IETF Logo Mail Archive

Re: [Curdle] I-D Action: draft-ietf-curdle-ssh-kex-sha2-17.txt

mbaushke ietf <mbaushke.ietf@gmail.com> Wed, 12 May 2021 19:04 UTC

Return-Path: <mbaushke.ietf@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7E413A0CE9 for <curdle@ietfa.amsl.com>; Wed, 12 May 2021 12:04:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XzCbx3gF7ypk for <curdle@ietfa.amsl.com>; Wed, 12 May 2021 12:04:09 -0700 (PDT)
Received: from mail-pg1-x52d.google.com (mail-pg1-x52d.google.com [IPv6:2607:f8b0:4864:20::52d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B22803A0CE3 for <curdle@ietf.org>; Wed, 12 May 2021 12:04:09 -0700 (PDT)
Received: by mail-pg1-x52d.google.com with SMTP id k15so6134179pgb.10 for <curdle@ietf.org>; Wed, 12 May 2021 12:04:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=KUR2CspjFWElVJcFzsB1T14XtL1GCO3+y+48rNi5vAU=; b=odxWzJfV4sU2lVOHkOV/2p8Dg/EVOUvZqRaHIQIrmn2Sfw+07o7VIpLJ7gVRJ4cEvH fMZ4m+jfQfzqorzpZpOOBSe3CHb/g6qZrPavmFUZnltNl8u5yEO7WwAOv5D2gfeKab/8 98H1bOZvy4TutPWITkO+xdMAJSaDLyTUZrysrlsFNFEGauVWkRB1oJrLk4JLxP3mNWNV thz9K4+7tU9q/FJTqs2ZTGxkg321C4F9SrQdJr8/AoN+aE+e+TR4fV5mcE1ea5yiHH50 2PJ/cRggcf6dm2zBzcZ/+ASTEc0pzSb9thsWz0rybGg+n8g8G9MU/OmWyE+7adZo/ecY 3jQw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=KUR2CspjFWElVJcFzsB1T14XtL1GCO3+y+48rNi5vAU=; b=D3TCXmbSFMpY55eCAzpDYDwqzJleMt4ow9vO3EU1/vZ4RUlzXY6uNNuacfBR3NGi0K AIxFpumvsFQv7M4DBDl4P9pQf5Xpgl/QKNqZMSsvbUydqR8WAlW79EAa+JX6goR4ISBT b5ZRARQ9NlWm40yl6iOM4v8IH4LMGVRfyBOCMYYCQg7/z5zmybC61Mgg/KF/M6tufrr8 5v1Ae3pPB5cHNLa87pu4KpQhdBmsPe0ose+9QsVecCKsUtULrG+IpvRBqEKvAiM0xzOh yEMcs3KvvQSH+ar8K9HLXNTydh8JRIfPRfwCas5nvh3VjCa3ytpyNlIHCzffnwhMlb+8 wBAQ==
X-Gm-Message-State: AOAM532kFlse7kCHTbh6fm/yciYnjmsVMpkSVF2LLUgCm5m70GSZdUHX sIgrfw9f5V/ym9Ym7NzTGUo=
X-Google-Smtp-Source: ABdhPJyhPsbxLynSEsjyKRekrf5dir4uYWlESuF7CCHhEpEVPsvZwrS0PlJtiVweO1doKAN22JWTZQ==
X-Received: by 2002:a17:90a:f2d1:: with SMTP id gt17mr8941476pjb.95.1620846248597; Wed, 12 May 2021 12:04:08 -0700 (PDT)
Received: from smtpclient.apple (c-98-234-187-55.hsd1.ca.comcast.net. [98.234.187.55]) by smtp.gmail.com with ESMTPSA id p19sm453428pff.206.2021.05.12.12.04.07 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 12 May 2021 12:04:08 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.80.0.2.43\))
From: mbaushke ietf <mbaushke.ietf@gmail.com>
In-Reply-To: <CAEkxbZswnskS8Q9GjdzXNqb=M-Vbh0pJ4=9d5hw7JjFhMbPm9A@mail.gmail.com>
Date: Wed, 12 May 2021 12:04:07 -0700
Cc: curdle@ietf.org, Mališa Vučinić <malisa.vucinic@inria.fr>, Rene Struik <rstruik.ext@gmail.com>, Damien Miller <djm@mindrot.org>, "Joseph S. Testa II" <jtesta@positronsecurity.com>, Anna Johnston <amj@juniper.net>, Benjamin Kaduk <kaduk@mit.edu>, ietf-ssh@netbsd.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <92A91626-0B2A-4C06-88EC-92A1B3C3407D@gmail.com>
References: <161907760616.27093.10626511190713785302@ietfa.amsl.com> <9CD8D219-30CB-4E42-9913-56FBCF5BAD64@gmail.com> <CAEkxbZswnskS8Q9GjdzXNqb=M-Vbh0pJ4=9d5hw7JjFhMbPm9A@mail.gmail.com>
To: James Ralston <ralston@pobox.com>
X-Mailer: Apple Mail (2.3654.80.0.2.43)
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/rBbfRXce7kjLiA4MxYiZmT3q0mk>
Subject: Re: [Curdle] I-D Action: draft-ietf-curdle-ssh-kex-sha2-17.txt
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 May 2021 19:04:14 -0000

Hi Folks,

Other than this change in section 3.1.2 suggested by Simon Tatham

$ diff -u draft-ietf-curdle-ssh-kex-sha2-17.txt draft-ietf-curdle-ssh-kex-sha2-18.txt
--- draft-ietf-curdle-ssh-kex-sha2-17.txt	2021-04-22 12:59:36.000000000 -0700
+++ draft-ietf-curdle-ssh-kex-sha2-18.txt	2021-05-12 12:00:55.000000000 -0700
@@ -483,12 +483,12 @@

    Curve448 provides more security strength than Curve25519 at a higher
    computational and bandwidth cost.  The corresponding key exchange
-   methods use SHA2-512 (also known as SHA-512) defined in [RFC6234] for
-   integrity is a reasonable one for both the KDF and integrity for use
-   with both gss and non-gss uses of curve448 key exchange methods.
-   These key exchange methods are described in [RFC8731] and [RFC8732]
-   and are similar to the IKEv2 key agreement described in [RFC8031].
-   The curve448-sha512 key exchange method MAY be implemented.  The gss-
+   methods use SHA2-512 (also known as SHA-512) defined in [RFC6234].
+   SHA2-512 is a reasonable hash in both the KDF and integrity in both
+   gss and non-gss uses of curve448 key exchange methods.  These key
+   exchange methods are described in [RFC8731] and [RFC8732] and are
+   similar to the IKEv2 key agreement described in [RFC8031].  The
+   curve448-sha512 key exchange method MAY be implemented.  The gss-
    curve448-sha512-* key exchange method MAY also be implemented because
    it shares the same performance and security characteristics as
    curve448-sha512.

diff -u -r1.1 draft-ietf-curdle-ssh-kex-sha2-18.xml
--- draft-ietf-curdle-ssh-kex-sha2-18.xml	2021/04/22 19:48:58	1.1
+++ draft-ietf-curdle-ssh-kex-sha2-18.xml	2021/04/23 06:41:30
@@ -783,11 +783,11 @@
             The corresponding key exchange methods use SHA2-512 (also
             known as SHA-512) defined in

-            <xref target="RFC6234" format="default"/>
+            <xref target="RFC6234" format="default"/>.

-            for integrity is a reasonable one for both the KDF and
-            integrity for use with both gss and non-gss uses of
-            curve448 key exchange methods.
+            SHA2-512 is a reasonable hash in both the KDF and
+            integrity in both gss and non-gss uses of curve448 key
+            exchange methods.

             These key exchange methods are described in

Is there anything else to be addressed in this draft?

        -- Mark Baushke
        mbaushke.ietf@gmail.com

v2.23.0 | Report a Bug | By Email