Re: [Curdle] draft-ietf-curdle-ssh-kex-sha2 and diffie-hellman-group1-sha1 (1024-bit DH)
Damien Miller <djm@mindrot.org> Thu, 20 July 2017 01:00 UTC
Return-Path: <djm@mindrot.org>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1392126E64 for <curdle@ietfa.amsl.com>; Wed, 19 Jul 2017 18:00:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V_fb-fvcClEZ for <curdle@ietfa.amsl.com>; Wed, 19 Jul 2017 18:00:19 -0700 (PDT)
Received: from newmailhub.uq.edu.au (mailhub2.soe.uq.edu.au [130.102.132.209]) by ietfa.amsl.com (Postfix) with ESMTP id 6EB001200ED for <curdle@ietf.org>; Wed, 19 Jul 2017 18:00:18 -0700 (PDT)
Received: from smtp1.soe.uq.edu.au (smtp1.soe.uq.edu.au [10.138.113.40]) by newmailhub.uq.edu.au (8.14.5/8.14.5) with ESMTP id v6K10FAU039353; Thu, 20 Jul 2017 11:00:16 +1000
Received: from mailhub.eait.uq.edu.au (hazel.eait.uq.edu.au [130.102.60.17]) by smtp1.soe.uq.edu.au (8.14.5/8.14.5) with ESMTP id v6K10Fov051621 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 20 Jul 2017 11:00:15 +1000
Received: from haru.mindrot.org (haru.mindrot.org [130.102.96.5]) by mailhub.eait.uq.edu.au (8.15.1/8.15.1) with ESMTP id v6K10Emw029534; Thu, 20 Jul 2017 11:00:14 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1]) by haru.mindrot.org (OpenSMTPD) with ESMTP id 1da6fc08; Thu, 20 Jul 2017 10:59:39 +1000 (AEST)
Date: Thu, 20 Jul 2017 10:59:39 +1000
From: Damien Miller <djm@mindrot.org>
To: "Mark D. Baushke" <mdb@juniper.net>
cc: curdle@ietf.org
In-Reply-To: <82005.1500305248@eng-mail01.juniper.net>
Message-ID: <alpine.BSO.2.20.1707201053511.14080@haru.mindrot.org>
References: <22892.35863.542104.942153@fireball.acr.fi> <82005.1500305248@eng-mail01.juniper.net>
User-Agent: Alpine 2.20 (BSO 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
X-Scanned-By: MIMEDefang 2.73 on UQ Mailhub
X-Scanned-By: MIMEDefang 2.75 on 130.102.60.17
X-UQ-FilterTime: 1500512416
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/PvGBxSIcRVnyO-12hUh_ZokrnI4>
Subject: Re: [Curdle] draft-ietf-curdle-ssh-kex-sha2 and diffie-hellman-group1-sha1 (1024-bit DH)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jul 2017 01:00:23 -0000
On Mon, 17 Jul 2017, Mark D. Baushke wrote: > Hi Tero, > > Tero Kivinen <kivinen@iki.fi> writes: > > > I think it is bad idea to go from MUST to implement algorithm to MUST > > NOT implement in one step. Especially as this will make all current > > ssh implementations non-conforming as they do still implement > > diffie-hellman-group1-sha1 even when it might be disabled by default. > > I see your point. > > > We are defining here a MUST implement and MUST not implement, not MUST > > use and MUST NOT use recommendations. > > For reference, there are five key exchanges that > draft-ietf-curdle-ssh-kex-sha2-08 marks as "MUST NOT" > > Key Exchange Method Name Reference Implement > ---------------------------------- ---------- --------- > diffie-hellman-group1-sha1 RFC4253 MUST NOT > diffie-hellman-group-exchange-sha1 RFC4419 MUST NOT > gss-gex-sha1-* RFC4462 MUST NOT > gss-group1-sha1-* RFC4462 MUST NOT > rsa1024-sha1 RFC4432 MUST NOT > > Of these, only diffie-hellman-group1-sha1 is moving from MUST to MUST > NOT. Due to 1024-bit Diffie-Hellman being considered by many as having > too little security (the same would be true of gss-group1-sha1-*). > > What transition period is desirable for taking group1 "MUST" to "SHOULD > NOT" to "MUST NOT" ? Is it possible to codify both "SHOULD NOT" and > "MUST NOT" time frames into one RFC? Anecdata: OpenSSH has disabled diffie-hellman-group1-sha1 by default for approximately two years in the client and for considerably longer in the server. Opinion: there's still enough old junk out there that optional support for diffie-hellman-group1-sha1 is probably necessary for a while longer. IMO this is probably worth an explicit note in the draft. -d
- [Curdle] draft-ietf-curdle-ssh-kex-sha2 and diffi… Tero Kivinen
- Re: [Curdle] draft-ietf-curdle-ssh-kex-sha2 and d… Russ Housley
- Re: [Curdle] draft-ietf-curdle-ssh-kex-sha2 and d… Tero Kivinen
- Re: [Curdle] draft-ietf-curdle-ssh-kex-sha2 and d… Mark D. Baushke
- Re: [Curdle] draft-ietf-curdle-ssh-kex-sha2 and d… Mark D. Baushke
- Re: [Curdle] draft-ietf-curdle-ssh-kex-sha2 and d… Tero Kivinen
- Re: [Curdle] draft-ietf-curdle-ssh-kex-sha2 and d… denis bider
- Re: [Curdle] draft-ietf-curdle-ssh-kex-sha2 and d… Peter Gutmann
- Re: [Curdle] draft-ietf-curdle-ssh-kex-sha2 and d… Damien Miller
- Re: [Curdle] draft-ietf-curdle-ssh-kex-sha2 and d… Peter Gutmann
- Re: [Curdle] draft-ietf-curdle-ssh-kex-sha2 and d… Damien Miller
- Re: [Curdle] draft-ietf-curdle-ssh-kex-sha2 and d… Peter Gutmann
- Re: [Curdle] draft-ietf-curdle-ssh-kex-sha2 and d… Damien Miller
- Re: [Curdle] draft-ietf-curdle-ssh-kex-sha2 and d… Peter Gutmann
- Re: [Curdle] draft-ietf-curdle-ssh-kex-sha2 and d… Damien Miller
- Re: [Curdle] draft-ietf-curdle-ssh-kex-sha2 and d… Mark D. Baushke