IETF Logo Mail Archive

Re: [Curdle] Kathleen Moriarty's Yes on draft-ietf-curdle-ssh-dh-group-exchange-05: (with COMMENT)

Ben Campbell <ben@nostrum.com> Fri, 15 September 2017 15:06 UTC

Return-Path: <ben@nostrum.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 250DB1333DD; Fri, 15 Sep 2017 08:06:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.88
X-Spam-Level:
X-Spam-Status: No, score=-1.88 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k4FFKR5FD3Z4; Fri, 15 Sep 2017 08:06:41 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13B7E1333AC; Fri, 15 Sep 2017 08:06:41 -0700 (PDT)
Received: from [10.0.1.82] (cpe-66-25-7-22.tx.res.rr.com [66.25.7.22]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id v8FF6aoQ026565 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 15 Sep 2017 10:06:37 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-66-25-7-22.tx.res.rr.com [66.25.7.22] claimed to be [10.0.1.82]
From: Ben Campbell <ben@nostrum.com>
Message-Id: <EBEA003F-0418-45A5-8FBD-077632C693E1@nostrum.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_61D17367-FDFB-42A5-9733-FC718891CD84"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Fri, 15 Sep 2017 10:06:36 -0500
In-Reply-To: <CAKKJt-etZb1nnXuhxsDZVu2oRUaqUxyD3-xG_0gVVOaQZdZqbQ@mail.gmail.com>
Cc: Loganaden Velvindron <logan@hackers.mu>, curdle <curdle@ietf.org>, draft-ietf-curdle-ssh-dh-group-exchange <draft-ietf-curdle-ssh-dh-group-exchange@ietf.org>, curdle <curdle-chairs@ietf.org>, Daniel Migault <daniel.migault@ericsson.com>, Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>, The IESG <iesg@ietf.org>
To: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
References: <150532612778.30489.12003202456500621755.idtracker@ietfa.amsl.com> <CAFDEUTdXRo4MG2=RR+gB0yYpnr1o229qpp+aOaMaDPc6qmnogg@mail.gmail.com> <CAKKJt-etZb1nnXuhxsDZVu2oRUaqUxyD3-xG_0gVVOaQZdZqbQ@mail.gmail.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/UlayalTvxi7WsD-RVPDBqEDs4XA>
Subject: Re: [Curdle] Kathleen Moriarty's Yes on draft-ietf-curdle-ssh-dh-group-exchange-05: (with COMMENT)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Sep 2017 15:06:43 -0000

> On Sep 15, 2017, at 9:04 AM, Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> wrote:
> 
> So, Kathleen's ballot thread, but since she and I share this curiosity …

Same here :-)

> >
> > I do agree with Spencer, the text that is non-normative reads as if this is
> > fully deprecating any recommendation below 2048, but then the normative text
> > just says SHOULD.  Is there a reason this is not MUST?  I know deprecating
> > things takes a long time.
> 
> Yes, it takes a long time, and also because of backward compatibility.
> We felt that "SHOULD" was sufficient at the time.
> 
> That doesn't surprise me (speaking only for myself).
> 
> It might be helpful to add a sentence explaining that the SHOULD is for backward compatibility.
> 
> That changes the incentives a bit - implementers have more incentive to implement a SHOULD if it's not a MUST *yet*, but when the community stops worrying about backward compatibility, it could be, and then other implementations won't interop with yours.
> 
> And, for extra credit, that could happen suddenly, if someone posts a clever attack on 1024-bit keys that requires minimal computing resources and includes an implementation that anyone can pick up ... so everyone else stops accepting shorter keys, like, today.
> 
> But do the right thing, of course.

I agree with Spencer’s comments, especially the one about adding text to explain the SHOULDs.

I also understand the need for a transition period. However, unconstrained SHOULDs leave things open ended. Was that the intent of the working group? Is there an expectation that these might be revised to MUSTs sometime in the future?

IIRC, Benoit mentioned the idea of logging or surfacing a warning if you receive less than 2048 bits. That seems like a good idea.

Thanks!

Ben.

v2.23.0 | Report a Bug | By Email