[Curdle] Looking for comments on draft-ietf-curdle-ssh-kex-sha2
"Mark D. Baushke" <mdb@juniper.net> Wed, 05 August 2020 16:57 UTC
Return-Path: <mdb@juniper.net>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 4FD863A0DBD
for <curdle@ietfa.amsl.com>; Wed, 5 Aug 2020 09:57:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=juniper.net header.b=JqC1rioz;
dkim=pass (1024-bit key)
header.d=juniper.net header.b=h2K36yGL
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id qhXCosIuEmW8 for <curdle@ietfa.amsl.com>;
Wed, 5 Aug 2020 09:57:14 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com
[208.84.65.16])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 078CA3A0DA6
for <curdle@ietf.org>; Wed, 5 Aug 2020 09:57:13 -0700 (PDT)
Received: from pps.filterd (m0108159.ppops.net [127.0.0.1])
by mx0a-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id
075GmuxW005708 for <curdle@ietf.org>; Wed, 5 Aug 2020 09:57:13 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net;
h=to : from : subject
: mime-version : content-type : content-id : content-transfer-encoding :
date : message-id; s=PPS1017;
bh=x2/emAUT5y4MqXKRcM8H9txev45riUlby1uPaWLCXqM=;
b=JqC1riozBprhZkqntiV3/QL1NikCYV4peeuadUfBRcmgYYJlQed3inGZGA/SI4hbtAil
sgUk4b8vOlyCga78yYjXLqzFlsg4fiCgrbrqSMcT6YPf4DYy38qPhX8JCGAGFZlbPYIJ
2wmFOT/UZYru7Qm5b8GA1D+m4lRVqd8rP3qcjT7+3Dl4UCaVU0K8CaEhRFO5nIrMYTPV
/t/ICBT7yo9KNKTge1msIuJb/0juBOH1k0HARWap4L+jnfIYlx4P61YYGxkTcFG6De4g
zGxWvNNuI8DMFZ9j3yWiPAf5OA62I6Jw6lfhAvpzWMYp29tmCyeE8si5JD3ueha0vzoU 3w==
Received: from nam11-dm6-obe.outbound.protection.outlook.com
(mail-dm6nam11lp2175.outbound.protection.outlook.com [104.47.57.175])
by mx0a-00273201.pphosted.com with ESMTP id 32n6cpxu1h-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
for <curdle@ietf.org>; Wed, 05 Aug 2020 09:57:13 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=H9mkKf2GctD9FsaVx+S8n4U35heqQEkRkES1KO7QNJcrhqchJxCKTeosOOqiSJsBcafqpblRt77Pr7R2HTdGGjcKPmT5TTw3zK7iIf0/kjhCLho5fxsCxc5vLdRE/LyydwkcxqfiVqCUCW/PiCw8mAt5it9GzeOKwUm6ujPZhnUj8WzSJrmUfVsSi5/yfgTLHq8cWBHhBqL+VybAiDoEqWBLkSZGjK8GVM+EuwwgUMcdL1C7n5clw0ZhdNtu9DV1pbQfTPJvZaoEv3Shiw4vLrZmxvKWfcJR/9mLhC1fzBpbAY7g5yGgZx6lxMehnO6S6iRn3IwTg0zpCWrZX4MSEw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=x2/emAUT5y4MqXKRcM8H9txev45riUlby1uPaWLCXqM=;
b=JwwYhNwnUSBbF9uePD8EThNzLMsaMIn2xqk7gurJIDl5/PoU80wLcUnK2Qwboh1K9paNySzz87S3UVgQaidOdyiDZQCHbRyLzUBLw5K/Gg+wWoTsUWu+vfKcyh4RiMtzeesVnabQpOOq2z/WCCRIEp37pYRbnMsokLCmsOvU30ayVAH1v8gOeLTd0DNVCFbirHF/jSfJsqN5PAqzGrfbAW2xhTmDp/VMVpp7qKekFiZGP0DSBrACIMGVH75IwRNtmAUzlDQOnxku1BZjMM3zmKgZsL/E3dAYoW+ijbl2dkRLuHThftrXDS4TAPqK9RujK1DLF0SQiYWw8bjPMV5Ogg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip
is 66.129.242.13) smtp.rcpttodomain=ietf.org smtp.mailfrom=juniper.net;
dmarc=fail (p=reject sp=reject pct=100) action=oreject
header.from=juniper.net; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=x2/emAUT5y4MqXKRcM8H9txev45riUlby1uPaWLCXqM=;
b=h2K36yGLytAqrq/vNf2vT0/9HrIroBpZzIwp3zv0zikWb6UpxGTcegAiRa3xf8xGdr/e5rYnUPAHxgkYK2cfo/JseRV8VPtm7uq7etXymWHD4BuXGpV83mLS+JqXCgJ8GMNq7nD9MfElJus2qCUrba4fg/3bNiLkF9DA3K36rMU=
Received: from DM5PR21CA0025.namprd21.prod.outlook.com (2603:10b6:3:ed::11) by
BL0PR05MB5267.namprd05.prod.outlook.com (2603:10b6:208:87::31) with
Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.3261.13; Wed, 5 Aug 2020 16:57:10 +0000
Received: from DM3NAM05FT048.eop-nam05.prod.protection.outlook.com
(2603:10b6:3:ed:cafe::53) by DM5PR21CA0025.outlook.office365.com
(2603:10b6:3:ed::11) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3283.2 via Frontend
Transport; Wed, 5 Aug 2020 16:57:10 +0000
X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is
66.129.242.13) smtp.mailfrom=juniper.net; ietf.org; dkim=none (message not
signed) header.d=none;ietf.org; dmarc=fail action=oreject
header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
juniper.net discourages use of 66.129.242.13 as permitted sender)
Received: from P-EXFEND-EQX-02.jnpr.net (66.129.242.13) by
DM3NAM05FT048.mail.protection.outlook.com (10.152.98.162) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id
15.20.3261.9 via Frontend Transport; Wed, 5 Aug 2020 16:57:09 +0000
Received: from P-EXBEND-EQX-01.jnpr.net (10.104.8.52) by
P-EXFEND-EQX-02.jnpr.net (10.104.8.55) with Microsoft SMTP Server (TLS) id
15.0.1497.2; Wed, 5 Aug 2020 09:57:07 -0700
Received: from p-mailhub01.juniper.net (10.104.20.6) by
P-EXBEND-EQX-01.jnpr.net (10.104.8.52) with Microsoft SMTP Server (TLS) id
15.0.1497.2 via Frontend Transport; Wed, 5 Aug 2020 09:57:07 -0700
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [10.160.0.88])
by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id 075Gv6RM026463;
Wed, 5 Aug 2020 09:57:06 -0700 (envelope-from mdb@juniper.net)
To: <curdle@ietf.org>
From: "Mark D. Baushke" <mdb@juniper.net>
X-Phone: +1 408 745-2952 (Work)
X-Mailer: MH-E 8.6+git; nmh 1.6; GNU Emacs 26.3
X-Face: #8D_6URD2G%vC.hzU<dI&#Y9szHj$'mGtUq&d=rXy^L$-=G_-LmZ^5!Fszk:yXZp$k\nTF?
8Up0!v/%1Q[(d?ES0mQW8dRCXi18gK)luJu)loHk, }4{Vi`yX?p?crF5o:LL{6#eiO:(E:YMxLXULB
k|'a*EjN.B&L+[J!PhJ*aX0n:5/
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <25422.1596646626.1@eng-mail01.juniper.net>
Content-Transfer-Encoding: quoted-printable
Date: Wed, 5 Aug 2020 09:57:06 -0700
Message-ID: <25423.1596646626@eng-mail01.juniper.net>
X-EXCLAIMER-MD-CONFIG: e3cb0ff2-54e7-4646-8a04-0dae4ac7b136
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 5bc6564d-09fd-4b3b-5c2c-08d8396097cc
X-MS-TrafficTypeDiagnostic: BL0PR05MB5267:
X-Microsoft-Antispam-PRVS: <BL0PR05MB5267AAE91F03F5B29560FA5DBF4B0@BL0PR05MB5267.namprd05.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: xT7nb9DBBOt6PbaDowri8Qeq4Kf+UntPkQuQSUGWbDGdlT9g9Dhq9otMhnFhQA2ezhyEuhVmsFmP195en8fH6FHANQ+ZJc12nRN/eLOd6tzOeg7LavNJnN+zPhPNXOebMXp7pkt8u7tSNVZeDPLHaJ8Hvz7Ob+J/qLwT4q2RWk5S7ug7L5D5cCIUVYC+zRgPI1Efx5mce5aJ33rEhGzCMTO//p8eUA6ksc75Jkz4ChQAlsmjzXE2oOjDdA+O2bQmPqBWlJ6mUI47121P+HiOTdll585sIC59Dj2Un40OdK5tfTdo/Gi7+JyJtjMRIl+0hGlLsUBGkTzlOm3lt4IM3Im5kTbn2QQ8SWkrPLblADZ7lW6BTER46WXo12YNFf8/QHM3LvTFQzwcpd3zFHFdM9lHhDaIZdP7J7hopdWOHzR7jrOl1c9xIhBbYditvIbBkCOXDXeJk6gaideKTCD5xVoP8Y2M1G2yOKOqIHetq0U=
X-Forefront-Antispam-Report: CIP:66.129.242.13; CTRY:US; LANG:en; SCL:1; SRV:;
IPV:CAL; SFV:NSPM; H:P-EXFEND-EQX-02.jnpr.net;
PTR:InfoDomainNonexistent; CAT:NONE; SFTY:;
SFS:(4636009)(396003)(136003)(39860400002)(376002)(346002)(46966005)(26005)(70206006)(70586007)(8936002)(186003)(966005)(478600001)(7696005)(316002)(8676002)(2906002)(5660300002)(47076004)(81166007)(336012)(82740400003)(6916009)(86362001)(82310400002)(83380400001)(356005)(426003);
DIR:OUT; SFP:1102;
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Aug 2020 16:57:09.8253 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 5bc6564d-09fd-4b3b-5c2c-08d8396097cc
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.242.13];
Helo=[P-EXFEND-EQX-02.jnpr.net]
X-MS-Exchange-CrossTenant-AuthSource: DM3NAM05FT048.eop-nam05.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR05MB5267
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687
definitions=2020-08-05_13:2020-08-03,
2020-08-05 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam
score=0 spamscore=0
priorityscore=1501 mlxlogscore=261 adultscore=0 clxscore=1011
impostorscore=0 malwarescore=0 lowpriorityscore=0 phishscore=0
suspectscore=1 bulkscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx
scancount=1 engine=8.12.0-2006250000 definitions=main-2008050134
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/i0RuHklwDK75kHI9l95Attdun9Q>
Subject: [Curdle] Looking for comments on draft-ietf-curdle-ssh-kex-sha2
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg."
<curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>,
<mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>,
<mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Aug 2020 16:57:15 -0000
Hi, Before IETF-108, I uploaded a new edition of Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) https://datatracker.ietf.org/doc/draft-ietf-curdle-ssh-kex-sha2/ with the hope of a) Providing a survey of existing IANA Secure Shell (SSH) Protocol Parameters for Key Exchange Method Names https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-16 b) identifying a KEX to replace the current MUST implement exchanges: diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 c) the desire to be deprecate any KEX which use sha1 as the secure hash: diffie-hellman-group-exchange-sha1 diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 gss-group1-sha1-* gss-group14-sha1-* gss-gex-sha1-* rsa1024-sha1 d) A desire that the IANA KEX parameters contain another column in the table to indicate MUST, SHOULD, SHOULD NOT, MUST NOT, and MAY. I have tried to indicate general guidance for the rest of the Method Names, but many of the guidelines may be my personal opinion even though I have tried to be objective throughout. In my private copy, I have converted from v2 of the xmlrfc directives to v3 and that will be part of the next revision. I would very much like to hear any comments about the current draft. Be safe, stay healthy, -- Mark
- Re: [Curdle] Looking for comments on draft-ietf-c… Hubert Kario
- [Curdle] Looking for comments on draft-ietf-curdl… Mark D. Baushke
- Re: [Curdle] Looking for comments on draft-ietf-c… Ron Frederick
- Re: [Curdle] Looking for comments on draft-ietf-c… Mark D. Baushke
- Re: [Curdle] Looking for comments on draft-ietf-c… Ron Frederick
- Re: [Curdle] Looking for comments on draft-ietf-c… Mark D. Baushke
- Re: [Curdle] Looking for comments on draft-ietf-c… denis bider
- Re: [Curdle] Looking for comments on draft-ietf-c… denis bider
- Re: [Curdle] Looking for comments on draft-ietf-c… Ron Frederick
- Re: [Curdle] Looking for comments on draft-ietf-c… Mark D. Baushke
- Re: [Curdle] Looking for comments on draft-ietf-c… Hubert Kario
- Re: [Curdle] Looking for comments on draft-ietf-c… Mark D. Baushke
- Re: [Curdle] Looking for comments on draft-ietf-c… Tero Kivinen
- Re: [Curdle] Looking for comments on draft-ietf-c… Hubert Kario
- Re: [Curdle] Looking for comments on draft-ietf-c… Mark D. Baushke
- Re: [Curdle] Looking for comments on draft-ietf-c… Tero Kivinen
- Re: [Curdle] Looking for comments on draft-ietf-c… Tero Kivinen
- Re: [Curdle] Looking for comments on draft-ietf-c… Hubert Kario
- Re: [Curdle] Looking for comments on draft-ietf-c… Simo Sorce
- Re: [Curdle] Looking for comments on draft-ietf-c… Mark D. Baushke