Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 & draft-ietf-curdle-ssh-kex-sha2
Damien Miller <djm@mindrot.org> Tue, 13 September 2016 17:47 UTC
Return-Path: <djm@mindrot.org>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D04FA12B487 for <curdle@ietfa.amsl.com>; Tue, 13 Sep 2016 10:47:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y_m5kk1RYscp for <curdle@ietfa.amsl.com>; Tue, 13 Sep 2016 10:47:24 -0700 (PDT)
Received: from newmailhub.uq.edu.au (mailhub1.soe.uq.edu.au [130.102.132.208]) by ietfa.amsl.com (Postfix) with ESMTP id DDAB112B451 for <curdle@ietf.org>; Tue, 13 Sep 2016 10:47:23 -0700 (PDT)
Received: from smtp2.soe.uq.edu.au (smtp2.soe.uq.edu.au [10.138.113.41]) by newmailhub.uq.edu.au (8.14.5/8.14.5) with ESMTP id u8DHlLbu044848; Wed, 14 Sep 2016 03:47:22 +1000
Received: from mailhub.eait.uq.edu.au (holly.eait.uq.edu.au [130.102.79.58]) by smtp2.soe.uq.edu.au (8.14.5/8.14.5) with ESMTP id u8DHlLYM063728 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 14 Sep 2016 03:47:21 +1000
Received: from natsu.mindrot.org (natsu.mindrot.org [130.102.96.2]) by mailhub.eait.uq.edu.au (8.15.1/8.15.1) with ESMTPS id u8DHlLsw020734 (version=TLSv1.2 cipher=DHE-RSA-CHACHA20-POLY1305 bits=256 verify=NO); Wed, 14 Sep 2016 03:47:21 +1000 (AEST)
Received: by natsu.mindrot.org (Postfix, from userid 1000) id EA78CA4F32; Wed, 14 Sep 2016 03:47:20 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1]) by natsu.mindrot.org (Postfix) with ESMTP id E5ED9A4F2E; Wed, 14 Sep 2016 03:47:20 +1000 (AEST)
Date: Wed, 14 Sep 2016 03:47:20 +1000
From: Damien Miller <djm@mindrot.org>
To: "Mark D. Baushke" <mdb@juniper.net>
In-Reply-To: <41049.1473653352@eng-mail01.juniper.net>
Message-ID: <alpine.BSO.2.20.1609140340320.58455@natsu.mindrot.org>
References: <41049.1473653352@eng-mail01.juniper.net>
User-Agent: Alpine 2.20 (BSO 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
X-Scanned-By: MIMEDefang 2.73 on UQ Mailhub
X-Scanned-By: MIMEDefang 2.75 on 130.102.79.58
X-UQ-FilterTime: 1473788842
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/n7u1LVByKLNu7Q9wPATpbYRtMy8>
Cc: Curdle <curdle@ietf.org>, IETF SSH <ietf-ssh@NetBSD.org>
Subject: Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 & draft-ietf-curdle-ssh-kex-sha2
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Sep 2016 17:47:27 -0000
On Sun, 11 Sep 2016, Mark D. Baushke wrote: > I have split out a new draft draft-ietf-curdle-ssh-modp-dh-sha2 [1] > (called "new-modp" in the Reference table below) forked from the > draft-ietf-curdle-ssh-kex-sha2-04 draft. It specifies the new MOD DH KEX > Groups that use SHA-2 hashes. This edition specifies both the new > diffie-hellman-group* names of the -04 revision as well as adding the > gss-group* names. > > Before I update draft-ietf-curdle-ssh-kex-sha2-05 to point to it, I > would like to take a straw poll of which algorithms (if any) should be > defined as a MUST to implement. My personal preference was just > curve25519-sha256. However, at least a few implementors have said that > they were not planning to do any ECDH implementations. So, I am guessing > that "diffie-hellman-group14-sha256" may be the only one that everyone > might be able to agree is a MUST to implement. I agree with your choice in MUST. Two other nits: > Key Exchange Method Name Reference Note > curve25519-sha256 ssh-curves MUST > curve448-sha512 ssh-curves MAY > diffie-hellman-group-exchange-sha1 RFC4419 SHOULD NOT > diffie-hellman-group-exchange-sha256 RFC4419 MAY > diffie-hellman-group1-sha1 RFC4253 SHOULD NOT > diffie-hellman-group14-sha1 RFC4253 SHOULD > diffie-hellman-group14-sha256 new-modp MUST > diffie-hellman-group15-sha512 new-modp MAY > diffie-hellman-group16-sha512 new-modp SHOULD > diffie-hellman-group17-sha512 new-modp MAY > diffie-hellman-group18-sha512 new-modp MAY > ecdh-sha2-nistp256 RFC5656 SHOULD > ecdh-sha2-nistp384 RFC5656 SHOULD > ecdh-sha2-nistp521 RFC5656 SHOULD > ecdh-sha2-* RFC5656 MAY > ecmqv-sha2 RFC5656 MAY Has anyone ever implemented this? AFAIK the motivation for this was MQV being included in NSA Suite B at the time, but it was subsequently dropped. IMO if nobody is using it then it should be recommended against. I.e. SHOULD NOT > gss-group14-sha1-* RFC4462 SHOULD > gss-group14-sha256-* new-modp SHOULD IMO these two should be MAY. Most implementations don't support GSSAPI key exchange at all. Thanks for your patience in wrangling this. -d
- [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 & dra… Mark D. Baushke
- [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 & dra… Tero Kivinen
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 &… Mark D. Baushke
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 &… Mark D. Baushke
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 &… denis bider (Bitvise)
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 &… Mark D. Baushke
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 &… Tero Kivinen
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 &… Mark D. Baushke
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 &… Damien Miller
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 &… Mark D. Baushke
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 &… Damien Miller
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 &… denis bider (Bitvise)