IETF Logo Mail Archive

Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?

"Mark D. Baushke" <mdb@juniper.net> Mon, 13 July 2020 20:54 UTC

Return-Path: <mdb@juniper.net>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3F533A09E4 for <curdle@ietfa.amsl.com>; Mon, 13 Jul 2020 13:54:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.12
X-Spam-Level:
X-Spam-Status: No, score=-2.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=BWRa6VkA; dkim=pass (1024-bit key) header.d=juniper.net header.b=GxUyJMU9
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KPG-l0WGwS5d for <curdle@ietfa.amsl.com>; Mon, 13 Jul 2020 13:54:25 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EDCB53A09DF for <curdle@ietf.org>; Mon, 13 Jul 2020 13:53:59 -0700 (PDT)
Received: from pps.filterd (m0108158.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 06DKmOPs006437; Mon, 13 Jul 2020 13:53:59 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : cc : subject : in-reply-to : references : from : mime-version : content-type : content-id : date : message-id; s=PPS1017; bh=WBoftte6qAhSiG9i/96AQO+X7URarKLRiG4pGx/qcxk=; b=BWRa6VkAIyltNgyCkww98Y0MPiCkkgO+4VONlLU1twncRVyEWyEacjszSQSFzb+H9ih9 0/xmPqzZ6aagzMy4eCE7JrIF8eL20pTM1SzxSS4V8StCWsbdwJ/Ws5r/j4BnPBtR3tDt d/ZlvI44zJ79Zf32q8c5uaFQ62BtS9WbpiLfWtW94oC95TRX8wP5yzHZXNsZMaLbly8q gA1Ko+XRmg5iYjCIKvETrK68Lkjm/+O005QoafQv0D5518J5wGjUfmcr2joic87mb19b n2ffd15WzAEG3hVUlBJCBySz8EiYykYPGbLCkzNqLnUfsZJ6yP/fXbUMf4ERl5bZerxE FQ==
Received: from nam12-mw2-obe.outbound.protection.outlook.com (mail-mw2nam12lp2047.outbound.protection.outlook.com [104.47.66.47]) by mx0a-00273201.pphosted.com with ESMTP id 3279v2bh6w-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Jul 2020 13:53:59 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aJ8GBIMfcpdaVXTzzvLaWvWuVx9jjiQ3IS35syPsvm6CijUrSUvFWOAJdtvaDqeWvGVj+cRLLCOqfWCTZ2DiiDZ2wNcU+fC+nVrNMad23kt4S+BVxwhmfz4chZo3ttibgj7mVCtzALBUGRMaosh7v18V+Bswjw8IFO1BzS8VMUoEERpGuchKrZtvBe5zW6I43BpnJ2SlcKJ7h2giSXPPO7zZCAJSaxCI8hNYQu2tj5PxEWpU2LokXyKXVpju4GerVPaql3NXuwS4Na4ZD2kp7+s3giBziggNVNgS2/CkDHXl5zY6orIuE5G+l9z+E1PTn8eVYguJ81vIpf8pgb732g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WBoftte6qAhSiG9i/96AQO+X7URarKLRiG4pGx/qcxk=; b=mgO182ivzKHpcSfdXZKsAnjvlWC2e2hHrl4+Hh7cx96gxxphZuj9mMsG4P9UBZXBOE3Ty7R+QY2oMnxvO5b28B20QudAvuoCFQa/hniVqAWbE7lCUaRCORvwgychP/0WY77omDwo5vXZ6Cs2e01maL9RgJIqjQeXSDQA7pCd4/5HANtFcsHxhXfN716BSFmRB2KUsEyVqiVJsvnpDYORc1d84ov0VtW6koy5CQkK3tcjAQ3A7kXEfi2iZRgFY4eL8i21DX7W57HbU0HuvufJqd8V3Ow4+t7JjfdgIN98QkZ9wKRgOeQVEZea+9+6q0SPKmU3TkgYFH5c0lLWn0mq2g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip is 66.129.239.13) smtp.rcpttodomain=ietf.org smtp.mailfrom=juniper.net; dmarc=fail (p=reject sp=reject pct=100) action=oreject header.from=juniper.net; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WBoftte6qAhSiG9i/96AQO+X7URarKLRiG4pGx/qcxk=; b=GxUyJMU9NEbUP+xM6tuF3euMvCemPZUd0OFB48EsOhFvibSMno3A/TLctj/gv4yj6FoVbluuKta37H0zWGi9B+eJ2FBDyekt715ruwLUrFXJq4SBnFT93k+r1EHrfqqMq+EsUVWHtuV1hReby5nwM1GnaGssE7sTkBGx9odO0n8=
Received: from MWHPR02CA0024.namprd02.prod.outlook.com (2603:10b6:300:4b::34) by BY5PR05MB6961.namprd05.prod.outlook.com (2603:10b6:a03:1c8::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3195.9; Mon, 13 Jul 2020 20:53:56 +0000
Received: from CO1NAM05FT049.eop-nam05.prod.protection.outlook.com (2603:10b6:300:4b:cafe::16) by MWHPR02CA0024.outlook.office365.com (2603:10b6:300:4b::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.21 via Frontend Transport; Mon, 13 Jul 2020 20:53:55 +0000
X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is 66.129.239.13) smtp.mailfrom=juniper.net; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=fail action=oreject header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.13 as permitted sender)
Received: from P-EXFEND-EQX-02.jnpr.net (66.129.239.13) by CO1NAM05FT049.mail.protection.outlook.com (10.152.96.164) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3195.9 via Frontend Transport; Mon, 13 Jul 2020 20:53:55 +0000
Received: from P-EXBEND-EQX-02.jnpr.net (10.104.8.53) by P-EXFEND-EQX-02.jnpr.net (10.104.8.55) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 13 Jul 2020 13:53:48 -0700
Received: from p-mailhub01.juniper.net (10.104.20.6) by P-EXBEND-EQX-02.jnpr.net (10.104.8.53) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Mon, 13 Jul 2020 13:53:48 -0700
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [10.160.0.88]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id 06DKrlIs012248; Mon, 13 Jul 2020 13:53:47 -0700 (envelope-from mdb@juniper.net)
To: IETF curdle <curdle@ietf.org>, IETF ssh <ietf-ssh@netbsd.org>
CC: Mouse <mouse@Rodents-Montreal.ORG>
In-Reply-To: <202007131952.PAA23582@Stone.Rodents-Montreal.ORG>
References: <CADPMZDB8oXAg0g0oJvZmkK1XPhb28SQPnxwRmL9umzFXkH0ogQ@mail.gmail.com> <2306.1594546601@eng-mail01.juniper.net> <CAOp4FwQMcNHRd65U1A+zfT1Xyrqv7+kHU_Lh1tqMGsBQB2LrVA@mail.gmail.com> <53536.1594666321@eng-mail01.juniper.net> <202007131952.PAA23582@Stone.Rodents-Montreal.ORG>
Comments: In-reply-to: Mouse <mouse@Rodents-Montreal.ORG> message dated "Mon, 13 Jul 2020 15:52:01 -0400."
From: "Mark D. Baushke" <mdb@juniper.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <57587.1594673627.1@eng-mail01.juniper.net>
Date: Mon, 13 Jul 2020 13:53:47 -0700
Message-ID: <57588.1594673627@eng-mail01.juniper.net>
X-EXCLAIMER-MD-CONFIG: e3cb0ff2-54e7-4646-8a04-0dae4ac7b136
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:66.129.239.13; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:P-EXFEND-EQX-02.jnpr.net; PTR:InfoDomainNonexistent; CAT:NONE; SFTY:; SFS:(4636009)(136003)(346002)(376002)(396003)(39860400002)(46966005)(81166007)(47076004)(336012)(478600001)(356005)(2906002)(82310400002)(966005)(8676002)(26005)(8936002)(186003)(70586007)(426003)(316002)(70206006)(7696005)(4326008)(86362001)(5660300002)(82740400003)(110136005); DIR:OUT; SFP:1102;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 93a7b904-eebf-4927-2620-08d8276edb58
X-MS-TrafficTypeDiagnostic: BY5PR05MB6961:
X-Microsoft-Antispam-PRVS: <BY5PR05MB696111BDD8ACFEDB29177378BF600@BY5PR05MB6961.namprd05.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: U7aflEqdq4QNjQcgP2N9RBHjc6Shkd79huPR+mVtgNkZCBmCDnCUPYUV8oQfko+MhIw/mtiMukU018sBdgO4JfsVVgVzkdCGoX9SXkMpYXUov5S5/qVlkfQSvAKHl0lgm2DiElf4eSgC0o6QCO8gKR7APJ+If7gnaWaDXG7JPJKxMtYOxne6JKiWHRjs2k8hAKxWBZ8mazVAykQtU2Cv1HfADi3cPKjuSdDnCqvlSTwSqufeo90jj6HxTL6+JX2QjV5Euhe1kugB9OMvj5NDYeMQOEzP5oGviq1d7PYO+82MH0/HOcRgOmMXY/6M7a/3ITrv4+ZfXotKH4k2lg1WKVtTuLfccG9Zptq1fSp9y5LBznrsFYmsZuRaKLiAooHhY/FEs5NfwQNdCcfdlbbRJ2Y7jSCxrqixTmHYJhdGpoP9wrUuJUJ6Y2O00DRRHLDmMvX8TPBXFsUKXbTF8Djf8sZlDjE+5dvmgILI43PCHVI=
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Jul 2020 20:53:55.1808 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 93a7b904-eebf-4927-2620-08d8276edb58
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.13]; Helo=[P-EXFEND-EQX-02.jnpr.net]
X-MS-Exchange-CrossTenant-AuthSource: CO1NAM05FT049.eop-nam05.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR05MB6961
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-07-13_17:2020-07-13, 2020-07-13 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 mlxscore=0 malwarescore=0 phishscore=0 mlxlogscore=999 priorityscore=1501 lowpriorityscore=0 spamscore=0 impostorscore=0 adultscore=0 bulkscore=0 clxscore=1011 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2007130149
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/e06hJ9CYZamIKcVFK5J-m79TAxk>
Subject: Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jul 2020 20:54:28 -0000

Hi Mouse,

Mouse <mouse@Rodents-Montreal.ORG> writes:

> >   * diffie-hellman-group14-sha256
> >     [It is not clear to me how much longer 2048-bits will be considered
> >      strong enough.]
> 
> Surely it wouldn't be that big a deal to generate a prime of, say, 4k
> bits, or whatever size gives people suitably warm fuzzies, to replace
> the current group-14 prime?

It is not hard to generate FFC DH parameter sets.

The issue is that many folks are paranoid that someone will create a DH
Backdoor

    How to Backdoor Diffie-Hellman
    https://eprint.iacr.org/2016/644
    See also URL:
    https://github.com/mimoo/Diffie-Hellman_Backdoor

The RFC4419 code in fact provides for a method to help SSH by giving us
as many different ephemeral parameter sets as a server may wish to
generate.

> I'd be happy to do the crucnhing for it, and I can't be the only
> person with RNG hardware and enough spare cycles to invest in whatever
> level of primality assurance keeps people happy.

We already have a number of alternatives for larger sizes we could use
taken from RFC 3526 (group15, group16, group17, group18) which are based
on the ration of a cirlce's circumference to its diamete ("pi").

I suppose we could also adopt RFC 7919 based on natural logarithm ("e").

Someone could also generate a new set of safe primes based on some other
transcendental number (square root of "2" or some other number).

My question is if we should literally require all SSH implementations to
have a Mandatory To Implement (MTI) DH parameter set now which may need
to be deprecated in a 'short' (for some value of the word short) period
of time.

Personally, I like FFC DH. I would not mind seeing

  Diffie-Hellman-group16-sha512 (a 4096-bit prime) 

as an MTI for SSH.

However, denis bider <denisbider.ietf@gmail.com> wrote:

> I do not agree with this one:
>
> > diffie-hellman-group16-sha512   MUST
> 
> I find this too computationally expensive to justify "MUST" for
> servers. Last time I checked, this costs about 100 ms in server CPU
> time, more on weaker CPUs, and makes it trivial to DoS a
> resource-constrained server - no DDoS needed.

	Be safe, stay healthy,
	-- Mark

v2.23.0 | Report a Bug | By Email