Re: [Curdle] Looking for comments on draft-ietf-curdle-ssh-kex-sha2
Ron Frederick <ronf@timeheart.net> Thu, 20 August 2020 02:42 UTC
Return-Path: <ronf@timeheart.net>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A66913A107D for <curdle@ietfa.amsl.com>; Wed, 19 Aug 2020 19:42:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=timeheart.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dUr8Ml4RLoXJ for <curdle@ietfa.amsl.com>; Wed, 19 Aug 2020 19:42:06 -0700 (PDT)
Received: from mail-pl1-x62c.google.com (mail-pl1-x62c.google.com [IPv6:2607:f8b0:4864:20::62c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ECB583A1078 for <curdle@ietf.org>; Wed, 19 Aug 2020 19:42:05 -0700 (PDT)
Received: by mail-pl1-x62c.google.com with SMTP id y6so238791plk.10 for <curdle@ietf.org>; Wed, 19 Aug 2020 19:42:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=timeheart.net; s=mail; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=K1PPUFSj0NxZJyfQ13tFv8N7bmJRm24K8BO2Yu07RAY=; b=FpdxNnSswfR84tieQ7vNhe+djjyWlEvGq71QAYxnu1LcSopyrEoD+HXuhivnCVwbxx tvI7IQXS8mraZhf7mmZ3kO6NImg9ORD2vYicPK2SiWGyEyENrk4vXKhWl1SyjJWAnTFK 5SKRt+VKHBxV3EXnPZYCKam1U+Q73pjQu0ptw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=K1PPUFSj0NxZJyfQ13tFv8N7bmJRm24K8BO2Yu07RAY=; b=qLTFoHEWkMKQyA9GXmgsZ4HwUx/nA76gTr5Mxm9asP3Qu5vd+hZ9UE2JlrTWUADikh LVsP+kup4kPNezpMgWrdfst+4ZMsvm3aXAip+dF76dc/R/vv1p1ewVwQsO6ofdpfn39H hVMv6T0AbsXo0GuPOHqs1z9AnhNuH8h8/MHFI1H+F9kJiKZbd+m+tK1BMQswgkL5WGSl RK/5jvS2d4E2VHehB9/A4VEf+E8SEB7tLQePbiItDP7/TlcS0wTiaDkfjZJl+tJUsKLF RdV5qloMCV0OTfp1Y6yBimHiYWTt7aVhEYkI75JoDHCTqOMgCgeTETTDntxC4oDFOQzF 202Q==
X-Gm-Message-State: AOAM531HTZ22d9NbBLEejErBz55fRn+b4n58mArqDmIb567D+7LZWmQE /Avnj3TqP8jNqUu+iCDt0DvrWA==
X-Google-Smtp-Source: ABdhPJxn0bGVZS4M/3BEknqR+vswNgHx/UQLloV2b2/sRI9zo5YXIU2LaXrp5Jw1D+DZBFYm/9Os4A==
X-Received: by 2002:a17:902:bd82:: with SMTP id q2mr912615pls.226.1597891325211; Wed, 19 Aug 2020 19:42:05 -0700 (PDT)
Received: from ?IPv6:2603:3024:18fa:4000:18ef:20ad:6833:584c? ([2603:3024:18fa:4000:18ef:20ad:6833:584c]) by smtp.gmail.com with ESMTPSA id x14sm618877pfj.157.2020.08.19.19.42.03 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 19 Aug 2020 19:42:04 -0700 (PDT)
From: Ron Frederick <ronf@timeheart.net>
Message-Id: <53472EFD-8578-45CA-9C77-561BF3639952@timeheart.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_D986F874-C54B-40BB-A205-79198A5875FC"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\))
Date: Wed, 19 Aug 2020 19:42:03 -0700
In-Reply-To: <91994.1597732653@eng-mail01.juniper.net>
Cc: curdle@ietf.org
To: "Mark D. Baushke" <mdb@juniper.net>
References: <25423.1596646626@eng-mail01.juniper.net> <D290968F-2733-40CB-918A-452AD74951B6@timeheart.net> <80066.1597703675@eng-mail01.juniper.net> <346A7E8A-0060-471E-A547-055CAB147FC5@timeheart.net> <91994.1597732653@eng-mail01.juniper.net>
X-Mailer: Apple Mail (2.3445.104.14)
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/i2Ab7HYio4_XkdElf6FHJ3FtE8c>
Subject: Re: [Curdle] Looking for comments on draft-ietf-curdle-ssh-kex-sha2
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Aug 2020 02:42:08 -0000
On Aug 17, 2020, at 11:37 PM, Mark D. Baushke <mdb@juniper.net> wrote: > Ron wrote: >> I’m no expert when it comes to key strength, but I would expect a >> 2048-bit RSA key to last at least as long as 3DES, since both are >> considered to have 112 bits of security. > > MDB: Note this is in NIST SP 800-131Ar2 > > URL: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf <https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf> > Table 1. > > Three-key TDEA Encryption Deprecated through 2023 > Disallowed after 2023 [Ron] Thanks for the pointer. I was familiar with an earlier version of that doc, but didn’t know there was a 2019 update. The deprecation of TDEA seems to be a special case, though, and not something which it is applying to all algorithms with 112 bits of security. For the others, it still seems to be sticking by the previous recommendation that 112 bits will be ok until 2030. For DH in particular, we don’t need to worry about the lifetime of the “protected data”, as the session keys negotiated by the SSH key exchange typically don’t last very long. The main issue for DH seems to be whether it complies with SP 800-56A or not (https://doi.org/10.6028/NIST.SP.800-56Ar3 <https://doi.org/10.6028/NIST.SP.800-56Ar3>), and I think we’re ok on that here, at least for the predefined safe primes. > I found the article. It was in Advances in Cryptology - ASIACRYPT 2017. > > Quantum Resource Estimates for Computing Elliptic Curve Discrete Logarithms > by Martin Roetteler, Michael Naehrig, Krysta M. Svore, and Kristin Lauter > November 2017, 24 Pages > > URL: > > https://www.microsoft.com/en-us/research/wp-content/uploads/2017/09/1706.06752.pdf <https://www.microsoft.com/en-us/research/wp-content/uploads/2017/09/1706.06752.pdf> [Ron] Thanks - I’ll check it out! -- Ron Frederick ronf@timeheart.net
- Re: [Curdle] Looking for comments on draft-ietf-c… Hubert Kario
- [Curdle] Looking for comments on draft-ietf-curdl… Mark D. Baushke
- Re: [Curdle] Looking for comments on draft-ietf-c… Ron Frederick
- Re: [Curdle] Looking for comments on draft-ietf-c… Mark D. Baushke
- Re: [Curdle] Looking for comments on draft-ietf-c… Ron Frederick
- Re: [Curdle] Looking for comments on draft-ietf-c… Mark D. Baushke
- Re: [Curdle] Looking for comments on draft-ietf-c… denis bider
- Re: [Curdle] Looking for comments on draft-ietf-c… denis bider
- Re: [Curdle] Looking for comments on draft-ietf-c… Ron Frederick
- Re: [Curdle] Looking for comments on draft-ietf-c… Mark D. Baushke
- Re: [Curdle] Looking for comments on draft-ietf-c… Hubert Kario
- Re: [Curdle] Looking for comments on draft-ietf-c… Mark D. Baushke
- Re: [Curdle] Looking for comments on draft-ietf-c… Tero Kivinen
- Re: [Curdle] Looking for comments on draft-ietf-c… Hubert Kario
- Re: [Curdle] Looking for comments on draft-ietf-c… Mark D. Baushke
- Re: [Curdle] Looking for comments on draft-ietf-c… Tero Kivinen
- Re: [Curdle] Looking for comments on draft-ietf-c… Tero Kivinen
- Re: [Curdle] Looking for comments on draft-ietf-c… Hubert Kario
- Re: [Curdle] Looking for comments on draft-ietf-c… Simo Sorce
- Re: [Curdle] Looking for comments on draft-ietf-c… Mark D. Baushke