[Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 & draft-ietf-curdle-ssh-kex-sha2

"Mark D. Baushke" <mdb@juniper.net> Mon, 12 September 2016 04:09 UTC

Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.18 as permitted sender)
To: Curdle <curdle@ietf.org>
From: "Mark D. Baushke" <mdb@juniper.net>
Date: Sun, 11 Sep 2016 21:09:12 -0700
Message-ID: <41049.1473653352@eng-mail01.juniper.net>
Sender: mdb@juniper.net
MIME-Version: 1.0
Content-Type: text/plain
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2016 04:09:15.4100 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.18]; Helo=[p-emfe01a-sac.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN2PR0501MB991
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/RvBmXNbmm77o8RKIMzeRz7tsnjM>
Cc: IETF SSH <ietf-ssh@NetBSD.org>
Subject: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 & draft-ietf-curdle-ssh-kex-sha2
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Sep 2016 04:09:19 -0000

I have split out a new draft draft-ietf-curdle-ssh-modp-dh-sha2 [1]
(called "new-modp" in the Reference table below) forked from the
draft-ietf-curdle-ssh-kex-sha2-04 draft. It specifies the new MOD DH KEX
Groups that use SHA-2 hashes. This edition specifies both the new
diffie-hellman-group* names of the -04 revision as well as adding the
gss-group* names.

Before I update draft-ietf-curdle-ssh-kex-sha2-05 to point to it, I
would like to take a straw poll of which algorithms (if any) should be
defined as a MUST to implement. My personal preference was just
curve25519-sha256. However, at least a few implementors have said that
they were not planning to do any ECDH implementations. So, I am guessing
that "diffie-hellman-group14-sha256" may be the only one that everyone
might be able to agree is a MUST to implement.

Key Exchange Method Name              Reference     Note
curve25519-sha256                     ssh-curves    MUST
curve448-sha512                       ssh-curves    MAY
diffie-hellman-group-exchange-sha1    RFC4419       SHOULD NOT
diffie-hellman-group-exchange-sha256  RFC4419       MAY
diffie-hellman-group1-sha1            RFC4253       SHOULD NOT
diffie-hellman-group14-sha1           RFC4253       SHOULD
diffie-hellman-group14-sha256         new-modp      MUST
diffie-hellman-group15-sha512         new-modp      MAY
diffie-hellman-group16-sha512         new-modp      SHOULD
diffie-hellman-group17-sha512         new-modp      MAY
diffie-hellman-group18-sha512         new-modp      MAY
ecdh-sha2-nistp256                    RFC5656       SHOULD
ecdh-sha2-nistp384                    RFC5656       SHOULD
ecdh-sha2-nistp521                    RFC5656       SHOULD
ecdh-sha2-*                           RFC5656       MAY
ecmqv-sha2                            RFC5656       MAY
gss-gex-sha1-*                        RFC4462       SHOULD NOT
gss-group1-sha1-*                     RFC4462       SHOULD NOT
gss-group14-sha1-*                    RFC4462       SHOULD
gss-group14-sha256-*                  new-modp      SHOULD
gss-group15-sha512-*                  new-modp      MAY
gss-group16-sha512-*                  new-modp      SHOULD
gss-group17-sha512-*                  new-modp      MAY
gss-group18-sha512-*                  new-modp      MAY
gss-*                                 RFC4462       MAY
rsa1024-sha1                          RFC4432       SHOULD NOT
rsa2048-sha256                        RFC4432       MAY

I plan to post the above table in the new
draft-ietf-curdle-ssh-kex-sha2-05 draft
after 05:00 UTC on 12 September 2016.

Of course, everyone can still lobby for changes with the Curdle group, I
just don't want to generate a huge number of revisions if possible.

	Thank you,
	-- Mark

URL: [1] https://tools.ietf.org/html/draft-ietf-curdle-ssh-modp-dh-sha2-00

[Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 & dra… Mark D. Baushke
[Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 & dra… Tero Kivinen
Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 &… Mark D. Baushke
Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 &… Mark D. Baushke
Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 &… denis bider (Bitvise)
Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 &… Mark D. Baushke
Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 &… Tero Kivinen
Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 &… Mark D. Baushke
Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 &… Damien Miller
Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 &… Mark D. Baushke
Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 &… Damien Miller
Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 &… denis bider (Bitvise)