Re: [Curdle] RSA key transport for SSH (RFC 4432) and forward secrecy

Simon Tatham <anakin@pobox.com> Fri, 12 February 2021 15:54 UTC

Return-Path: <simon@thyestes.tartarus.org>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21E363A1756 for <curdle@ietfa.amsl.com>; Fri, 12 Feb 2021 07:54:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.651
X-Spam-Level:
X-Spam-Status: No, score=-1.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HsDBdoodTJxm for <curdle@ietfa.amsl.com>; Fri, 12 Feb 2021 07:54:13 -0800 (PST)
Received: from thyestes.tartarus.org (thyestes.tartarus.org [5.196.91.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F317F3A1754 for <curdle@ietf.org>; Fri, 12 Feb 2021 07:54:12 -0800 (PST)
Received: from simon by thyestes.tartarus.org with local (Exim 4.92) (envelope-from <simon@thyestes.tartarus.org>) id 1lAZMU-00021I-03; Fri, 12 Feb 2021 14:23:58 +0000
Content-Type: text/plain; charset=UTF-8
From: Simon Tatham <anakin@pobox.com>
To: Mark D. Baushke <mdb@juniper.net>
Cc: Ron Frederick <ronf@timeheart.net>, Alexandre Becoulet <alexandre.becoulet@free.fr>, Keith Winstein <keithw@mit.edu>, Hari Balakrishnan <hari@mit.edu>, mosh-devel <mosh-devel@mit.edu>, Peter Gutmann <pgut001@cs.auckland.ac.nz>, Benjamin Kaduk <kaduk@mit.edu>, "curdle@ietf.org" <curdle@ietf.org>
In-reply-to: <94759.1613022658@svl-bsdx-06.juniper.net>
References: <20210211042551.GV21@kduck.mit.edu> <1613018828089.63687@cs.auckland.ac.nz> <94759.1613022658@svl-bsdx-06.juniper.net>
Date: Fri, 12 Feb 2021 14:23:57 +0000
Message-Id: <1613139673-sup-3115@thyestes.tartarus.org>
User-Agent: Sup/git
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/xBfIyYjwUZvcD8A83-EY166XX1A>
Subject: Re: [Curdle] RSA key transport for SSH (RFC 4432) and forward secrecy
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Feb 2021 15:54:14 -0000

Mark D. Baushke <mdb@juniper.net> wrote:
> Is anyone actively using rsa2048-sha256 for a Ssecure Shell Key
> exchange per RFC 4432. 

I passed this question on to Ben Harris, also on the PuTTY team and the
originator of RFC 4432 in the first place (hence, the person most likely
to have actually used it seriously). He replied

"No. It never became adequately mainstream, and faster CPUs and elliptic
curves have rendered it obsolete."

So I think the PuTTY team has no objection to retiring it.

Cheers,
Simon

-- 
for k in [pow(x,37,0x1a1298d262b49c895d47f) for x in [0x50deb914257022de7fff,
0x213558f2215127d5a2d1, 0x90c99e86d08b91218630, 0x109f3d0cfbf640c0beee7,
0xc83e01379a5fbec5fdd1, 0x19d3d70a8d567e388600e, 0x534e2f6e8a4a33155123]]:
 print("".join([chr(32+3*((k>>x)&1))for x in range(79)])) # <anakin@pobox.com>