Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?

"Mark D. Baushke" <mdb@juniper.net> Mon, 13 July 2020 21:58 UTC

Return-Path: <mdb@juniper.net>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D86463A0DF6 for <curdle@ietfa.amsl.com>; Mon, 13 Jul 2020 14:58:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=ILCIwqoz; dkim=pass (1024-bit key) header.d=juniper.net header.b=Say6m+aW
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gqWXAupgalXE for <curdle@ietfa.amsl.com>; Mon, 13 Jul 2020 14:58:12 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6340E3A0DBD for <curdle@ietf.org>; Mon, 13 Jul 2020 14:58:11 -0700 (PDT)
Received: from pps.filterd (m0108162.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 06DLvxg8017359; Mon, 13 Jul 2020 14:58:10 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : subject : in-reply-to : references : from : mime-version : content-type : content-id : date : message-id; s=PPS1017; bh=UxcH+Zbjm7y91LfAHCz0FNLXNOe+A+JWL+hZ0yl9CII=; b=ILCIwqoz+cfvW5iUgMaB3pB9L/yua8464Dw2dMUUIyZVPaL/VoeKZ7PEUEryM62F56yB 5P3e3vXv/MicKoGvIQX+va7Y2odGgHSZ0WtmUJXHLZIeqBfgFnTDjgIQdlQa7lBhOWsM fqEC1pSu2Amac/RQUAanCFTZufWX+wMsLbc35H1hlyQtVQ2h0wAfc4VXTFvFhI5OOun8 VytZQi+Q63yqpMFmlRzPQAXqLUpcnInQRqx/ya3QNFqU+f9puy6jKPWftOgwyjHG5aUE TO+lFQyOArE0SiEV/XbFLPfkBVnFGeEymCiliUaQMbLvbwBMO5u50xDPsLXnJoeLc2bb Gg==
Received: from nam02-cy1-obe.outbound.protection.outlook.com (mail-cys01nam02lp2050.outbound.protection.outlook.com [104.47.37.50]) by mx0b-00273201.pphosted.com with ESMTP id 327bp93exs-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Jul 2020 14:58:10 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=F07sLbVUf34yXxkcYiKHc1WYuuCPQJRgRPIPLP4AxWB6dFdr+4zD7xAZ0wlet+kbZdVp+6ILPJKfDK0s605bNgy9Xpi8JODzgtq3jRgkMCY0SJcXZpKPdS9j9zIC3K0d8zG9k5ahU4fjZDOt3qii0mN5wS2iogtmEkMqozKZkSFfdMfGNrrC+hZEs3r4UpnJ6kkbQxXp6y0jA+SF8DaPli2Sziy8jd9OqR5pEDvL3pE+tYOUWHj04E/vEfgAvIrHVsnBhmGfQKZkyGJ0UgWkSP+DoOTVo3VmiYhnYxxVhNL5Q9TmCYn8eo3iTkGRe+GSDhyiMQctvsoUKeR8cv6FSw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UxcH+Zbjm7y91LfAHCz0FNLXNOe+A+JWL+hZ0yl9CII=; b=BtefYn4g1tS5rEj+pSCDbuae40DhZ1E3wgbjijYbe1D6jcwfD7FMREgAQsmf68e/Vb7dqMZ1k34MlnVZ0+RvOl8qP/rkd4LZANq6cAquduVDPpS11higO2QCbgg9fV//WCQEgFyJIg78e690+GveU9qLGt0wqCeyrjNtO7JgggbGt2nAzbf+/JK5rETvbKDc3PUugUUL39Ll4k1BnllnUjqLUbEoVeXdEo4FYDKnrsFIW8dxNFdWsKBFL9BvyExpL9P429e+MF3KdDNShjYOLPxY1mdInmd3sso0+b7y5qyDUUeJgLDM/2tSZSm9D30LAtwGZM4tu9YZQdwqaifHIQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip is 66.129.239.13) smtp.rcpttodomain=netbsd.org smtp.mailfrom=juniper.net; dmarc=fail (p=reject sp=reject pct=100) action=oreject header.from=juniper.net; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UxcH+Zbjm7y91LfAHCz0FNLXNOe+A+JWL+hZ0yl9CII=; b=Say6m+aWqXUxy4WN5BB6DpNqDdjBx6pzAlf8/ILk810oEOuV7Zb9zDaP82+JK+Wa1iSAY31obeu0SHpGnTdGnBNSeNFMiuNf+/SdmcrFEfIzvrtpz1akqOqqCoSpi1TQETA6jdGIw4rFoPdc7HAmr0+Z0th5HGmiXW+XcjXZn28=
Received: from CO2PR04CA0189.namprd04.prod.outlook.com (2603:10b6:104:5::19) by MWHPR05MB3006.namprd05.prod.outlook.com (2603:10b6:300:63::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3195.9; Mon, 13 Jul 2020 21:58:08 +0000
Received: from CO1NAM05FT050.eop-nam05.prod.protection.outlook.com (2603:10b6:104:5:cafe::6e) by CO2PR04CA0189.outlook.office365.com (2603:10b6:104:5::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.20 via Frontend Transport; Mon, 13 Jul 2020 21:58:08 +0000
X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is 66.129.239.13) smtp.mailfrom=juniper.net; NetBSD.org; dkim=none (message not signed) header.d=none;NetBSD.org; dmarc=fail action=oreject header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.13 as permitted sender)
Received: from P-EXFEND-EQX-02.jnpr.net (66.129.239.13) by CO1NAM05FT050.mail.protection.outlook.com (10.152.96.165) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3195.9 via Frontend Transport; Mon, 13 Jul 2020 21:58:07 +0000
Received: from P-EXBEND-EQX-01.jnpr.net (10.104.8.52) by P-EXFEND-EQX-02.jnpr.net (10.104.8.55) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 13 Jul 2020 14:58:07 -0700
Received: from P-EXBEND-EQX-01.jnpr.net (10.104.8.52) by P-EXBEND-EQX-01.jnpr.net (10.104.8.52) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 13 Jul 2020 14:58:06 -0700
Received: from p-mailhub01.juniper.net (10.104.20.6) by P-EXBEND-EQX-01.jnpr.net (10.104.8.52) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Mon, 13 Jul 2020 14:58:06 -0700
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [10.160.0.88]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id 06DLw5H9023026; Mon, 13 Jul 2020 14:58:05 -0700 (envelope-from mdb@juniper.net)
To: <curdle@ietf.org>, <ietf-ssh@NetBSD.org>
In-Reply-To: <202007132140.RAA29842@Stone.Rodents-Montreal.ORG>
References: <CADPMZDB8oXAg0g0oJvZmkK1XPhb28SQPnxwRmL9umzFXkH0ogQ@mail.gmail.com> <2306.1594546601@eng-mail01.juniper.net> <CAOp4FwQMcNHRd65U1A+zfT1Xyrqv7+kHU_Lh1tqMGsBQB2LrVA@mail.gmail.com> <53536.1594666321@eng-mail01.juniper.net> <202007131952.PAA23582@Stone.Rodents-Montreal.ORG> <57588.1594673627@eng-mail01.juniper.net> <202007132140.RAA29842@Stone.Rodents-Montreal.ORG>
Comments: In-reply-to: Mouse <mouse@Rodents-Montreal.ORG> message dated "Mon, 13 Jul 2020 17:40:53 -0400."
From: "Mark D. Baushke" <mdb@juniper.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <60685.1594677485.1@eng-mail01.juniper.net>
Date: Mon, 13 Jul 2020 14:58:05 -0700
Message-ID: <60686.1594677485@eng-mail01.juniper.net>
X-EXCLAIMER-MD-CONFIG: e3cb0ff2-54e7-4646-8a04-0dae4ac7b136
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:66.129.239.13; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:P-EXFEND-EQX-02.jnpr.net; PTR:InfoDomainNonexistent; CAT:NONE; SFTY:; SFS:(4636009)(346002)(376002)(396003)(39860400002)(136003)(46966005)(5660300002)(8676002)(8936002)(4744005)(110136005)(70586007)(70206006)(316002)(86362001)(47076004)(478600001)(26005)(82740400003)(336012)(82310400002)(2906002)(83380400001)(7696005)(81166007)(356005)(426003)(186003); DIR:OUT; SFP:1102;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: eeb02c3e-6130-481b-fa00-08d82777d3c8
X-MS-TrafficTypeDiagnostic: MWHPR05MB3006:
X-Microsoft-Antispam-PRVS: <MWHPR05MB300629FCFDC917B1BF873606BF600@MWHPR05MB3006.namprd05.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: KhQanBLUA02SERQ1oPy3nGxd6TXTyzd8nxYTyIaITiqR4g2ktyzU1r0JFRnsVsE5Po1+WmaUSkAcRBxpNjXu3iCZsz1211bVWuP/CaFA4kswNY5c8qcW+FcmA8S3l0LWgpE6/k6em+2HKCLqy2uS9GJ2WZOToRvTcNvAluFvKBvo3czp4PZpoT1ZjzBeS1W2W52RdU7W1n22tslMTSMkI0pvMcz3i8KAtfxwlTjSEybA2XXAA8e6MGrmi4Nr4Ew0zoNceoU+X2pSsZg/Zb+s20lrYh3ihdyo75ANmjGR9Gi0wuzVwz502o86ezPpmW7ytvJj0OTIDh3n8yuCJaygszxzHKIvAD4fQuUBXvYb3W5AeCzusnU+SPtatvWZanusKxNVEDniACJxAYeV45/A9A==
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Jul 2020 21:58:07.9650 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: eeb02c3e-6130-481b-fa00-08d82777d3c8
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.13]; Helo=[P-EXFEND-EQX-02.jnpr.net]
X-MS-Exchange-CrossTenant-AuthSource: CO1NAM05FT050.eop-nam05.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR05MB3006
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-07-13_17:2020-07-13, 2020-07-13 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 clxscore=1015 mlxscore=0 lowpriorityscore=0 malwarescore=0 adultscore=0 priorityscore=1501 spamscore=0 bulkscore=0 impostorscore=0 suspectscore=22 mlxlogscore=999 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2007130157
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/RZVI4zvcVgyCQYXRazzCVrXLLRM>
Subject: Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jul 2020 21:58:18 -0000

[CC- Mouse <mouse@Rodents-Montreal.ORG>] Moue's mail bounces my direct
email.

Mouse <mouse@Rodents-Montreal.ORG> writes:

> > Someone could also generate a new set of safe primes based on some
> > other transcendental number (square root of "2" or some other
> > number).
> 
> The square root of 2 is not transcendental; it's irrational, yes, but
> it's algebraeic.

True enough, somehow the "2 raised to the power of" phrase got
accidentally deleted from my post. In otherwords, I meant the
Gelfond-Schneider constant or Hilbert number.

> > My question is if we should literally require all SSH implementations
> > to have a Mandatory To Implement (MTI) DH parameter set now which may
> > need to be deprecated in a 'short' (for some value of the word short)
> > period of time.
> 
> The only reason I see to have any MUSTs (rather than SHOULDs) is
> interoperability.

Yes.

	Be safe, stay healthy,
	-- Mark