[Curdle] comments on draft-ietf-curdle-ssh-kex-sha2-05
Daniel Migault <daniel.migault@ericsson.com> Sun, 26 March 2017 19:29 UTC
Return-Path: <mglt.ietf@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1719512968A for <curdle@ietfa.amsl.com>; Sun, 26 Mar 2017 12:29:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.401
X-Spam-Level:
X-Spam-Status: No, score=-2.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.197, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QHVhgK7vNDHi for <curdle@ietfa.amsl.com>; Sun, 26 Mar 2017 12:29:47 -0700 (PDT)
Received: from mail-it0-x232.google.com (mail-it0-x232.google.com [IPv6:2607:f8b0:4001:c0b::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57D90129689 for <curdle@ietf.org>; Sun, 26 Mar 2017 12:29:47 -0700 (PDT)
Received: by mail-it0-x232.google.com with SMTP id 190so33071158itm.0 for <curdle@ietf.org>; Sun, 26 Mar 2017 12:29:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:from:date:message-id:subject:to; bh=6tlJDYPd9CMTN+wYNfOy2hQ3fmpTCOH4DbNGDaAHm3U=; b=ay7aXNBuVA3TE0aCkgTlVpIMSqm2Vdo0fwraDVtbr4y+dH3z1tX8oR6Qa9QVeOmeOB gKpi3XNQepkw1ti7W2y4SQalJklY+6eCxHauhJFw688zLLJDGTMTY9iyuHR7ZblHi7In Blb2TS404Sqodt5uqMBRYKP4MOOQcpKtm10B1ndIP2WZD9BjGgpUuHUFIH1qFVa1S5mv Y+Zx9d6vDSnhhbt0r9CfTNVGlUF9HXrP/lWBVaTqWnza4XSwFm1c1bBTU/9mFAKdFrnR L/Kd1UUJB+JoN2MBKuiGxUsxCVvfSJuTsdzQGSjSIDlqUCk0D/v+UQmKPy9OjLdS/8zp ty1Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to; bh=6tlJDYPd9CMTN+wYNfOy2hQ3fmpTCOH4DbNGDaAHm3U=; b=JLnrGC26IdFl/5NW7amYY1EX4C0vDuOptuWXrm7LmG3CmzjnL7eGz57tbAD96G9HPV wdmUK3VJglfUIBojSW/8GPzV7WesqzHucSfiM4OoInEfBEUZ/zDdlDApPXXKOywZNlKM 3l/FT/bksCarFZyEC71/Wk1W670MZqGUnRtriCfNg2pC7NmTWczQzrLuES2QjPW/MKXK 8mTMCSy7l2AbqO8NmMOBnJVLSMFpo5AWHYoiMgYfWuXLVbA7TfyNCbVlTGkxMamWAFkw O7J4gXinYn4oBUqewFn2AbGEvPphvFpQEMZfhf5YR17bv58AyNi1d3GPUEBERS1mxPj+ iR2Q==
X-Gm-Message-State: AFeK/H0KKBEZu/9DWfH3d1KpN+wAn2t6eJgTuGZ8jWGgMq2y0fY64/SOSs649erw1LSiu3xP1CgoYlE37XonGQ==
X-Received: by 10.36.175.5 with SMTP id t5mr6422998ite.48.1490556586414; Sun, 26 Mar 2017 12:29:46 -0700 (PDT)
MIME-Version: 1.0
Sender: mglt.ietf@gmail.com
Received: by 10.107.35.213 with HTTP; Sun, 26 Mar 2017 12:29:45 -0700 (PDT)
From: Daniel Migault <daniel.migault@ericsson.com>
Date: Sun, 26 Mar 2017 14:29:45 -0500
X-Google-Sender-Auth: YpqoxPmvKR0QArIiBTJ598F6_CU
Message-ID: <CADZyTkmyY-hTOn8HhYNjKU43DDVHKZn1aM2oQjeSvKJCNjmzzw@mail.gmail.com>
To: curdle <curdle@ietf.org>
Content-Type: multipart/alternative; boundary="f403045dc12ad9d9d3054ba73f1b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/taKa1rhbTHka8Fs2MpgctOQ8rf4>
Subject: [Curdle] comments on draft-ietf-curdle-ssh-kex-sha2-05
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Mar 2017 19:29:49 -0000
Hi,
Please find some comments of draft-ietf-curdle-ssh-kex-sha2-05.
Yours,
Daniel
I have the impression that only RFC4253 provided some recommendations, in
which case I would be incline to say that the current draft only updates
this document. The other RFC only defines new suites.
I suggest we either use MUST/SHOULD/MAY or REQUIRE/RECOMMEND/OPTIONAL but
not both. Note that if the recommendations for ipsec
[draft-ietf-ipsecme-rfc4307bis] we also introduced some additional notation
such as SHOULD+/- to specify whether the SHOULD is expect to raise its
status or that SHOULD is only here for interoperability.
Note that recommendations are not the purpose of IANA, so I would probably
change the title of the section. The IANA only adds the code points. It is
god that you mentioned the IANA link. I would encourage you to have the URL
as an informative reference.
Recommendations should regularly updated so implementations have the time
to introduce new suites or remove old suites while still providing
interoperability. If the starting point is RFC4253, then we have:
diffie-hellman-group1-sha1 REQUIRED
diffie-hellman-group14-sha1 REQUIRED
and all other suites are OPTIONAL or MAY. Correct me if I am wrong, At
least I believe that that appendix section would be useful to comment on
the update with the previous recommendations.
curve25519-sha256 ssh-curves MUST
Maybe a MUST statement may be to strong as curves have just been defined.
Maybe that could be SHOULD+ mentioning it is expected to become a MUST next
time. In fact it is usually hard to move from MAY to MUST. If you do so,
reasons should be provided in the text. Currently it seems it is
implemented in libssh and OpenSSH, not sure it is sufficient for a MUST.
curve448-sha512 ssh-curves MAY
By default, the suites with MAY status are not mentioned.
diffie-hellman-group-exchange-sha1 RFC4419 SHOULD NOT
SHA1 is probably at MUST NOT, so I am expected any suites to be MUST NOT.
Because it represents a threat you are likely to move to MUST NOT directly.
diffie-hellman-group-exchange-sha256 RFC4419 MAY
diffie-hellman-group1-sha1 RFC4253 SHOULD NOT
If group 1 is 768-bit MODP Group , I would consider there are two reasons
to have this as MUST NOT.
diffie-hellman-group14-sha1 RFC4253 SHOULD
My understanding is that this one is kept for interoperability. However,
the text should make it clear this suite will be deprecated soon.
diffie-hellman-group14-sha256 new-modp MUST
diffie-hellman-group15-sha512 new-modp MAY
diffie-hellman-group16-sha512 new-modp SHOULD
diffie-hellman-group17-sha512 new-modp MAY
diffie-hellman-group18-sha512 new-modp MAY
ecdh-sha2-nistp256 RFC5656 SHOULD
ecdh-sha2-nistp384 RFC5656 SHOULD
ecdh-sha2-nistp521 RFC5656 SHOULD
The current trend is also to reduce the number of suites implementation. DO
we want to have these three suites as SHOULD. We should also explain what
the next step is expected to be.
ecdh-sha2-* RFC5656 MAY
ecmqv-sha2 RFC5656 SHOULD NOT
gss-gex-sha1-* RFC4462 SHOULD NOT
gss-group1-sha1-* RFC4462 SHOULD NOT
gss-group14-sha1-* RFC4462 SHOULD
gss-group14-sha256-* new-modp SHOULD
gss-group15-sha512-* new-modp MAY
gss-group16-sha512-* new-modp SHOULD
gss-group17-sha512-* new-modp MAY
gss-group18-sha512-* new-modp MAY
gss-* RFC4462 MAY
rsa1024-sha1 RFC4432 SHOULD NOT
Maybe we could set it as MUST NOT both for key size and SHA1.
rsa2048-sha256 RFC4432 MAY
- [Curdle] comments on draft-ietf-curdle-ssh-kex-sh… Daniel Migault
- Re: [Curdle] comments on draft-ietf-curdle-ssh-ke… Mark D. Baushke