[Curdle] John Scudder's No Objection on draft-ietf-curdle-ssh-kex-sha2-19: (with COMMENT)
John Scudder via Datatracker <noreply@ietf.org> Thu, 15 July 2021 00:12 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: curdle@ietf.org
Delivered-To: curdle@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2597C3A0FDD; Wed, 14 Jul 2021 17:12:09 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: John Scudder via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-curdle-ssh-kex-sha2@ietf.org, curdle-chairs@ietf.org, curdle@ietf.org, mglt.ietf@gmail.com, mglt.ietf@gmail.com
X-Test-IDTracker: no
X-IETF-IDTracker: 7.34.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: John Scudder <jgs@juniper.net>
Message-ID: <162630792906.25938.15234845078114449387@ietfa.amsl.com>
Date: Wed, 14 Jul 2021 17:12:09 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/f2Q9MGFDtjXdEhIfQKy-WsYk7Ns>
Subject: [Curdle] John Scudder's No Objection on draft-ietf-curdle-ssh-kex-sha2-19: (with COMMENT)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jul 2021 00:12:09 -0000
John Scudder has entered the following ballot position for draft-ietf-curdle-ssh-kex-sha2-19: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-curdle-ssh-kex-sha2/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Hi, Mark! Below are a few suggestions and comments. 1. Section 1.2 It is desirable for the security strength of the key exchange be chosen to be comparable with the security strength of the other elements of the SSH handshake. Attackers can target the weakest element of the SSH handshake. I think you mean “It is desirable that”, right? 2. Section 3 This RFC also collects key exchange method names in various existing RFCs [RFC4253], [RFC4419], [RFC4432], [RFC4462], [RFC5656], [RFC8268], [RFC8731], [RFC8732], and [RFC8308], and provides a suggested suitability for implementation of MUST, SHOULD, MAY, SHOULD NOT, and MUST NOT. Any method not explicitly listed MAY be implemented. It’s a little surprising that there’s no general guidance in the last sentence about minimal properties a method should have to qualify for MAY, vs. SHOULD NOT or MUST NOT. 3. Section 3.2.2 Given that diffie- hellman-group14-sha1 is being removed from MTI status Please expand MTI on first use. (You do expand it, but later in the document.)
- [Curdle] John Scudder's No Objection on draft-iet… John Scudder via Datatracker