Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2
"Mark D. Baushke" <mdb@juniper.net> Wed, 29 March 2017 06:17 UTC
Return-Path: <mdb@juniper.net>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87741129685 for <curdle@ietfa.amsl.com>; Tue, 28 Mar 2017 23:17:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=junipernetworks.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FyesvvkA24wn for <curdle@ietfa.amsl.com>; Tue, 28 Mar 2017 23:17:44 -0700 (PDT)
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (mail-bn3nam01on0118.outbound.protection.outlook.com [104.47.33.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E946129684 for <curdle@ietf.org>; Tue, 28 Mar 2017 23:17:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=junipernetworks.onmicrosoft.com; s=selector1-juniper-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=izTmgr+4Q/JEmQFriG+sDAqCYtQuvPEavgBQvWMottA=; b=FyOz5qmy8dGQSLbhQEaW08VdMcNHiOoh8pwujwldyXrFyCgFlZYjMdzcuPzzbgz/3LhZq6tD8sn98WhRm4/226fRxijN05EzVog63vRdl3dyAjIVWbfvU5wapZIgMB5D1zZwxXCvVz9H1bidloxFG3PKa629pYMYT2mGSU0fIHQ=
Received: from BY1PR0501CA0009.namprd05.prod.outlook.com (10.162.139.19) by BLUPR05MB1906.namprd05.prod.outlook.com (10.162.215.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1005.2; Wed, 29 Mar 2017 06:17:41 +0000
Received: from BN1BFFO11FD048.protection.gbl (2a01:111:f400:7c10::1:120) by BY1PR0501CA0009.outlook.office365.com (2a01:111:e400:4821::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1005.2 via Frontend Transport; Wed, 29 Mar 2017 06:17:40 +0000
Authentication-Results: spf=softfail (sender IP is 66.129.239.18) smtp.mailfrom=juniper.net; akamai.com; dkim=none (message not signed) header.d=none;akamai.com; dmarc=fail action=none header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.18 as permitted sender)
Received: from p-emfe01a-sac.jnpr.net (66.129.239.18) by BN1BFFO11FD048.mail.protection.outlook.com (10.58.145.3) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.977.7 via Frontend Transport; Wed, 29 Mar 2017 06:17:40 +0000
Received: from p-mailhub01.juniper.net (10.160.2.17) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Tue, 28 Mar 2017 23:17:38 -0700
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id v2T6HbX3018389; Tue, 28 Mar 2017 23:17:37 -0700 (envelope-from mdb@juniper.net)
Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id 6B67211446; Tue, 28 Mar 2017 23:17:37 -0700 (PDT)
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
CC: "Salz, Rich" <rsalz@akamai.com>, curdle <curdle@ietf.org>
In-Reply-To: <1490766071333.6018@cs.auckland.ac.nz>
References: <CADZyTkmr0WF3BOBby3rObBGGQaqMUq=0Ssc7NB9PAgPFDrk7dA@mail.gmail.com> <30381.1490720068@eng-mail01.juniper.net>, <6ab576118c6945f4ba888dd403cf2471@usma1ex-dag1mb1.msg.corp.akamai.com> <1490766071333.6018@cs.auckland.ac.nz>
Comments: In-reply-to: Peter Gutmann <pgut001@cs.auckland.ac.nz> message dated "Wed, 29 Mar 2017 05:41:14 -0000."
From: "Mark D. Baushke" <mdb@juniper.net>
Date: Tue, 28 Mar 2017 23:17:37 -0700
Message-ID: <57287.1490768257@eng-mail01.juniper.net>
Sender: mdb@juniper.net
MIME-Version: 1.0
Content-Type: text/plain
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:66.129.239.18; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(39850400002)(39450400003)(39840400002)(39860400002)(39400400002)(39410400002)(2980300002)(199003)(189002)(9170700003)(47776003)(7696004)(86362001)(2906002)(5003940100001)(189998001)(6916009)(2950100002)(2810700001)(5660300001)(229853002)(77096006)(6306002)(7846003)(6392003)(8936002)(81166006)(55016002)(54906002)(8676002)(105596002)(50986999)(4326008)(106466001)(305945005)(53936002)(356003)(54356999)(76176999)(7126002)(6266002)(6246003)(110136004)(38730400002)(230783001)(117636001)(76506005)(53416004)(50466002)(48376002)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:BLUPR05MB1906; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; MLV:sfv; A:1; MX:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; BN1BFFO11FD048; 1:TL8GSNrukOUr2n3z25THB/dV7kXz2pKc7au20RSD77v0tA+mzhJvXKKSIINj1zO/xr21fEWr2zl7KsDtAE4j9KkJ47/2ktmh+xRI0sSZS62lA/X3oatGVsrsjsa5pdqjW9Oi54p6CXAhN2wlwj+TRUrepG2gIh37r2kbN+GqM5FrlFSd+T8H0wzrvn1DFuzAI7/i11gaNHyhaGmRO6jys9c5DI4xgytRxbs+cwpNFdTCCBOdF9blZBbqbMYy+llF/pSaZ9Q1/3Ry40220q2CtlAv5KsAyxTrMNiiEAlnYAeyKtOVgIyzicuDqHb+8gRut7PM2+WrHmxq5DEOQ94WIKJsVWjgoS7P8vn0q4AFT/e11xYXo32CtbADMCqxcQGeltW1GyfoeinfJZmGb5eJXsFB/AkGfvHiVxdeoLx8qfaja7C73NbQXS2SE+9yoGUm1att92cmEH92kxFgBZUyQZmL1vypND15ZzKjHMd74d3DLYXQZ/FBCLmym33TPVV/B6nYe/7O2RM5DGk4dFFCA8ZQ44zxrJfoSPaXmFDG91lTmo+S1if3cPYDYqdQgmvumnSVCQq7P5DRdd3YLkv7Bw==
X-MS-Office365-Filtering-Correlation-Id: d4901a55-dc79-4ed1-115b-08d4766b4dc9
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423072)(201703031133078)(201702281549072); SRVR:BLUPR05MB1906;
X-Microsoft-Exchange-Diagnostics: 1; BLUPR05MB1906; 3:bq98ZU2S8BIex++lRTFhVYV9YGWl3fAo4DkFEvC4Pgow1T3DwlRwAxV2MfGs6gYxoI1nhmCdJYpA4w/bfEIEjBBicMsBGo4vG28PzSz8XB4LxFa1NhTIlhi7uJSrIkBjaDayYXxI3ovk4yuLTdQZIO/peA+yIe31rkayx07IE0+X7UcOJRao8vELztKJ458LbpNpt+o6HBeRsIMDwTBg4OdM0WHtgmjM2klRBSPrCXY3z/kwZ6GUeSwyv31+Oeh/OUfAwBQXCepSVl5maJ4WlEwaAMFJGDJytHY+tw3UP61so0GN5PTdUmT8Nal8P5/08nacsDDvq0rDlNIlY+LFv/n9WJQF3ciCjBHDVgl3JAHFi0UdF6ujQ9WiIEQGhtXUUsyJaAShKBcnG5UNZnCDLSNhHeBaTyLrmECu+6P4L1nYc4DrbL9nc4mi1dHFKmvCDFvK3SmuSiAt4xDII+prfHB/uePuW0jq/1nXM2WE6+vj3HOlUg57rSO2tkjElsO3
X-Microsoft-Exchange-Diagnostics: 1; BLUPR05MB1906; 25:mQImDXbQxTmfwW65+bL8RYGyR93/TU+UCk5NxfGqMaCeX0n83FKhZZrHoimnjqNdEJYgdm2O+smMBBSz57l1Uo62AvE/G8qDxPx+vjRZrXgKQr+EYNGwMNhQd4s8iCwNxcmFki6Glf9WwJ5yKxPbFa19vqtD2OKTzXAxxUC4EPqyyoO+P7Z7B67+/rYNR9BkE1wuLhrABKpQKRGOWZHxjSJ+xUTFtgGPn4bLDAONPX9qhz6E4fN9BXJLCpV9tQAORmbWphh9kwDaCMBWTHUdaFB3lVLq/VIKN5bMTD6CMHYzm4ZSOI9mV9MRPRu/ac2NMW9zAFpSNR8Azlk3j0tbBLNm/sb2JNc/yrJi8C7q1+ssL2fVsUp1dbuvGmeWoSxNrd81/qQlHZnnWi8FNOts/zLnY8+ghDYhtJEZIl8i+W6E2Wlcf1uYfyIEfLK6sZvXHj0BlBn9FE1aHCz9CDH0zw==; 31:mtv5TOwOq0oCV4cHIS5g+9clU6IANsv73fY4aQhksP5ruwGlU0v26RQHz965qC/QZJD4rqfaRFSo1btVhqDdMRj7153IUnzUAoPYZWG6oiRC5YAv6hQRBCRhRWRC2ao323ObWjLrnFymPQd+I1rIOrkBKUvLdrcoztJKlDXVpWnd0UVrTEvV7DCa1/VeFlUnOXzrgBSeF7dHjsdpzSiorvIwZzZ1hObkC4aZAROv7HK6PxgcLPmbAsGtHAb7LCA3F9CWxXAXKIiBzU29ZLorclVVo1bhPbM/KwXNmfCg4ok=
X-Microsoft-Exchange-Diagnostics: 1; BLUPR05MB1906; 20:Kvmk4ebWDyla9X38pHgFrdfGc+dSRAksU8LrZEdf43bfA/yF2wP+a9maKcDax2JTNm/8dNSeXssCv51ERFHKqPZxaAKEbv5iBRreEM8LZMCN9lhZseJQew7rerLKj7+Vc+ufmNIK33xzj2mL+oEYRAjRabdoBs5B/25RghHwWo0etvuShFEKVsXRx7FUjo8EMHW6FRPw7LKmTfR08usy/ayMsNOSjiX/F2S50yysaDnNugOf9nZHaW32a1VjCrLq/PNcpAtWe83l7oNeFCcaO8i0FTUcD1BdGdFCZwV4gyYJQje9ZpCPo50PZMtj5gm0lBeion3iZ1rvVXH7E0K+5Eqq0lL2QrmeT7P4cNw6dy3ENRpkD4fECSxZw9woYfGBsnkl8PWzRjiH/L8AZANEkGG6OfO/QlEss4v3dm/EG2qZqn28hv3f1Nng0KyKk8q8eyadK8BdQXwksyMxIrZd99ac+8RMsjxgzSy8TOZeAgGbfbZL/y+UdTFRSi7/IjX4
X-Microsoft-Antispam-PRVS: <BLUPR05MB1906679A004C074004E161D7BF350@BLUPR05MB1906.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(158342451672863)(192374486261705);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040447)(601004)(2401047)(5005006)(13018025)(13015025)(8121501046)(13017025)(13024025)(13023025)(10201501046)(3002001)(6055026)(6041248)(20161123558025)(201703131423072)(201702281528072)(201703061421072)(201703061406071)(20161123555025)(20161123564025)(20161123560025)(20161123562025)(6072148); SRVR:BLUPR05MB1906; BCL:0; PCL:0; RULEID:; SRVR:BLUPR05MB1906;
X-Microsoft-Exchange-Diagnostics: 1; BLUPR05MB1906; 4:Pu2mt1VKYWD07XOaY+DHorbXrBfazZ3wfHbYXNcfEWEWWCp+o3b2egse7WM+JuCBVy3/MaQP1z2jxDhPU/16TOt3cFGkTci1VslT4RHnbT0aKR1+ODxL48OUcbjVcts9qicM31IMNPNj+kdu3Jxq/0CAFveRM0IoXjDC7t2PFm6r0uHGYXF+KsmPMyT5S7u6t074WHtvZVD03qrlEAZOgPHWCkKctDrHSJ1jhSx0I5hf01dsJxUH/N/sQphep7djeAjroPqlzFuSiOFxl7zAncx6dTQpulSPCh8MdOG2WAnKKcXFSopnmudNq+kA7a/PqjGgSoAx1vDF6dwV1KV8gpMUs1s0IMLeZBMbR1Ar6TPlB69Ajhf4XQyc0d7wYW8V/kfKF2CWVMl7l8lewr2CUQI8PVuMq055WqB//gx3YfKa+kD5+TwHEKBWfAWWWMZwzxiCqZRz97Ej0wj23n0V53ZAl0q7CZP3KNH3kFTgs6YyVe60s8k2V9pShkIK75IJQGn1qTSbdeG2yNzzojP52m9MCwQiTL+6EF3ctCOpLoax7mKq4A2D8CRNsPAO1I+jC4UuKxbr6V2uLyTodcn8q0QauVFBJUbUWz66wllYd8u3nnJhIAUm4TTx8EiV0CMPS8oWaEb4Jqc0GA7nUMhISC0caMI1ogVab6SXICHCDwbJfM5n9g6D8JgFpO9jL5a0i2xeXGg+oau2T+oljw/KYGDm9wKP48nUxd/wEDXZCpy5ZxemBw1fFp0SIq8v0PcIIT46N2nO4hBxlG9Z1L69JJezfagBze7QG9f99mIbVV5Jej8cNi5/QJsUSewhwtwRvoiIjwlUCmX8mfAl9t9NdxWom5us7WrE/Fg8H9Hrs87iIJChY0JhtfIxXlWcR9P8Gvir7CHsBkOQKld3HsUPvvtaVb6v46zcKkC6XW/QHWLnWzaRsdPlTlmKRZd7AW3b
X-Forefront-PRVS: 0261CCEEDF
X-Microsoft-Exchange-Diagnostics: 1; BLUPR05MB1906; 23:tdF65sQPguUMU4bFeVlDhQxbi06mtaAT56PxR+fkWz8bZgdHhRidclCtAsOl3am0/Oyj5KdLhMwm5tV70V+ywZ7p1eoEC/WN6813zcP9qWyN77yQevUZNV8XlumDWsvdPm2ZxOkewAjuf81ft7pJn5FWAbLA2Ex2or/Y/Tmnus91JAl7Zt/l8gPxeiIjbVVKH8Ob1+56fPKo6utzU0CiMqKzidrNcAAe7ySklsjdfQeqWDWc+hyihJ43Gg8peDcpJq994mTM7tmAw2+IwcSTw/Ez2FxbJNAEc0QvpYtPtu9e6h7BRyBUeQg1txxDOn7492MsF93YjQmXjCbIXWA9ew89oVQqMvPwxlKhHwxAGPxAkUSaERbj8jHbm/Y/JzsN9xdNrInHfS//gub6ebImWjneAODTjrlAgCpuFgCwhKkZxin/hT0V7KZVT8m0zgSAoOWGZWEKIsY2SOLE1DhndyOf5fXNPHjM9X3Ud20NaGy5y0dhAe880KBJSW5EXqeakHeOIHOza7Z1GarGd+hANwQnG8aSrzM6nadsNv1398Ts3Ge/cC8Za6Hm0XwCXVKUtJnTdaTfZyi0FkETg7wIsY8RVWh5ww5GkvjlaZrTByj4zg+RWSKmsjp/ocjgHPyCELrPnSIfnUJYDAkiyqSblD/a4XlYwHKDZ1On5h46vPdeM4fOJu7W+HT485sokpXsqjKTpxYjgCRtS+ssc4tHX9KyFQfsttpp63KopjwZeWTp81AlsO00Bt+2zOzQjeC7BxjLQMs40dtzAdVPI2EEbNJ9fkTBLEYuhPGgRQMDn4Kf/LK7K3O7fLC6KX9jz6/nvwr2PP2sUSyCODQJUPLbx9+9c+tD6qWmxeJW+d3FyAkZHvdniH862kcf7Qlkw25PNI53E2NTPyzqYHDZQXKTM4eUj/feFG6xP6CDQAYopi/7LR7BQ7dil2+7FppsNDPJOxhAk7Z7uzOrkyQs10vNKOodlE13kp2b4Rxbmc0jAxtKlOt0/NMmzvtUN7DBH1DpG+ApvQO3lunPqMCaOk0b9AiTYOnnQ9L9A2prpM+HYEFQckifciGQAHDTck6oUkfabNTExyLGbRjPDwgXzNF3Et59yV2pEV1/T25VPIKmuobq8jiI+ckebSCMNSN96LOFkD65h/848zVR2wmXUVohmlUeR9nnbaTvMONmmMjSbi/0uReYtXmdDOt9mMm1EqgHMusydaPY4vwToEWMjbSCD/xgwh92R2ezLu0NUBhKeUgudG5W2/MCe0kp81+NXv3y
X-Microsoft-Exchange-Diagnostics: 1; BLUPR05MB1906; 6:F5Ldy78EdtqWThMsf/cS68kxdnAY2327phyh5iAWg5/IfcSroos9ISq8FMRo6HFJo/A8xtJuoLyYIlqXNfwJMNZDgco9NikNkwgOy7LiYxcnED0EUGcC/HJ3rgaS72IN4Y5/bowVrGuXjsOi+ASRMK6BLQK7GzOieRUneB19zo0vIMzwiAvCSC1xBnjT5zq6+iayeBZKpMLBCnG+/0N6tYuMm6YtlaDW+gDC5Hdf0HGqvmr55YgMoIAuKNNN1jwR9BtRBQCy7EI1xKjGP7s4VlJp0zmyRQ9FBs3qOCeY0gGrUS0sMJo4FOwy96442915CcSdvhiqI3dhp5glNbHqMsqu8ELfqiFEwWk6crgNhsO5Vr53ci1QpB776wVJMOKCwDcZjpsit4JAwG2EoZDWC1GwLTtYMI9lOBYvgtoYa60=; 5:BzUhPjN+w4n/OKU8/w31uM0HXKUbtbB3qWbRVVXMEU0HSWmQiarHnDKXaddnyqTaUx2vKmNr2hgmusQ17hgOOwjBm1WkyGqEtK6/JSBKmifp7a0XotGetW3KEH/LqWGoyaHwLlMkQO51iLQaKdi3GA==; 24:3qeNMIEYCePA7tZUslg61sFUbFqydMqinoCmjpwXGFY7SjOFRsJOdZO1YlraRIw4olywoQ3r/0wt4Ub4BaqKPeX6GeazVOjqyDnKpidjd58=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; BLUPR05MB1906; 7:meyUe4BHWNPnuRGa8zEYz90Sd7UO6oR/xFwbW+wGs2DAVebg/uZc0zP8r+dUAZDFsaF/z19RXDiQYzkelI1buXKJDK90o96hAtHVkInmxHWk8SYRpnpUkmNuiudAkkQHVfxCRCvMheJ6wJIDFYSeofTqhbr1aa4uH2D+LX2RDbDOea7JwGUW/n0v8O+K7j89ums/8DZFZw7A3uNR7E7+dP0NnFo/AP1arSgIrSNGr4bzy3oyAh2iJoBa8Ha4eSpnn7DSzaDOiZi7RJxjSOIvLte798eEs/e6Bp1mGKdWRehFIlFknsQPjVyNtTUBqnv/nnkjnrb9j/RDs5SiQfsFDg==
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Mar 2017 06:17:40.1095 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.18]; Helo=[p-emfe01a-sac.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR05MB1906
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/xPEftj1klitgVO7z4aM3Y48B1qo>
Subject: Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Mar 2017 06:17:50 -0000
Hi Peter, Peter Gutmann <pgut001@cs.auckland.ac.nz> writes: > Salz, Rich <rsalz@akamai.com> writes: > > There is one obvious counter-argument and that's diversification. The > problem with the DH1024 group that was pointed out in the Logjam paper > is that absolutely everything ended up using it, making it an > incredibly attractive target because if you break that you break > everything that uses it. Having everything use the 3526 groups, or > similar, just moves the problem to a slightly larger key size. So > using known-good parameter sets that differ from what everyone else is > using, and in particular IKE and SSL, which are much large targets > than SSH, wouldn't be a bad idea. This is probably the argument which led to the creation of RFC4419. Of course, there is also the possibility of a dishonest or subverted server which is using a backdoor DH: How to Backdoor Diffie-Hellman David Wong, NCC Group, June 2016 URL: https://eprint.iacr.org/2016/644.pdf > In -LTS, one of the suggestions I make is: > > If this isn't possible, an alternative option is to pre-generate a > selection of DH parameters and choose one set at random for each new > handshake, or again roll them over from time to time from the > pre-generated selection, so that an attacker has to attack multiple > sets of parameters rather than just one. > > So one possibility would be to generate, say, 16 NUMS DH parameters > for each size and publish those, and have the server select one at > random. This adds security both in terms of diversifying from the > IKE/SSL values that everyone else uses, and forcing an attacker to > break all 16 parameter sets instead of just the one. Another possibility would be pre-generate a number of provable primes that are NOT safe primes and pass {FSeed,vPseed, Qseed, Pgen_counter, Qgen_counter, g, Q, P} from the server to the client to prove to the client that P and Q are primes and then commence the key exchange. The benefit of safe primes is that q (a Sophie Germain Prime) has a very large cyclic subgroup. The downside is that there are not as many safe primes in the number space as there are primes. While I do not know of a method to attack this weakness, it is something about the structure of safe primes that makes me wonder sometimes. Using a q prime with an order that is roughly half of p is still plenty large enough for slowing down a sieve and would also still be a bit harder to break in a Post-Quantum Computer universe even if it does not have as large an order as a sophie germain prime. Given the provable prime parameters, the client could verify the primality of q and p and that g is a proper generator for the q-ordered subgroup. Especially if g is chosen to be 2... :-) In this way the client will be able to avoid using a backdoor DH. Would a Draft RFC dealing with the creation of such provable primes be something that is useful to the Curdle WG? Is it likely that something like this would be adopted by more than just SSH? -- Mark
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 denis bider
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Peter Gutmann
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Daniel Migault
- [Curdle] minutes for IETF98 Daniel Migault
- [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Mark D. Baushke
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Salz, Rich
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Martin Thomson
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Yoav Nir
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Peter Gutmann
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Mark D. Baushke
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Peter Gutmann
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Yoav Nir
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Tero Kivinen
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Tero Kivinen
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Tero Kivinen
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Anna Johnston
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Anna Johnston
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Peter Gutmann
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Peter Gutmann
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Salz, Rich
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Tero Kivinen
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Tero Kivinen
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Hubert Kario
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Hubert Kario
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Anna Johnston
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Hubert Kario
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Ilari Liusvaara
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Hubert Kario
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Ilari Liusvaara
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Kyle Rose
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Hubert Kario
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Mark D. Baushke
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Kyle Rose
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Ilari Liusvaara
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Mark D. Baushke
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Kyle Rose
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Hubert Kario
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Tero Kivinen
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Peter Gutmann
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Peter Gutmann
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Peter Gutmann
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Hubert Kario
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Tero Kivinen
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Anna Johnston
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Hubert Kario
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Anna Johnston
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Hubert Kario
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Anna Johnston
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 denis bider
- Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 Hubert Kario