Re: [Curdle] Which curves are MUST and SHOULD ?

"Mark D. Baushke" <mdb@juniper.net> Tue, 05 January 2021 02:37 UTC

Return-Path: <mdb@juniper.net>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD5083A0D55 for <curdle@ietfa.amsl.com>; Mon, 4 Jan 2021 18:37:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.349
X-Spam-Level:
X-Spam-Status: No, score=-2.349 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.25, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=EI+a+heX; dkim=pass (1024-bit key) header.d=juniper.net header.b=UfnpMyQ7
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RhZ7o0y4WVoQ for <curdle@ietfa.amsl.com>; Mon, 4 Jan 2021 18:37:58 -0800 (PST)
Received: from mx0b-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 701C43A0D31 for <curdle@ietf.org>; Mon, 4 Jan 2021 18:37:58 -0800 (PST)
Received: from pps.filterd (m0108157.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 1052ZjoX027217 for <curdle@ietf.org>; Mon, 4 Jan 2021 18:37:58 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : subject : in-reply-to : references : from : mime-version : content-type : content-id : date : message-id; s=PPS1017; bh=IbZtMW8o1D/IlZcmqEELq8Hfo8Us9E+koBuFMb/bZ6s=; b=EI+a+heXw1sguM1A9l10gU7eNeHq+6C2q1mw2Ss8HcmekkuR+wbtbqCbiA6rXBKltEVY cnSHOlkqshf1DKF19PuHLhaBIkhgRxTZ1ekR+Nxkoi3ERYcnhiEfsWZKjo7R3Jd3ZpBn uBKntqYbTBjdZzNLSfOawpE1oO3wCZBmlPRfP7YO1VGQ5QzTmD0iN4v6G616KBJW9rze i2YVvxouG80XGKeHqNc/RsgSH9TtS0t9tQAZTmrmcU0g6cvv0E8LL4rIIOaCa7U6X2rU FL1Z9kOpQIWUJeznLzblguLIVR4xXdmrlKPCxGOnY6T9lrG5aiCdfGnutJDtr4vf88ti xg==
Received: from nam12-dm6-obe.outbound.protection.outlook.com (mail-dm6nam12lp2172.outbound.protection.outlook.com [104.47.59.172]) by mx0a-00273201.pphosted.com with ESMTP id 35tryt2urf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <curdle@ietf.org>; Mon, 04 Jan 2021 18:37:58 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DcResX3tamRNLIuyI3omw9tBjfwCfEBdlLxfvVg846S1jZAuMAvBEJZiyIQcaq3yQqLBXWNVainsoesE4MI8GATUgZSg9R5GjatLjcJhbCei5q98jHILmGSu+Rfr6uifNv7Y6fvl9n0bXmiK1CzogXZQWMQSzGRdi+pjY+ZLgP6iTvp8g/afHw23UrUi/ZWeLeS5d/37nRwOL8/5E5B9ZcVUYsGiitdYpIeP1OBwPPGfswEQ97+poFUdvUHs+mz6aX8YDVt9Q8hg88rjb6Bm4CEUCZlkQTR3bJppX3EqcS3edUs+mDdFdOXpkGjvQYx6i059w16TjtUjo3PLTelCfg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IbZtMW8o1D/IlZcmqEELq8Hfo8Us9E+koBuFMb/bZ6s=; b=gDn4xfkFfuE6/xoERWi7SyXzm8vSlRbbYVto9yaxe0suHho2l0dwI8ZnwYdDREjbBAuL6RgCOO+pGabJ7FoqjFFiMX4gDFycOCYTIN9uJO85rVFyW03Xs9BbQ7ZwsGAensL7yl5xGWQCOhsYxZ+PpAV3HWGc66QUzqrgW95b2/m/Z4k5+RxbIAh4NsLcNrzLGf5N6bCICheQOCSfRh/XKh+Pty4GIDa4St9J94p1hPtWQCTd5yk0s8gP87aHFLa+hce4UnKBpmCsc8BrWXRVtniMCa6OhqJQ2vdjzftNp3IYhCJp9XgmeIMXwE+x6r+N3VkiqUjvMEdBVotPuqK+Dg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip is 66.129.239.13) smtp.rcpttodomain=ietf.org smtp.mailfrom=juniper.net; dmarc=fail (p=reject sp=reject pct=100) action=oreject header.from=juniper.net; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IbZtMW8o1D/IlZcmqEELq8Hfo8Us9E+koBuFMb/bZ6s=; b=UfnpMyQ7CXX0XoyZwoZf90CyQT455YHovljJoU/+wWnve1t/w05uHm/AMxITh4KtVyOJXrROi+bpi8Sj32GU1YihCbDQ4N4OC4V2vyrD/sYV5d/DvI/9NaHfQ+8DTQEC6ghNo2mtcI63h3ed2z5LhhZlk9n4bcHNTM/r5mmpDm8=
Received: from BN6PR03CA0084.namprd03.prod.outlook.com (2603:10b6:405:6f::22) by BYAPR05MB6472.namprd05.prod.outlook.com (2603:10b6:a03:e6::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.4; Tue, 5 Jan 2021 02:37:55 +0000
Received: from BN8NAM12FT049.eop-nam12.prod.protection.outlook.com (2603:10b6:405:6f:cafe::12) by BN6PR03CA0084.outlook.office365.com (2603:10b6:405:6f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3721.22 via Frontend Transport; Tue, 5 Jan 2021 02:37:55 +0000
X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is 66.129.239.13) smtp.mailfrom=juniper.net; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=fail action=oreject header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.13 as permitted sender)
Received: from P-EXFEND-EQX-02.jnpr.net (66.129.239.13) by BN8NAM12FT049.mail.protection.outlook.com (10.13.182.124) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3742.4 via Frontend Transport; Tue, 5 Jan 2021 02:37:55 +0000
Received: from P-EXBEND-EQX-01.jnpr.net (10.104.8.52) by P-EXFEND-EQX-02.jnpr.net (10.104.8.55) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 4 Jan 2021 18:37:54 -0800
Received: from P-EXBEND-EQX-01.jnpr.net (10.104.8.52) by P-EXBEND-EQX-01.jnpr.net (10.104.8.52) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 4 Jan 2021 18:37:54 -0800
Received: from p-mailhub01.juniper.net (10.104.20.6) by P-EXBEND-EQX-01.jnpr.net (10.104.8.52) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Mon, 4 Jan 2021 18:37:54 -0800
Received: from eng-mail03.juniper.net (eng-mail03.juniper.net [10.108.22.11]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id 1052brEA022932; Mon, 4 Jan 2021 18:37:53 -0800 (envelope-from mdb@juniper.net)
Received: from eng-mail03 (localhost [127.0.0.1]) by eng-mail03.juniper.net (8.16.1/8.14.9) with ESMTP id 1052csF2000759; Mon, 4 Jan 2021 18:38:54 -0800 (PST) (envelope-from mdb@juniper.net)
To: curdle@ietf.org
In-Reply-To: <7f27ed9c52fbbabd6047b2a1a860afff2656ad76.camel@redhat.com>
References: <2CCABC30-F757-4659-9FF3-5AADDD51EE30@akamai.com> <4b681efd49274f03c7e0521e127e031426632ad0.camel@redhat.com> <CADZyTkk--kCWqE7q0Xi5C40V92MuZBktDzQGt_vPSZPiBy7v9w@mail.gmail.com> <18479.1606885358@eng-mail01.juniper.net> <20201205194724.GB64351@kduck.mit.edu> <37691.1607621661@eng-mail01.juniper.net> <1607647129866.76532@cs.auckland.ac.nz> <2917.1607672034@eng-mail01.juniper.net> <012AE120-2516-44F6-B729-ED342A137535@timeheart.net> <ED8F3B46-A5CC-4D14-A714-FD1C0AA67486@akamai.com> <12959BD6-F3AB-418B-8CE0-C3BE43999435@timeheart.net> <40887.1608233724@eng-mail03> <0f4dce32-b362-43d8-85e0-9608ca3427ab@redhat.com> <90135.1609791710@eng-mail03> <7f27ed9c52fbbabd6047b2a1a860afff2656ad76.camel@redhat.com>
Comments: In-reply-to: Simo Sorce <simo@redhat.com> message dated "Mon, 04 Jan 2021 20:55:25 -0500."
From: "Mark D. Baushke" <mdb@juniper.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <756.1609814329.1@eng-mail03>
Date: Mon, 04 Jan 2021 18:38:49 -0800
Message-ID: <758.1609814329@eng-mail03>
X-EXCLAIMER-MD-CONFIG: e3cb0ff2-54e7-4646-8a04-0dae4ac7b136
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 5b7dbc45-6833-4876-46a3-08d8b122e80b
X-MS-TrafficTypeDiagnostic: BYAPR05MB6472:
X-Microsoft-Antispam-PRVS: <BYAPR05MB6472E06D427809543F61468EBFD10@BYAPR05MB6472.namprd05.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: b3krpa86P6j6p6d0+uaeoaxu3Lj/8eYYY6fDa6ChYNQRGXMCHp+uLqgfCXnvLmEwuqEJ4Ur0l6jlLPw+cgWTbhG19aLrFJDy9fB54W/KIp7v12y7zzlwxPM7qPDwhQconoGKG/XMGUyQs2dPt/BXQ6r0QDNbenprvYYHz5LiP7aHMPoWkmXOpkeiWtSg8juFmBSae5GPNTwso0A6EKfnVs7V2vBvWz/hps/9LftdHWf6sW2UXq+74SwRzMLhAkIdt16PC1nJd6nXJk7q5EmB6ibpFB8FSsRAasC91PCYUOnbvylFhBSdx60azmqn4qdsovjt6o9OF65/eWnARi+R4PH7m9yGtWZDJdCP0HLl/1YKkGPkrVqDm/vAmpPjoXqN91K0m/CVemO168V2RvZP7gfCDRUS8Q+fp/67hCtXbKG8hoGBhOwGQx7K4ryCKkWEAwViC6iVpJooeGqXsVwZBg==
X-Forefront-Antispam-Report: CIP:66.129.239.13; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:P-EXFEND-EQX-02.jnpr.net; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(4636009)(136003)(376002)(396003)(39860400002)(346002)(46966006)(33716001)(47076005)(336012)(26005)(6666004)(186003)(316002)(6916009)(426003)(81166007)(83380400001)(2906002)(356005)(7126003)(82310400003)(70586007)(9686003)(8936002)(86362001)(5660300002)(70206006)(82740400003)(8676002)(478600001); DIR:OUT; SFP:1102;
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Jan 2021 02:37:55.1663 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 5b7dbc45-6833-4876-46a3-08d8b122e80b
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.13]; Helo=[P-EXFEND-EQX-02.jnpr.net]
X-MS-Exchange-CrossTenant-AuthSource: BN8NAM12FT049.eop-nam12.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR05MB6472
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737 definitions=2021-01-04_16:2021-01-04, 2021-01-04 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 mlxscore=0 malwarescore=0 phishscore=0 priorityscore=1501 clxscore=1015 lowpriorityscore=0 adultscore=0 bulkscore=0 spamscore=0 mlxlogscore=669 suspectscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2101050014
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/y9B4-P7XCowpQ-Sw0GLlirrWw0Y>
Subject: Re: [Curdle] Which curves are MUST and SHOULD ?
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jan 2021 02:38:00 -0000

To make things easier to count. Here is a template for your response:

Template::

From:
Implementor-or-User: 
diffie-hellman-group1-sha1: 
diffie-hellman-group14-sha1: 
diffie-hellman-group-exchange-sha1: 
rsa1024-sha1: 
gss-gex-sha1-*: 
gss-group1-sha1-*: 

If you are an Implementor, you are assumed to also be a user and get one
vote as an Implementor and one vote as a User (that is your vote is
worth twice as much as a User).

If you list more than one response, like "MAY" or "SHOULD NOT" then I
suppose each could get a fraction of your vote, but I would rather not
see vote splitting done. Please take a stand.

My vote is the current (unpublished) -13 draft suggested values:

----------%<----------%<----------%<----------%<----------%<----------

From: Mark Baushke <mdb@juniper.net>
Implementor-or-User: User
diffie-hellman-group1-sha1: SHOULD NOT
diffie-hellman-group14-sha1: MAY
diffie-hellman-group-exchange-sha1: SHOULD NOT
rsa1024-sha1: MUST NOT
gss-gex-sha1-*: SHOULD NOT
gss-group1-sha1-*: SHOULD NOT

----------%<----------%<----------%<----------%<----------%<----------

I would expect that any "MUST NOT" votes are requesting that the
Implementors will remove any code to support the Key Exchange.

A "SHOULD NOT" vote would be a vote requesting that the Key Exchange not
be enabled by default.

A "MAY" vote would be a vote requesting that the Key Exchange be listed
as among those of last resort among the list of proposed Key Exchanges.

If you wish to update your vote, please send me email and I will replace
your vote.

Should I post the summary of the Straw Poll with email addresses at the
end of the period (say, two weeks hence? at 17:00 UTC on 2021-01-19).

	Be safe, stay healthy,
	-- Mark