Re: [Curdle] Which curves are MUST and SHOULD ?
"Mark D. Baushke" <mdb@juniper.net> Mon, 04 January 2021 20:21 UTC
Return-Path: <mdb@juniper.net>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4B6A3A103F for <curdle@ietfa.amsl.com>; Mon, 4 Jan 2021 12:21:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.449
X-Spam-Level:
X-Spam-Status: No, score=-0.449 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.25, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=DUf3cAeq; dkim=pass (1024-bit key) header.d=juniper.net header.b=S1L8KT0M
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CKpUy07sjpu1 for <curdle@ietfa.amsl.com>; Mon, 4 Jan 2021 12:21:01 -0800 (PST)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 321BC3A1037 for <curdle@ietf.org>; Mon, 4 Jan 2021 12:21:01 -0800 (PST)
Received: from pps.filterd (m0108158.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 104K4dOK028732; Mon, 4 Jan 2021 12:21:00 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : cc : subject : in-reply-to : references : from : mime-version : content-type : content-transfer-encoding : date : message-id; s=PPS1017; bh=zYATt0gIeFJkyhyt4Cm38PyJYjaF0D80ggRI7lie6R0=; b=DUf3cAeqB6mndEhambBweHLgi7UGBLZtk1Klp8eLFCTs0OzTmQmOxGgNfAhyl+Y/FBO2 PT+lQTz1K49RGa/r+4NsJXTR5yHnFCRsfVwd1HNigTUl1GUJn6N5wDxYiPefn0Cwddnx LHuILPj3FwHLD7KZwUo/pQ8mrVwQxEyBQuXqXp2LQn9q7gHuCjVUkKhX87ug7ma+O4ha 7z9ToTLUDh9FRrtnGSSG63cgiHHNWcBvn2dcuaZ+oEwmL8OonEK3sCL+m1lshavOcMY3 wVwyUDt2Jk4J2V5IskxZ5vrIYo4GC7MeaHCdvG0BbEITAn3JhlTXWbvXKRXnHWMAFoER nA==
Received: from nam11-bn8-obe.outbound.protection.outlook.com (mail-bn8nam11lp2172.outbound.protection.outlook.com [104.47.58.172]) by mx0a-00273201.pphosted.com with ESMTP id 35uppksc39-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 04 Jan 2021 12:21:00 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nZPi1Yw6yJpreyV44Re/lx809zVGtoZHsu8RAPELLKcxbr4B+ox/pTkhATfnMI78bzby9PbZ1Dnh07VvpH42ziPRaPPcMyf/omYZyS66zKkI1ZMekelPDRngZTjusOVB2r8ZpdfmBv5mVthlj/Tbu4iQDoPEYVM0pGP+HzgKJl2GqYcKQgMvF9Ls6hiCwh6Tbg08x95pdK/SQvFmIwk2O8d84iFjnFWLmkpyJu15b8+dG06FOeeDqcz/Khxs1zgC1LLe99ZQatE69D1cwRHxDnGNoASoxGFlX1lh68NnfwXSVRG7Ns9eb+BkPWV/hFg72KqQlH96ZEfI6/h78N0W8w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zYATt0gIeFJkyhyt4Cm38PyJYjaF0D80ggRI7lie6R0=; b=lwuaHDyFnU6FQUEdK8heFScrzXD7clgFflRKRbl5CXV8Pd6gsI2HE8j0DnwkUgPbEQSpvjwhu67Z2Wtp0lOGD7yrZvrSVi7L/qfWb4uXSkqbBAHOekzuu+qd+BGceD3fQIxC/OPuTZyF/2279cclZOQmyK53OPA6/lE6DwVsSXPiN+tXPQHyuq9vH03VtZpBpMEcnFk8qwGqcTrrdqZiquG1hF8227jCfPc7lg2sEi9I7cIqmwUObR+VlUKqD0iL0/76F4Y908dM9wJ8g/816UsL3SN8ANFRtJ5lortNdgNCMXd0gj0uNLQ+/I+VKTJOLgitq38F+i0oOMr0oWSAOg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip is 66.129.239.12) smtp.rcpttodomain=ietf.org smtp.mailfrom=juniper.net; dmarc=fail (p=reject sp=reject pct=100) action=oreject header.from=juniper.net; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zYATt0gIeFJkyhyt4Cm38PyJYjaF0D80ggRI7lie6R0=; b=S1L8KT0Mqu+zqOEOlQpT1kPlNefutdxoCgn9jP+hV9X9IIHmmOwITyhKARseH4Y7ccyOq8lSw2CwYUQJh/vFcviH19DmuRu1SZ1VjoFerKHIl4N2PvaNDmVtQBRm0RcfvhW34NJMaRdEti7RCLctUon1VseKlOCCVz9DHN3ZDlM=
Received: from BN9PR03CA0224.namprd03.prod.outlook.com (2603:10b6:408:f8::19) by BN8PR05MB6083.namprd05.prod.outlook.com (2603:10b6:408:44::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.2; Mon, 4 Jan 2021 20:20:58 +0000
Received: from BN8NAM12FT051.eop-nam12.prod.protection.outlook.com (2603:10b6:408:f8:cafe::6c) by BN9PR03CA0224.outlook.office365.com (2603:10b6:408:f8::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3721.20 via Frontend Transport; Mon, 4 Jan 2021 20:20:58 +0000
X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is 66.129.239.12) smtp.mailfrom=juniper.net; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=fail action=oreject header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender)
Received: from P-EXFEND-EQX-01.jnpr.net (66.129.239.12) by BN8NAM12FT051.mail.protection.outlook.com (10.13.182.230) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3742.4 via Frontend Transport; Mon, 4 Jan 2021 20:20:57 +0000
Received: from P-EXBEND-EQX-01.jnpr.net (10.104.8.52) by P-EXFEND-EQX-01.jnpr.net (10.104.8.54) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 4 Jan 2021 12:20:56 -0800
Received: from p-mailhub01.juniper.net (10.104.20.6) by P-EXBEND-EQX-01.jnpr.net (10.104.8.52) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Mon, 4 Jan 2021 12:20:56 -0800
Received: from eng-mail03.juniper.net (eng-mail03.juniper.net [10.108.22.11]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id 104KKtGQ016507; Mon, 4 Jan 2021 12:20:55 -0800 (envelope-from mdb@juniper.net)
Received: from eng-mail03 (localhost [127.0.0.1]) by eng-mail03.juniper.net (8.16.1/8.14.9) with ESMTP id 104KLtsK090137; Mon, 4 Jan 2021 12:21:55 -0800 (PST) (envelope-from mdb@juniper.net)
To: Hubert Kario <hkario@redhat.com>
CC: curdle@ietf.org
In-Reply-To: <0f4dce32-b362-43d8-85e0-9608ca3427ab@redhat.com>
References: <2CCABC30-F757-4659-9FF3-5AADDD51EE30@akamai.com> <4b681efd49274f03c7e0521e127e031426632ad0.camel@redhat.com> <CADZyTkk--kCWqE7q0Xi5C40V92MuZBktDzQGt_vPSZPiBy7v9w@mail.gmail.com> <18479.1606885358@eng-mail01.juniper.net> <20201205194724.GB64351@kduck.mit.edu> <37691.1607621661@eng-mail01.juniper.net> <1607647129866.76532@cs.auckland.ac.nz> <2917.1607672034@eng-mail01.juniper.net> <012AE120-2516-44F6-B729-ED342A137535@timeheart.net> <ED8F3B46-A5CC-4D14-A714-FD1C0AA67486@akamai.com> <12959BD6-F3AB-418B-8CE0-C3BE43999435@timeheart.net> <40887.1608233724@eng-mail03> <0f4dce32-b362-43d8-85e0-9608ca3427ab@redhat.com>
Comments: In-reply-to: Hubert Kario <hkario@redhat.com> message dated "Mon, 04 Jan 2021 17:53:38 +0100."
From: "Mark D. Baushke" <mdb@juniper.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 04 Jan 2021 12:21:50 -0800
Message-ID: <90135.1609791710@eng-mail03>
X-EXCLAIMER-MD-CONFIG: e3cb0ff2-54e7-4646-8a04-0dae4ac7b136
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: d8cf80bd-d2cc-4880-f529-08d8b0ee3efb
X-MS-TrafficTypeDiagnostic: BN8PR05MB6083:
X-Microsoft-Antispam-PRVS: <BN8PR05MB60838F6EA481C33C736D843EBFD20@BN8PR05MB6083.namprd05.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: iehTKOU+wDRj4vN4EiIuAMiODDigV0gSmCowt6O4aRm1LBOG4p3xEzNcvyUWjRNx3RbBawruvh5YGf3VIJ/i9NNQhCw53Ueb4r/dFvxfT8WFuyRwlnKN00wW9ElXZxzsYd5jCi83jcpfjFZokouUpjA+vly+xTdgDetwhHtQ3xFzl4LEP4+GCBkOfjPQ0unQSFuH2kAqH16UZd0+ufccTvypsjH3Flgk5HQCcTSuOCDoZGDzLPn+f+cWhYmpwbT1v452PaJ3ecsKb5m8ZySj+kcHG/vuvpy+I/EI7phldE7FPb+oXC1aJiBRJkJigR23UHWEfhG9a6RSmS/7+PulBV1hJW3yGArH1aogSCPOs9eaYHzirjY6m/JV4ruHFPFFI/gfrfs5Oh9vlCQ7YP63x8xjG3lpestAhopfNbcnYlXnavLB99c5OPsFejen6GElh/IsApY7FfnEGNX2n0uyKzi4vdxN9A2ZPir0GNlCpCw=
X-Forefront-Antispam-Report: CIP:66.129.239.12; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:P-EXFEND-EQX-01.jnpr.net; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(4636009)(376002)(346002)(396003)(39860400002)(136003)(46966006)(7126003)(356005)(478600001)(9686003)(6916009)(82740400003)(4326008)(33716001)(6666004)(8676002)(186003)(83380400001)(336012)(2906002)(81166007)(82310400003)(53546011)(426003)(26005)(8936002)(70206006)(70586007)(5660300002)(47076005)(86362001)(316002)(62816006); DIR:OUT; SFP:1102;
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Jan 2021 20:20:57.6920 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: d8cf80bd-d2cc-4880-f529-08d8b0ee3efb
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[P-EXFEND-EQX-01.jnpr.net]
X-MS-Exchange-CrossTenant-AuthSource: BN8NAM12FT051.eop-nam12.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR05MB6083
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737 definitions=2021-01-04_12:2021-01-04, 2021-01-04 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 mlxscore=0 malwarescore=0 suspectscore=0 priorityscore=1501 phishscore=0 adultscore=0 clxscore=1015 impostorscore=0 mlxlogscore=999 spamscore=0 bulkscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2101040125
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/XlEze7Fu4DEy32aCeFCZTw6Q1Do>
Subject: Re: [Curdle] Which curves are MUST and SHOULD ?
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jan 2021 20:21:03 -0000
Hubert Kario <hkario@redhat.com> writes: > On Thursday, 17 December 2020 20:35:24 CET, Mark D. Baushke wrote: > > Ron Frederick <ronf@timeheart.net> writes: > > > >> On Dec 15, 2020, at 8:09 AM, Salz, Rich <rsalz@akamai.com> wrote: > >>>> I’m not comfortable with algorithms going from REQUIRED to > >>>> SHOULD NOT without some kind of transitional period. My > >>>> suggestion would be to ease into this with SHOULD NOT for > >>>> now. If you want to discuss BCP in this draft, perhaps that > >>>> can be a separate section. > >>> > >>> We've done it before, MD5, short RSA/DH keys, etc. > >>> > >>> We shouldn't pretend that crypto-breaking advances haven't happened. > >>> > >>> Admins can make trade-offs anyway. > > > > I am under the impression that the audience here is the maintainers of > > SSHv2 software rather than the administrators that manage the sites > > using it. > > it's both Fair enough. Two kinds of stakeholders: a) "implementors" and b) "users" should mean more responses for the question. Okay. In the original RFC4253 specification both diffie-hellman-group1-sha1 and diffie-hellman-group14-sha1 were REQUIRED key exchanges. The group1 parameters in RFC4253 point to the 1024-bit MODP Second Oakley Group given in RFC2409 section 6.2 and RFC2412 section E.2. There are two issues with diffie-hellman-group1-sha1: 1) recent estimages are that it has roughly 80 bits of security strength, and 2) it uses SHA1 for hashing which is considered weak. If we choose "MUST NOT" for this key exchange, then we are going from "MUST" to "MUST NOT" which could be a hardship for low-end devices unable to run calculations to generate a shared secret using a larger MODP group if support is completely removed. If we choose "SHOULD NOT", then it is hoped that most implementors would default to not configuring this option by default, but may provide it for enviornments that need it. If we choose "MAY", then it is not certain if implementors or users will do much of anything different and this potentially insecure key exchange may continue to be used even when it may be a hazard to those that desire a more secure by default system. Are you an SSH impelmentor or user or both? Implementor User Both I would like to get a straw vote for the six *sha1* related key exchanges. I am proposing that the rsa1024-sha1-* kex be a MUST NOT and that all of the others be a SHOULD NOT. 1. For diffie-hellman-group1-sha1 what is your vote? MUST -- current for RFC4253 SHOULD MAY SHOULD NOT -- proposed in the -13 draft MUST NOT 2. For diffie-hellman-group14-sha1 what is your vote? MUST -- current for RFC4253 SHOULD MAY -- proposed in the -13 draft SHOULD NOT MUST NOT 3. For diffie-hellman-group-exchange-sha1 what is your vote? MUST SHOULD MAY -- current for RFC4419 SHOULD NOT -- proposed in the -13 draft MUST NOT 4. For rsa1024-sha1 what is your vote? MUST SHOULD MAY -- current for RFC4432 SHOULD NOT MUST NOT -- proposed in the -13 draft 5. For gss-gex-sha1-* what is your vote? MUST SHOULD -- current for RFC4462 MAY SHOULD NOT -- proposed in the -13 draft MUST NOT 6. For gss-group1-sha1-* what is your vote? MUST SHOULD -- current for RFC4462 MAY SHOULD NOT -- proposed in the -13 draft MUST NOT You may direct your votes to the list or to the chairs and me. Be safe, stay healthy, -- Mark
- [Curdle] Which curves are MUST and SHOULD ? Salz, Rich
- Re: [Curdle] Which curves are MUST and SHOULD ? Loganaden Velvindron
- Re: [Curdle] Which curves are MUST and SHOULD ? Simo Sorce
- Re: [Curdle] Which curves are MUST and SHOULD ? Daniel Migault
- Re: [Curdle] Which curves are MUST and SHOULD ? Mark D. Baushke
- Re: [Curdle] Which curves are MUST and SHOULD ? Benjamin Kaduk
- Re: [Curdle] Which curves are MUST and SHOULD ? Mark D. Baushke
- Re: [Curdle] Which curves are MUST and SHOULD ? Peter Gutmann
- Re: [Curdle] Which curves are MUST and SHOULD ? Ron Frederick
- Re: [Curdle] Which curves are MUST and SHOULD ? Mark D. Baushke
- Re: [Curdle] Which curves are MUST and SHOULD ? denis bider
- Re: [Curdle] Which curves are MUST and SHOULD ? Ron Frederick
- Re: [Curdle] Which curves are MUST and SHOULD ? Salz, Rich
- Re: [Curdle] Which curves are MUST and SHOULD ? Ron Frederick
- Re: [Curdle] Which curves are MUST and SHOULD ? Mark D. Baushke
- Re: [Curdle] Which curves are MUST and SHOULD ? Hubert Kario
- Re: [Curdle] Which curves are MUST and SHOULD ? Mark D. Baushke
- Re: [Curdle] Which curves are MUST and SHOULD ? Daniel Migault
- Re: [Curdle] Which curves are MUST and SHOULD ? Simo Sorce
- Re: [Curdle] Which curves are MUST and SHOULD ? Mark D. Baushke
- Re: [Curdle] Which curves are MUST and SHOULD ? Ron Frederick
- Re: [Curdle] Which curves are MUST and SHOULD ? Ron Frederick
- Re: [Curdle] Which curves are MUST and SHOULD ? denis bider
- Re: [Curdle] Which curves are MUST and SHOULD ? denis bider
- Re: [Curdle] Which curves are MUST and SHOULD ? Hubert Kario
- Re: [Curdle] Which curves are MUST and SHOULD ? Simo Sorce
- Re: [Curdle] Which curves are MUST and SHOULD ? denis bider
- [Curdle] Straw Poll still in progress for draft-i… Mark D. Baushke
- Re: [Curdle] Straw Poll still in progress for dra… denis bider
- Re: [Curdle] Straw Poll still in progress for dra… Daniel Migault
- Re: [Curdle] Straw Poll still in progress for dra… Mark D. Baushke
- Re: [Curdle] Straw Poll still in progress for dra… Loganaden Velvindron
- Re: [Curdle] Straw Poll still in progress for dra… Mark D. Baushke