Re: [Curdle] new-AD review comments on draft-ietf-curdle-gss-keyex-sha2-08

"Mark D. Baushke" <mdb@juniper.net> Wed, 08 May 2019 15:42 UTC

Return-Path: <mdb@juniper.net>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77302120043; Wed, 8 May 2019 08:42:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.71
X-Spam-Level:
X-Spam-Status: No, score=-2.71 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8RZnTWhMeUC2; Wed, 8 May 2019 08:42:32 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 180B812012D; Wed, 8 May 2019 08:42:32 -0700 (PDT)
Received: from pps.filterd (m0108156.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x48FT9eT018797; Wed, 8 May 2019 08:42:31 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : cc : subject : in-reply-to : references : from : mime-version : content-type : content-id : date : message-id; s=PPS1017; bh=+r1qN0luwkOwq1y9sXHlii9S2tuycFTivOCA2l3JKhc=; b=UDMIx/IZkeAiqNpX2Y08QuQO9F4WY2CfkI0RKKi20WfW4XfAzQf+lweuoCbPVSgQyGtd tZ3ZSwpVQ3USsF/WURte6gwKrrdGIs6/4uR7TFeoIhGNWucTjbB0aY//cNeIOhGMEKsr jtEU0M7aSeEuTcsv6mELYPedmye8q82tfvyns54fovTxY8fT4tmJLmslXrrOiTspRjcD 0jgghaZt9CS9oHvpL3vuB5Gs8NNsq+tU3d662PHV/wVQT2TGg2I+NJFsKpjzEgq0RquO mvqnplhsIYnXn+eJGUAITwWjzeNz42zfG5EPwfuG+W2K5F4mwU1NSu+h+cAtJ177GeN2 +w==
Received: from nam03-co1-obe.outbound.protection.outlook.com (mail-co1nam03lp2059.outbound.protection.outlook.com [104.47.40.59]) by mx0a-00273201.pphosted.com with ESMTP id 2sc1dn022f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 08 May 2019 08:42:31 -0700
Received: from SN4PR0501CA0123.namprd05.prod.outlook.com (2603:10b6:803:42::40) by DM6PR05MB3993.namprd05.prod.outlook.com (2603:10b6:5:8f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1878.18; Wed, 8 May 2019 15:42:30 +0000
Received: from CO1NAM05FT034.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e50::201) by SN4PR0501CA0123.outlook.office365.com (2603:10b6:803:42::40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1878.17 via Frontend Transport; Wed, 8 May 2019 15:42:29 +0000
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender)
Received: from P-EXFEND-EQX-01.jnpr.net (66.129.239.12) by CO1NAM05FT034.mail.protection.outlook.com (10.152.96.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1856.4 via Frontend Transport; Wed, 8 May 2019 15:42:29 +0000
Received: from P-EXBEND-EQX-02.jnpr.net (10.104.8.53) by P-EXFEND-EQX-01.jnpr.net (10.104.8.54) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Wed, 8 May 2019 08:42:29 -0700
Received: from P-EXBEND-EQX-01.jnpr.net (10.104.8.52) by P-EXBEND-EQX-02.jnpr.net (10.104.8.53) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Wed, 8 May 2019 08:42:28 -0700
Received: from p-mailhub01.juniper.net (10.104.20.6) by P-EXBEND-EQX-01.jnpr.net (10.104.8.52) with Microsoft SMTP Server (TLS) id 15.0.1367.3 via Frontend Transport; Wed, 8 May 2019 08:42:28 -0700
Received: from contrail-ubm16-mdb.svec1.juniper.net ([10.163.18.199]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id x48FgRug010268; Wed, 8 May 2019 08:42:27 -0700 (envelope-from mdb@juniper.net)
To: Benjamin Kaduk <kaduk@mit.edu>
CC: curdle@ietf.org, draft-ietf-curdle-gss-keyex-sha2@ietf.org
In-Reply-To: <20190508150604.GB30884@kduck.mit.edu>
References: <20190508150604.GB30884@kduck.mit.edu>
Comments: In-reply-to: Benjamin Kaduk <kaduk@mit.edu> message dated "Wed, 08 May 2019 10:06:04 -0500."
From: "Mark D. Baushke" <mdb@juniper.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <15352.1557330147.1@contrail-ubm16-mdb.svec1.juniper.net>
Date: Wed, 08 May 2019 08:42:27 -0700
Message-ID: <15353.1557330147@contrail-ubm16-mdb.svec1.juniper.net>
X-EXCLAIMER-MD-CONFIG: e3cb0ff2-54e7-4646-8a04-0dae4ac7b136
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:66.129.239.12; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(376002)(346002)(39860400002)(136003)(396003)(2980300002)(189003)(199004)(53936002)(316002)(86362001)(305945005)(69596002)(47776003)(23726003)(6306002)(6246003)(76176011)(7696005)(2171002)(478600001)(476003)(446003)(486006)(14444005)(126002)(426003)(5660300002)(54906003)(16586007)(11346002)(6916009)(97876018)(97756001)(4326008)(356004)(336012)(186003)(26005)(77096007)(46406003)(70586007)(70206006)(2906002)(81156014)(50466002)(8676002)(8936002)(81166006)(966005)(229853002)(117636001)(68736007)(62816006); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR05MB3993; H:P-EXFEND-EQX-01.jnpr.net; FPR:; SPF:SoftFail; LANG:en; PTR:InfoDomainNonexistent; MX:1; A:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: aaecaee3-e7fd-4b47-4942-08d6d3cbc751
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(4710095)(4711036)(2017052603328); SRVR:DM6PR05MB3993;
X-MS-TrafficTypeDiagnostic: DM6PR05MB3993:
X-MS-Exchange-PUrlCount: 2
X-Microsoft-Antispam-PRVS: <DM6PR05MB3993757D9BA1AA0F6BC41611BF320@DM6PR05MB3993.namprd05.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-Forefront-PRVS: 0031A0FFAF
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: zl6p5jl/SX4eoS0Xot4DYg3cMi8OTBAWfCDojNpnlD8JB8ELAWV4GGer8hu5xlMPqHL8niXLUS7+mQegDQUk7bS0wZOcrymSXpoxWPUhKY5nVYoc5g5cz64UuAQ3xvFkpj3/+lxltthSCB7WqlhoG6l4KwXCTJ1DzOCyScJOIM+HojcXGPcQSX2X8JtDWmaqAlmzBIcWU1Zu/uXsGvD6JcQvP6btTtZl8Ode8Vlm+mjNU8rIm3WjOd4O5kj+PIU88NY/3KqRU4pbzz4S/QyJ7AYBKtuL80sRhRJTDSeI1FVnLCV7gi4nV5dVWoaAqNtwhJH3qxITtZ3jx/pqdkxgHkadRdJc++lINogmLK/kghJrRLtu9eC2YDeGhnXChRm+7HIUz4MiTQIvLxa0ESp/tTFlroAav0X2vQVg5HKezKg=
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 May 2019 15:42:29.4248 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: aaecaee3-e7fd-4b47-4942-08d6d3cbc751
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[P-EXFEND-EQX-01.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR05MB3993
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-05-08_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1905080097
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/rA12IBiCIQfsAHwiwEx9DNoq0Lo>
Subject: Re: [Curdle] new-AD review comments on draft-ietf-curdle-gss-keyex-sha2-08
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 May 2019 15:42:35 -0000

Hi Ben,

In RFC 8268, I tried (and apparently failed) to say that the NSA IAD
appears to prefer the use of SHA2-384 for TOP SECRET documents, but that
the SHA2-256, SHA2-384, and SHA2-512 hashing functions are all NIST
approved for FIPS 140-2 Implementation Guidance.

The rationale for SHA2-384 being 'better' for TOP SECRET is apparently
that there are 1024 bits in the internal state of the hashing algorithm,
so 640 bits are kept private while for SHA2-256 there are 512 bits in
the internal state, half of which are public and half of which are
private.

The only weak DH group which should be deprecated is the
diffie-hellman-group1-sha1 and that mostly because of logjam
(https://en.wikipedia.org/wiki/Logjam_(computer_security).

I have been remiss in addressing the AD comments and submitting an
updated draft of draft-ietf-curdle-ssh-curves (Secure Shell (SSH) Key
Exchange Method using Curve25519 and Curve448), so there is no RFC
listing for those key exchange methods in the IANA repository (URL:
https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml ).

I have not yet compared RFC7748 to the implementations of Curve25519
that exist in many SSH implementations which is one of the reasons that
draft-ietf-curdle-ssh-curves has not been updated. The draft was trying
to document a well deployed curve25519@libssh.org to ensure
interoperability.

	-- Mark