IETF Logo Mail Archive

Re: [Curdle] Second AD Review: draft-ietf-curdle-ssh-curves.

Daniel Migault <daniel.migault@ericsson.com> Tue, 30 July 2019 23:49 UTC

Return-Path: <mglt.ietf@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F5691200D8; Tue, 30 Jul 2019 16:49:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.557
X-Spam-Level:
X-Spam-Status: No, score=-1.557 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.091, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dc03JIntKTEx; Tue, 30 Jul 2019 16:49:57 -0700 (PDT)
Received: from mail-vs1-f50.google.com (mail-vs1-f50.google.com [209.85.217.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E56D61200B9; Tue, 30 Jul 2019 16:49:56 -0700 (PDT)
Received: by mail-vs1-f50.google.com with SMTP id a186so43304718vsd.7; Tue, 30 Jul 2019 16:49:56 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=reKuSmQ/8jm0lv6xw14wBTCT6jMzoYKhLq6Q37KOmSs=; b=g9rAmkN7T6bwoP1J5d5RUdTytJb31nNAuHpaFFEF51roc/IPUWj+uoIbeyNg8gUluj 1uJSQtr5Ms+iyYfTMUSLN2u0Vlbk3qzPPTPjj62a50T8p2wWxaJ1ttbffkTRE3Zq8gKz N0gJJQTe0/Q6nk14j5Ak63hRLhbxRhL/mQ1fAneoCTge4fAosVY6xgW7lyhYmeMawXPS LVYPdxXOsbXylEmyOJMY02TgDlvZ8AWlpP1yMZRUEhTnxN9bXyMd69/LN0ufKJiqDdmf hsmtcEA1XaIdtzaEGq2QKy2xX+Tb2ahAi/2cI8AzxVywJ9sQlohk1CBBfZzT52xsrB8n azYA==
X-Gm-Message-State: APjAAAWlHV2zonuoiMB8vLhb6joKcmdhiUkG62gPcliQjDuNAZEQ2EU8 rBVG+x1M8E2KZNV+k/8it/WUJ2X02IiB2z1T77o=
X-Google-Smtp-Source: APXvYqya02tzRlQYvBvOA02wa8wazVWnPUhX27fx3mivsVsMLWIbDBJ41Q374eoKFASPsczxvq1SGf7lTd/A7pqcsfo=
X-Received: by 2002:a67:33c1:: with SMTP id z184mr79378073vsz.169.1564530595943; Tue, 30 Jul 2019 16:49:55 -0700 (PDT)
MIME-Version: 1.0
References: <CABcZeBM1xaLR2RqYo8_VmO1ue2qr3rn_52MhSDHagKhNF-AYQA@mail.gmail.com> <20190730214702.GS47715@kduck.mit.edu> <31257.1564525402@contrail-ubm16-mdb.svec1.juniper.net> <20190730231321.GU47715@kduck.mit.edu>
In-Reply-To: <20190730231321.GU47715@kduck.mit.edu>
From: Daniel Migault <daniel.migault@ericsson.com>
Date: Tue, 30 Jul 2019 19:49:44 -0400
Message-ID: <CADZyTk=9-pJ8mkwKSDMcZtN2DfD=C2OBDSm6v2pcvp-J2hekqg@mail.gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: "Mark D. Baushke" <mdb@juniper.net>, curdle <curdle@ietf.org>, draft-ietf-curdle-ssh-curves.all@ietf.org
Content-Type: multipart/alternative; boundary="000000000000696432058eeeaa4f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/xXenjRxe0-DbiEuquIGoWi8dKq4>
Subject: Re: [Curdle] Second AD Review: draft-ietf-curdle-ssh-curves.
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jul 2019 23:49:59 -0000

I believe the easiest way to do is to let Mark update the draft when time
permits. Thanks you Ben and Mark for moving these documents forward.
Yours,
Daniel

On Tue, Jul 30, 2019 at 7:13 PM Benjamin Kaduk <kaduk@mit.edu> wrote:

> On Tue, Jul 30, 2019 at 03:23:22PM -0700, Mark D. Baushke wrote:
> > Benjamin Kaduk <kaduk@mit.edu> writes:
> >
> > > I took over as responsible AD for this draft from Eric, but I don't
> > > see any response to this second round of review comments.  Luckily
> there's
> > > mot much left, so hopefully we can get a new rev out quickly and move
> the
> > > document forward.
> >
> > I do owe the AD a response to the comments and a new draft.
> > I regret that other commitments have prevented me from this.
>
> I completely understand; my main goal is to ensure that *I* was not the one
> holding things up, as there are quite a few things for which that is the
> case at the moment.
>
> (BTW, if anyone feels there is some urgency to getting these documents
> published, the chairs can appoint a new document editor to handle the
> mechanical text juggling and document submission.  That might be less
> feasible for the other document, though, given the volume of comments Eric
> made.)
>
> -Ben
>
> >
> > > Thanks,
> > >
> > > Ben
> > >
> > > On Mon, Dec 24, 2018 at 02:16:24PM -0800, Eric Rescorla wrote:
> > > > Thanks for addressing my comments.
> > > >
> > > > IMPORTANT
> > > > S 3.
> > > >
> > > > >      received public keys are not the expected lengths, or if the
> > > > >      derived shared secret only consists of zero bits. No further
> > > > >      validation is required beyond what is discussed in [RFC7748].
> > > > >      The derived shared secret is 32 bytes when Curve25519 is used
> > > > >      and 56 bytes when Curve448 is used. The encodings of all
> > > > >      values are defined in [RFC7748]. The hash used is SHA-256 for
> > > > >      Curve25519 and SHA-512 for Curve448.
> > > >
> > > > This is true if you use the 7748 algorithm, but not necessarily
> > > > otherwise.
> > > >
> > > > Here is some OK language (from tcpcrypt)
> > > >
> > > >    Key-agreement schemes ECDHE-Curve25519 and ECDHE-Curve448 perform
> > > >    the Diffie-Helman protocol using the functions X25519 and X448,
> > > >    respectively. Implementations SHOULD compute these functions
> > > >    using the algorithms described in [RFC7748]. When they do so,
> > > >    implementations MUST check whether the computed Diffie-Hellman
> > > >    shared secret is the all-zero value and abort if so, as described
> > > >    in Section 6 of [RFC7748]. Alternative implementations of these
> > > >    functions SHOULD abort when either input forces the shared secret
> > > >    to one of a small set of values, as discussed in Section 7 of
> > > >    [RFC7748].
> > > >
> > > > COMMENTS
> > > > S 1.
> > > > >      key exchange protocol described in [RFC4253] supports an
> extensible
> > > > >      set of methods.  [RFC5656] describes how elliptic curves are
> > > > >      integrated in SSH, and this document reuses those protocol
> messages.
> > > > >
> > > > >      This document describes how to implement key exchange based on
> > > > >      Curve25519 and Ed448-Goldilocks [RFC7748] in SSH.  For
> Curve25519
> > > >
> > > > 7748 calls this Curve448 and you do so later, so please be
> consistent.
> >
> >       -- Mark
>
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle
>

v2.23.0 | Report a Bug | By Email