb05bc2e7b50"
Archived-At: <>
Subject: Re: [Curdle] Last Call: <draft-ietf-curdle-ssh-kex-sha2-14.txt> (Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH)) to Proposed Standard
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 25 Feb 2021 19:51:49 -0000

With regard to recent comments on this draft by Rene and Mališa:

- A number of the comments are welcome improvements. They will improve the
quality of the document and can be accommodated without substantially
resetting progress on the draft.

- Some other comments are fairly fundamental. For those things to be
seriously looked at, progress on the draft has to be effectively reset, and
a new consensus has to be sought.

A reason this draft has already taken as long as it has is that consensus
is difficult to achieve about a document that covers all of the SSH key
exchanges and attempts to make normative remarks. Now, reviewers who never
previously looked at this have different opinions about decisions that were
subject to prolonged discussions and consensus votes. These reviewers
appear to expect their views to be considered alongside the consensus -
perhaps to override it, invalidate it, correct it, or something of the sort.

I propose that reviews at this late stage should focus on changes that are
appropriate for this late stage, not changes that require a return to the
drafting board. If people have personal opinions about how things should be
done in SSH, then maybe they should get involved before last call.


On Thu, Feb 25, 2021 at 10:18 AM Salz, Rich <rsalz=> wrote:

>    - I do not have any fish to fry here, but I thought IETF Last-Call was
>    to get wider community feedback.
> I like that phrase. :)
> >The WGLC was June 14, 2017 on rev08, more than 3 1/2 years ago, so
> perhaps some perceptions may have changed since then. The draft also
> changed [1].
> And we had WG discussion on the changes. And a poll (
> about
> some of the issues.
> As for bad algorithms not being MUST NOT, the feeling was that we needed
> to have a transition period.
> Just trying to provide some context. I appreciate your feedback, as
> always, you’re quite good. :)
> _______________________________________________
> Curdle mailing list