Re: [Curdle] Kathleen Moriarty's Yes on draft-ietf-curdle-ssh-dh-group-exchange-05: (with COMMENT)
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Fri, 15 September 2017 20:42 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AE12132944; Fri, 15 Sep 2017 13:42:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rEfgt8CsDnpV; Fri, 15 Sep 2017 13:42:19 -0700 (PDT)
Received: from mail-pg0-x22f.google.com (mail-pg0-x22f.google.com [IPv6:2607:f8b0:400e:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4DCD8126E64; Fri, 15 Sep 2017 13:42:19 -0700 (PDT)
Received: by mail-pg0-x22f.google.com with SMTP id i195so2141417pgd.9; Fri, 15 Sep 2017 13:42:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=98YHEnWOi7GU7T0vDelO+OjFtqQKVHYrUiTgjP05XYc=; b=DVBVKNu2/CW0Z29ZMQXib/5aNSyVjuopoiN64zreW8D9HWuXaWYXcbG/IthO0wmpSh I9FY83QgmticiAONz7swwQITOLmWQET8SAHI6k9T8SlhEHauDgb4ZLNtVj1L5iJ+bhqq ahWaMpk2GDaQnW8WTWntgYwV40eW0/bZGExpsQMuYbkdFccVkMWxyr+c9XXdBf0XN0ku o8HwZBIo70AIijFEUJPHIC0VcjZCVzZND0XMr2J6F9wjjSA4hBG0Lv3tSpAkniwPqdT2 r5b87eMWEUD8CYn8XpLaMMLfUzbcF9OApYTbXp5580n4bV1/GARdzIfMJPM6kLToqqCz mPgA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=98YHEnWOi7GU7T0vDelO+OjFtqQKVHYrUiTgjP05XYc=; b=hGr6YT8FlQ9rmCF3R6FKIlF7u7RD1BXfqtS4VKjXDJW5eMApx4ybJjL16TCWQcP5ea SO6Hy5FaCpSOQa90Y2eEp5vDJ0p4eoMAPBn4ecw313LcP3b5k/+FaM14pNSFLt+JxDH8 kiNc77A02JrN3wYtXwOAgrj12UCZeLQ2QP5MVWs5CB3M6DjXbfLVh6VmhUQDn2OSQb7v yTvQXv3BR/joaz970MwUS0V2PDEAcwP7fAzTSPmBWThEZKZMagO1v3arEyPvjyTU8Oc+ +CHNKZGjdALkwFCa7BDHEgXin0QVGlpgJTX4tVZ6qAfksVDnJsd722X629cz6RV7/YCn xK5A==
X-Gm-Message-State: AHPjjUhhVv6lj8XgeRfIL6q8TEarH1i4xy6HsC8ntVTEp6ayuDJmcvUO 5TRpk7HUXwkdD76OjDJwdaeBFBUyBvFAXPycMc0=
X-Google-Smtp-Source: AOwi7QD00gLLR4YNHOW6GL6kDS2s1VUiIj8BzMKGFBRROD+jE7rnqdZqrhWmsgA5+V30rEb5t+XrfqD5PflX7kgEfZ8=
X-Received: by 10.98.103.89 with SMTP id b86mr854303pfc.319.1505508138869; Fri, 15 Sep 2017 13:42:18 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.144.1 with HTTP; Fri, 15 Sep 2017 13:41:38 -0700 (PDT)
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Fri, 15 Sep 2017 16:41:38 -0400
Message-ID: <CAHbuEH7O=v2k7UWH-nw-+G80oW7q-pK=F7vxB91BfLRuGsXCJw@mail.gmail.com>
To: "Mark D. Baushke" <mdb@juniper.net>
Cc: "Salz, Rich" <rsalz@akamai.com>, Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>, Loganaden Velvindron <logan@hackers.mu>, draft-ietf-curdle-ssh-dh-group-exchange <draft-ietf-curdle-ssh-dh-group-exchange@ietf.org>, curdle <curdle@ietf.org>, curdle <curdle-chairs@ietf.org>, The IESG <iesg@ietf.org>, Daniel Migault <daniel.migault@ericsson.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/miovg_K-FzrWta-neYCCE86Rz3M>
Subject: Re: [Curdle] Kathleen Moriarty's Yes on draft-ietf-curdle-ssh-dh-group-exchange-05: (with COMMENT)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Sep 2017 20:42:21 -0000
Hi Mark, On Fri, Sep 15, 2017 at 3:59 PM, Mark D. Baushke <mdb@juniper.net> wrote: > Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> writes: > >> Mark, >> >> Thanks for your detailed response, I appreciate it. Inline. > > Trimmed response, likewise inline. > >> On Fri, Sep 15, 2017 at 2:25 PM, Mark D. Baushke <mdb@juniper.net> wrote: >> > Salz, Rich <rsalz@akamai.com> writes: >> > >> Embedded equipment is a tough problem. > > Yes. > >> So for this, your worried about new purchases. > >> If it's already purchased, then we are talking an audit issue and >> possibly not having funds to buy some million dollar piece of >> equipment that happens to support less than 2048. > > Well, one hopes that with a million dollar piece of equipment, there is > a support cotract and a way to update the software in that box. One would think, but that's a real example and nothing could be done. It's not uncommon either. > > I was more concerned with needing to sell software to manage thousands > of very low price embedded devices and still be able to inter-operate > between the management station and the devices. > > For example, a conformant implementation that MUST use 2048 bit keys, > but needs to talk to a device only able to use 1024 bit keys has a > problem. Likewise if the embedded devices only support > diffie-hellman-group1-sha1 as they were two small and slow to manage > with diffie-hellman-group14-sha1 when deployed as a read-only device. > > Does my management station get to talk to those old devices when MUST is > present and exact conformance to the specification is mandated? OK, thanks for providing that example, it's helpful and I see your point better now. > >> Hmm, in the past, I've done thing to mitigate threats like isolating >> such hosts when the threat warranted measures. I see your point, I'm >> just trying to walk through real instances of issues to make sure we >> are considering options well. > > Yes, and I really appreciate that we are getting this into the archive. > >> > For draft-ietf-curdle-ssh-dh-group-exchange, RFC4419 does not use the >> > word "MUST" for the current 1024 bit value. So, in this case, just >> > updating a SHOULD from a SHOULD seems reasonable to me. If it were a >> > MUST, then I would probably advocate for SHOULD NOT as the step down. >> > >> > For example, I would have no objection to adding text which says that >> > the min value in the SSH_MSG_KEY_DH_GEX_REQUEST SHOULD NOT be less than >> > 2048. >> > >> > fwiw: I also suspect that 2048 will not survive more than another couple >> > of years and would not mind saying that "n SHOULD be 3072 or greater". I >> > do not believe that view is accepted by everyone, so 2048 bits is what >> > is in place for now. >> >> Hmm, than it would be good to make a note of this so those who are >> replacing embedded equipment make the leap to a higher value than >> 2048. This can be in the non normative text. > > So, using words like 'desirable' rather than recommended or should? > I guess that might be a way to approach it for this particular draft. > > I am less certain how to deal with the more general issue of algorithm > deprecation in the security area. Guessing wrong can be very expensive. > >> There are a few published RFCs (I think some CMS RFCs) that took on a >> notion of SHOULD - and SHOULD + as well as MUST + MUST -. I see the >> JOSE algorithms RFC also uses recommended + and recommended -. The >> minus shows that although this is kinda okay now, it really isn't >> recommended and shouldn't be in new products. > > Yes, I had used that in early drafts of draft-ietf-curdle-ssh-kex-sha2 > and eventually removed it due to comments not liking it. Hmm, I still see a table with the SHOULD, MUST, etc. listed out for that draft? I don't see the use of SHOULD +/-, MUST +/- and think it might help in cases like this draft where you have mushy guidance. I still think some warning that 2048 as the minimum recommendation may change to 3072 or greater in a couple of years should be in a non normative statement for developers to plan ahead as a minimum. > >> Do you think that approach could help to allow some flexibility, but >> also show 1024 is on it's way out the door and 2048 will follow soon? > > I do not think that moving to 'a min value of 2048 SHOULD+ be used' > will do much to help this particular case. I would actually be recommending min value of SHOULD - as it will not be recommended in a few years and is on a decline. SHOULD + typically indicates that it will be required as a MUST next, whereas in this case, it will be deprecated in a few years. Thanks, Kathleen > > -- Mark -- Best regards, Kathleen
- [Curdle] Kathleen Moriarty's Yes on draft-ietf-cu… Kathleen Moriarty
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Loganaden Velvindron
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Spencer Dawkins at IETF
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Ben Campbell
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Kathleen Moriarty
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Salz, Rich
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Kathleen Moriarty
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Salz, Rich
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Mark D. Baushke
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Kathleen Moriarty
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Mark D. Baushke
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Kathleen Moriarty
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Spencer Dawkins at IETF
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Kathleen Moriarty
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… denis bider
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Mark D. Baushke
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Eric Rescorla
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Loganaden Velvindron
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Daniel Migault
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Eric Rescorla
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Loganaden Velvindron
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Kathleen Moriarty
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Loganaden Velvindron
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Loganaden Velvindron
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Kathleen Moriarty