Re: [Curdle] new-AD review comments on draft-ietf-curdle-gss-keyex-sha2-08
Benjamin Kaduk <kaduk@mit.edu> Wed, 08 May 2019 15:52 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7E7C1200DF; Wed, 8 May 2019 08:52:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VWY0Ue1l7wbL; Wed, 8 May 2019 08:52:14 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04BB6120136; Wed, 8 May 2019 08:52:13 -0700 (PDT)
Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x48FqApQ031087 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 8 May 2019 11:52:12 -0400
Date: Wed, 08 May 2019 10:52:09 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: "Mark D. Baushke" <mdb@juniper.net>
Cc: curdle@ietf.org, draft-ietf-curdle-gss-keyex-sha2@ietf.org
Message-ID: <20190508155209.GD30884@kduck.mit.edu>
References: <20190508150604.GB30884@kduck.mit.edu> <15353.1557330147@contrail-ubm16-mdb.svec1.juniper.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <15353.1557330147@contrail-ubm16-mdb.svec1.juniper.net>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/L9A-lLzI_nh_LlS4MWIRi_ZgQbo>
Subject: Re: [Curdle] new-AD review comments on draft-ietf-curdle-gss-keyex-sha2-08
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 May 2019 15:52:18 -0000
Hi Mark, On Wed, May 08, 2019 at 08:42:27AM -0700, Mark D. Baushke wrote: > Hi Ben, > > In RFC 8268, I tried (and apparently failed) to say that the NSA IAD > appears to prefer the use of SHA2-384 for TOP SECRET documents, but that > the SHA2-256, SHA2-384, and SHA2-512 hashing functions are all NIST > approved for FIPS 140-2 Implementation Guidance. Given that 8268 still uses SHA-256 it is clearly not forbidden to do so; my comment here was mostly of an editorial nature, that the word "rationale" does not seem to match up well with the reference. I don't think we need to change what we're doing in this document; we just may want to change how we talk about what we're doing. > The rationale for SHA2-384 being 'better' for TOP SECRET is apparently > that there are 1024 bits in the internal state of the hashing algorithm, > so 640 bits are kept private while for SHA2-256 there are 512 bits in > the internal state, half of which are public and half of which are > private. > > The only weak DH group which should be deprecated is the > diffie-hellman-group1-sha1 and that mostly because of logjam > (https://en.wikipedia.org/wiki/Logjam_(computer_security). I'm not opposed to adding that in to this document (instead of removing the bit from the abstract), but it might require another IETF LC if we choose to go that route. > I have been remiss in addressing the AD comments and submitting an > updated draft of draft-ietf-curdle-ssh-curves (Secure Shell (SSH) Key > Exchange Method using Curve25519 and Curve448), so there is no RFC > listing for those key exchange methods in the IANA repository (URL: > https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml ). > > I have not yet compared RFC7748 to the implementations of Curve25519 > that exist in many SSH implementations which is one of the reasons that > draft-ietf-curdle-ssh-curves has not been updated. The draft was trying > to document a well deployed curve25519@libssh.org to ensure > interoperability. Thanks for the extra background; let's hope that we can both find some time to work on our respective backlogs :) -Ben
- [Curdle] new-AD review comments on draft-ietf-cur… Benjamin Kaduk
- Re: [Curdle] new-AD review comments on draft-ietf… Mark D. Baushke
- Re: [Curdle] new-AD review comments on draft-ietf… Benjamin Kaduk
- Re: [Curdle] new-AD review comments on draft-ietf… Hubert Kario
- Re: [Curdle] new-AD review comments on draft-ietf… Simo Sorce
- Re: [Curdle] new-AD review comments on draft-ietf… Benjamin Kaduk
- Re: [Curdle] new-AD review comments on draft-ietf… Benjamin Kaduk