[Curdle] [Errata Verified] RFC9142 (7799)
RFC Errata System <rfc-editor@rfc-editor.org> Thu, 08 February 2024 21:44 UTC
Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D056C209B6C; Thu, 8 Feb 2024 13:44:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.658
X-Spam-Level:
X-Spam-Status: No, score=-1.658 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id okb9J_otLP2I; Thu, 8 Feb 2024 13:44:27 -0800 (PST)
Received: from rfcpa.amsl.com (rfcpa.amsl.com [50.223.129.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C5C6C1CAF93; Thu, 8 Feb 2024 13:44:27 -0800 (PST)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id 2F45E1A3A476; Thu, 8 Feb 2024 13:44:27 -0800 (PST)
To: ben.s3@ncsc.gov.uk, mbaushke.ietf@gmail.com
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: paul.wouters@aiven.io, iesg@ietf.org, curdle@ietf.org, iana@iana.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20240208214427.2F45E1A3A476@rfcpa.amsl.com>
Date: Thu, 08 Feb 2024 13:44:27 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/cRJ-IitW577MrkLDEQVcyqBnnMw>
Subject: [Curdle] [Errata Verified] RFC9142 (7799)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Feb 2024 21:44:31 -0000
The following errata report has been verified for RFC9142, "Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH)". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid7799 -------------------------------------- Status: Verified Type: Technical Reported by: Ben S <ben.s3@ncsc.gov.uk> Date Reported: 2024-02-07 Verified by: Paul Wouters (IESG) Section: 1.2.1 Original Text ------------- +============+=============================+ | Curve Name | Estimated Security Strength | +============+=============================+ | nistp256 | 128 bits | +------------+-----------------------------+ | nistp384 | 192 bits | +------------+-----------------------------+ | nistp521 | 512 bits | +------------+-----------------------------+ | curve25519 | 128 bits | +------------+-----------------------------+ | curve448 | 224 bits | +------------+-----------------------------+ Corrected Text -------------- +============+=============================+ | Curve Name | Estimated Security Strength | +============+=============================+ | nistp256 | 128 bits | +------------+-----------------------------+ | nistp384 | 192 bits | +------------+-----------------------------+ | nistp521 | 256 bits | +------------+-----------------------------+ | curve25519 | 128 bits | +------------+-----------------------------+ | curve448 | 224 bits | +------------+-----------------------------+ Notes ----- P-521 has approximately 256 bits of security (rather than 512), as per Table 1 of Section 6.1.1 of FIPS 186-5, and Section 9 Paragraph 5 of RFC 5656. -------------------------------------- RFC9142 (draft-ietf-curdle-ssh-kex-sha2-20) -------------------------------------- Title : Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) Publication Date : January 2022 Author(s) : M. Baushke Category : PROPOSED STANDARD Source : CURves, Deprecating and a Little more Encryption Area : Security Stream : IETF
- [Curdle] [Errata Verified] RFC9142 (7799) RFC Errata System