IETF Logo Mail Archive

Re: [saag] Possible backdoor in RFC 5114

"Mark D. Baushke" <mdb@juniper.net> Mon, 10 October 2016 15:14 UTC

Return-Path: <mdb@juniper.net>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A1D7129462 for <saag@ietfa.amsl.com>; Mon, 10 Oct 2016 08:14:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.922
X-Spam-Level:
X-Spam-Status: No, score=-1.922 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=junipernetworks.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WWOnQDuFvdvM for <saag@ietfa.amsl.com>; Mon, 10 Oct 2016 08:14:51 -0700 (PDT)
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-cys01nam02on0116.outbound.protection.outlook.com [104.47.37.116]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF3E7129708 for <saag@ietf.org>; Mon, 10 Oct 2016 08:14:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=junipernetworks.onmicrosoft.com; s=selector1-juniper-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=d1Ymf+J3pNJ63XX0+8m75eXwYfnl1Bv0HUL0hiwK/Gc=; b=Na0rezNHzmJaLIfarFX9KsqvrH2UU7Hsx9WHIvBkAm2qysaduK7jYE02gQJY6bLDC++uEVw/nuGOQ0o2VCpqiKsI0/PCaUu6hTtZ0QWmpBJ3H731bKPqt08pQI6oCBcLHlrnrkcfUsxtUcHBwUS/m8mBD/qe12XhbBdeJYqRaI8=
Received: from BY1PR0501CA0006.namprd05.prod.outlook.com (10.162.139.16) by SN2PR05MB2733.namprd05.prod.outlook.com (10.167.19.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.669.5; Mon, 10 Oct 2016 15:14:49 +0000
Received: from BL2FFO11OLC013.protection.gbl (2a01:111:f400:7c09::171) by BY1PR0501CA0006.outlook.office365.com (2a01:111:e400:4821::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.669.5 via Frontend Transport; Mon, 10 Oct 2016 15:14:49 +0000
Authentication-Results: spf=softfail (sender IP is 66.129.239.18) smtp.mailfrom=juniper.net; gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.18 as permitted sender)
Received: from p-emfe01a-sac.jnpr.net (66.129.239.18) by BL2FFO11OLC013.mail.protection.outlook.com (10.173.160.161) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.629.5 via Frontend Transport; Mon, 10 Oct 2016 15:14:48 +0000
Received: from p-mailhub01.juniper.net (10.160.2.17) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Mon, 10 Oct 2016 08:14:47 -0700
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id u9AFEkFo005192; Mon, 10 Oct 2016 08:14:46 -0700 (envelope-from mdb@juniper.net)
Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id 04DCD1141B; Mon, 10 Oct 2016 08:14:45 -0700 (PDT)
To: Tero Kivinen <kivinen@iki.fi>
In-Reply-To: <22523.33312.32834.216296@fireball.acr.fi>
References: <CACsn0ck9u3ct3wD7xWXtDZ89Q1R6OKTQFMYuZ56_vY2ys+1=YQ@mail.gmail.com> <bfa71c30-3ccc-1538-c682-33e14c910e21@cs.tcd.ie> <22519.43588.421250.807948@fireball.acr.fi> <CADF337F-88BC-4B9E-B05F-94F146CB068B@gmail.com> <22523.33312.32834.216296@fireball.acr.fi>
Comments: In-reply-to: Tero Kivinen <kivinen@iki.fi> message dated "Mon, 10 Oct 2016 14:57:20 +0300."
From: "Mark D. Baushke" <mdb@juniper.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 10 Oct 2016 08:14:45 -0700
Message-ID: <57973.1476112485@eng-mail01.juniper.net>
Sender: mdb@juniper.net
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:66.129.239.18; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(7916002)(2980300002)(189002)(199003)(8676002)(81166006)(69596002)(68736007)(356003)(47776003)(626004)(8936002)(8746002)(305945005)(6916009)(15975445007)(2950100002)(189998001)(77096005)(97736004)(586003)(81156014)(11100500001)(87936001)(76176999)(105596002)(106466001)(5660300001)(92566002)(50466002)(76506005)(2906002)(53416004)(7696004)(7126002)(117636001)(4326007)(110136003)(2810700001)(93886004)(54356999)(19580405001)(19580395003)(50986999)(86362001)(23676002)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:SN2PR05MB2733; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; BL2FFO11OLC013; 1:vP4z1VwEvlK9TrkQVm246mFdOB4DXCKQDsIQJtYAXowHAAHKm7gaRrA+1GJ5KJCEbfwazx2LUvr039yyILwFtHWQ2hESmZU1J85Cky8IBjgfq2l7/6nDUcG4uemevtY4t7gPskxO7XSYDu3uyN1ZxTm488+qoGMk/U0RxGoPXm5rSPGJoBsBIPb/c0XKhZllb+K+v/h8DmHJk4xtuFsdpeUzNLnlTYtrmT0Offc/QIDgJF5NVh1neb4ZvCwLZkxjA7ljKs7CFdYnNmDSB3Kx8rVSx7ye5GrbotKYUGtT4N3b61vfDCCytpPActM09Ewi6KwaDTlmCadBOyEgoHZvZKKYRX3zJAobb6uRnsddSm0JvGmVzH0rncKcXVlwuz6ANrMgrHO8X75TclvqB4ImKxvI2pSxo82DIsRu+KoBiCRSjm3Ytu5TwE33IvQCLbX2Q5J98Z7dGH/6dSofty7CqP9ESTbDP0d5/DqOSc9Za4Zn6GUG2K9xhEyVRWfiODz+63WlTdAsHImiHj/zvPdBlHf4ezYl29C8Mn+8emaU0n3Aw1deWUv7Yq99AzpeGN7T
X-MS-Office365-Filtering-Correlation-Id: 03d8ad3f-ac71-4ae2-82bf-08d3f1202d72
X-Microsoft-Exchange-Diagnostics: 1; SN2PR05MB2733; 2:rNSKsd+Z/Pzqa6O2GtcJ4/pVwVhHLPGQsxkrYGnIF2rra2K0A5i24duXD7NBI47CJgW8YBE2xS6/pwxI63iZ7AyBOBA5hipPQ+NAPvPQ4tC0qU6TyKtDT8HVlWVKg95H7gMmdfek4NW7QxWCUmurSNK7xRkFGVm9JDsgKozpdTCh9c/L0B5LDSeZlzzTYoqEMgRTM/sytvz+hxCNvJOTtA==; 3:Hz3o+COEEEH9DXaSDt87ifBvBQHsyZ6nXTI0CQs3CvCJQKqRmoKPsDUNVnCMRYL4SYchurmLxi6euzzcjuvv++wnhK6JcNaAsO7EjHfZHWwcENZKVrDa+RB+79maUlc6a1FvBMshOemrrENBuonewJjPAJ4bdriO3E+P/ag8BebALwdTWQ8FFlPt38zh9EsXijnBAmUHqQ17+J5LjKLo//kwEfNn2nY0XPwsEYQgHtoJYyZ1Vx+2cy6KmMkJFQCd
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:SN2PR05MB2733;
X-Microsoft-Exchange-Diagnostics: 1; SN2PR05MB2733; 25:/yP177lI5BjvE/9qPzWX+8F7zW8tDHAsbRW65K5let2UiYt6b+iXyjQbXq8RR2TVUHIXruyGMbC/BYjhrsRaaDw4nwkg/GYZja4Q29TtXLveZgcdsE4J7VG/xOCur3bW+/e0SSIMawFSFKqDMWLQS1IWWX/bafohwCaZngTCV8rootFtO9xDczJi8vCRuKcYgLXg8gJkxxP2tSWyCrvEQzkl+vIUQKp/8JZNXhdV2qQdCP6FN8HLo8aQqpyluzZwJSmYn1nYnjE7eCkC3lDjJ3ylwVO9WjAn/4+ZbY3ulNxqa/dhuumFG9s1kXRIy2ay5bD/DmHxvkSHwgskj76aDqmgNgaJsYGGERSwFFGdMhrSI/uFs3/ruiZZAytjsYv3hSjeCw68+vWAQvrLhmZ3Uoz/hitNM4m0Uimval1QaV/DUYeqbZAJmlTR1ofrOk99oRvqtPZthF/LIF89OR9zkfCCvpa80TpuGHUC+7ucIGJucX5w/kSO+wNvfUqGtQyF1y9TwJXXaJ4io6bu7tYw242hGyt9C2GrURatjCgkff95pchlhDWCB6l+aZ058hztzXR2NoTnslHc8pjG30kzu17XdNoFNmF3KbvJhXXQcLMKHTEUjZ3sR2YEa5IrBpfzEOYaL34xXCl6WkG+8R3kcGqBMiBQoRyKM0GV/Gy4+nOFAh6PkIfKztJjXx94g8/L9CsjU8QwL9xm17onOR8bIzviLDPQUKVwCpDeH/js4huPhcvPPMmjRud23CMnHvKEy1qxvuwOm4Siv5nZ//7pryxFQV5+7MO6qPKcbV5lYUEQZANA5g411MVJiHDtrj0AZIqQEzR3SJMAN1meDgXpT0wnBBuyQI5riSI4neZeicpW8N+1SUtCIBJz/QGRWps9
X-Microsoft-Exchange-Diagnostics: 1; SN2PR05MB2733; 31:LGjKMQ/x2CtNTvMbxN3Q1jh5qknTo5fsoH6IuigmPMwYAyaFbrvWo9oUWKAI3cnsnWXl1obPUXH19HiD+ansruLv6ytVCKetIfqX/KmlWsJHOGnoDA1nApuxz1SqcSqrCjy6nQO3+3ui17rKElPBN7ALuojWqKwtc7CuBhx4pObZgEuCyz6OJzPtfK/RdzkfBLlhHPqockz0QMJucu1GkyhAhZbO8tzOGUpEmGF0Nw2bUr6AArrixmkiGuyTYqmgzqtPi17JlJkHpl4kIW+ssw==; 20:jEMhZaCAWRvy9ZujamM0jworOVRT1VhLKeRuOo/8r+o7eqLDAjz0sJ4WFKV8iqgxrXwynzCknWNOfthHmjHsknFDOf8B6jqKgMl9yOyjMT40o6DEzQV6OOg8l58YHCVgsnFU1iBp+rtPDECtJdhiWGIadIe/CZQ4d3EdDpKpNkYL7hLiJgI84AahDP920j+EyKPc3XMcETWl3NX3frzOTi8qHtsA3J3s6I0g8H8TFu8p79SMS9jwcEWdaGM/LEyALhuoIHMVPaH0Y1C+8+dcTTRo5Y42hlHvve+KSChmOC6emEWvDzE4Af+SDCt+W0DpkCkYvpTJUxUsabkV3ydPcgwvOsAOSgHZPYwto/GMrVNF38q3imZty1LQ6YKOaTkTRQ6dgE2Lka5sUEDFQBYBczM536fHKTy4rkhQB6S9V97fi49WKNK8zGP1mpnHdtl+b/EUIsYeZu8Rv84n2nzKE7qX+A/J/yhha+ydVc9oo+OAmVhzlVdqgOoG1AI3w5SO
X-Microsoft-Antispam-PRVS: <SN2PR05MB273385E061828360CAE23DE4BFDB0@SN2PR05MB2733.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(120809045254105)(1591387915157);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(13017025)(13023025)(8121501046)(5005006)(13024025)(13015025)(13018025)(10201501046)(3002001)(6055026); SRVR:SN2PR05MB2733; BCL:0; PCL:0; RULEID:; SRVR:SN2PR05MB2733;
X-Microsoft-Exchange-Diagnostics: 1; SN2PR05MB2733; 4:xdAS8obCeoNnlnsrKLnkO6j0QohTT07HDpPjZ/8PlcjeIItgH/hVImtLSdZdG+UnZ0cir8relz05WrVsRq5zsDIc21IikegIY7rfcMLsvKq+KeSrsHKxmXBZ23FUWl+uVfrDMoBHTntabEgwBdXdU4dAISghMAjObEHmwf1DGc+rEH7Udk5rhE7sjurXScWsjYmuTtWJnSa2vYAWx8rMgLkciomNOrOIOAWSENCi07Nlhf9pAKG92DDgIxXWGQf6T3lgMKDA7aJrv7zDW4JnX+tY2G5Glf3GtaOOdzMDdDKQAiDNVpEq3cAb7FaPtVrwMvcJkK0NYFOSaFtZXuqgjuv/t/pHIwRydci7y3hyemY0r+TFqu8P0aKiLKtgkgNTmS9q/NkDYrfVwMCVyBZAF1ag5lexKK/HPXlJYEs/pYqynuvJ7lCO2OIJpoeL1YShVIkeI1tJEgv8Cmizxbnz5PJv/Uc1Ngk3THLMMMWTMeu+DgLah31PKPkvLEAcsuwAjmKRvTum4vpJlllR/KeqzyujTv91EKt87vuHERgu3CI6yE83/nWJC7tPxJ3PWZYbq20ScyNsCO1mDTRNcNeY1w==
X-Forefront-PRVS: 0091C8F1EB
X-Microsoft-Exchange-Diagnostics: 1;SN2PR05MB2733;23:1eRHPJ0JXVtPgZxdyGomas2VGqbRq4/vLpycCviA0FVbsnOf7qlIucXkE0EH4kKzmpSxdb9H6vSc1wdP3fvICbL09C81hPKuirbzUQWMP0ilEzDe8+ykcwEecadf9O/Zn2dk2JKi/gluHc+J3l08ak6HL6FpqtgbvE5hKJfx+TyACIZT03MBfdN0xBtyZ8LKTXFLyuxloJcYUHuCuYi/XFCaF0FQ+1+ARliSVzDxYT8g2GyLJxTvPEbFcQU1HtGzS115fUcOi7MK/KhZ2RwsbwpQ+QVeL/Hk+9ChP91eZC7aS4zLyu3/AiewgcWeRiqbfcD2RMFFmcSQs4bVghE/Chb2LiivPYdiFQezxYMBzcdJw/UGQjBwoOa9gjzt4fjFdbMTadx6oydTLogPObMX5pfnSmJ+39GTHgOQm09+Ntpmkbbuee9IqIbDS4iGufxBTuqLIg632Y7Sa9QHDypesqTEd1Z5ihKfoV8ZRQJlojQhdddAP/841mhALSic2cunaIHQdeWAIy7TtcHjYkEfRSh4wFsBUAMjyd+iGFeBLQ1pe5y0wNeTi5f5wWpFhDcjKpod1iWb9dODG7bJl6KtVuozNofivBrndw5TIhct/dJoG/CUcRzt3+fbZYPGVDUV3bokWlgL0DrCCJyr/pPeGSYLHojgpdfOVxBRtKbfRwxifleZZdp5+0sfBupTzqdxnJIUQbWOgPQ9mtV4BtwVGN79QRsD8ygfq/mq8sIR3R7DUSqnj/UF6Rnv3Vwi1THlFCM+B2L/uLWxXBXBtbunMtxzTZd4ZuuzuDcAe1Je1WmDgjf+Jde64wegBC7JlvcDf+NK5WYugdIyLCnXTj7nTp9L2d2ANTrBDuwd2AIEVLCXPrEdCpPXb+0L42NcZtE4JUma2YCBhNrkem2/WJ+ZxOgYT8X1sswjjZFQv9YHCQc4beU2K+GWk3oox/+1rMUO8BrFU8TBazgwqTXMpL+gr7KLRc40AGmJ3WdDMitEU9LTeVhxLA1l0suFzQmMfkgokUpZRZI8cOFyF7M3Ez0E6yyUv621PVGh4gr42j8rbRCiD80iDnA/fN2+/hH72AgzvdFDM3+5c8caG8gg/Dri1CRCaoP+wCrbiQJ/Zf6Ntr7+Zk0RrCm26Pc7k8WWAzcO3YRkldcuMjEemipB10je6g==
X-Microsoft-Exchange-Diagnostics: 1; SN2PR05MB2733; 6:1y0OUjHyVxDFYTS1GQQrOvaUiN0u2PzChpP/hiLeB31gcEh6wdrsT4xG9bIDaW9laN6RjLYjVRSdMDJyQrGok8DicoZ72GAhPtd97IEc+c0S65tdNM3k/+A8tR1RZlnQd4bRDd+DzzJV41Z400H+R3lKB0RdYgpkQ/t69T+vXrg8LO/jEoldRQX/9kYQvVB1cwUAcXfanc5Wm3pUmLu7vkNRat5hZP6tVQs783K2s5PGp/A7InI0WsaVBdoFbjSKwCcxDjZ/tWx8Whc+zJp0avle8V6ZBVIqMaev/Pl6F4+cGQ05a1SFaLovXPjhOHoXoS+pSZQwqkMVUFAKePiVapwnrM9i9Tjt6nQa9p6YL3g=; 5:75hErDJMYNgIKb9LedhwkZtRHa40Fecl7b8VYeMmdwjgSSfeFxCEYIqvjQw/VXnCfI0InPnyQ85KZ2N4H4/Pqq0hOZnzbAYXNT+uoqP1WfH1ca+3z7+TFOkxuJJheyPRZlL2dcJxvgAkP/v0YV2NEA==; 24:LB+bAZqIHILP6Mc9CwWaRwFz/lSqogQoJ3RHO0uRFMjILQtvkI3uhIv6f3FNu1ZNUxqbli6DYhB2xEbDjR8EWyDxCKfT5xQ55GAYY1b+TJ4=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; SN2PR05MB2733; 7:6anpexy244h1Srgfnl0zU6L8HpL4qOTayxycto1ojbb+9qxXwnBx7P2NPme91ooH4Kr2wUbs12qHFhWE8HTIduCkyIpOIXA+BuWOkqA8l3wzOhfgjj6/cHbBg0NB8123U5wAwf/95/PV8Pdx268aRhRabUm/y+oiGgDHjoz4BEhMojTunZZsAhrBW9GRYdAhyaFTc732xjn4R1VcEno0TVaHt2vUxwfRF2/tldMdkNVtFHuM4Kp72Jlqgc5h4WF6CRCxaTXO1RBhQ9J/k/78PSRQMeRpE0R9vW6YmReSAX68dI1ye05AszqYQHBSbWTB0NGcuJ9ERkjUnk27dWGHaOCAem4Y48wHvK9gfhU2Nr4=
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Oct 2016 15:14:48.9510 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.18]; Helo=[p-emfe01a-sac.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN2PR05MB2733
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/fnH5emEQ5yponj-pW1PecJsb9Pk>
Cc: Security Area Advisory Group <saag@ietf.org>
Subject: Re: [saag] Possible backdoor in RFC 5114
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Oct 2016 15:14:53 -0000

Tero Kivinen <kivinen@iki.fi> writes:

> Yoav Nir writes:
> > So for the three useful groups in 5114 you didn’t need it (as 4753)
> > already existed, and you don’t need it now, as 5903 exists. I don’t
> > see anything standing in the way of moving to historic or obsoleting
> > it. 
> 
> This is true for IPsec. I am not sure if it is true for TLS, SSH and
> S/MIME.

For SSH, the IANA document URL:

  http://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml 

does not have any reference to RFC 5114.

To the best of my understanding, SSH has never really supported anything
other than safe-primes (Sophie Germain primes at that?) Diffie-Hellman
key exchange. Although it is possible to implement Lim-Lee primes with
RFC 4419, only g,p are sent over the wire. For ECDH, SSH has RFC 5656,
so once more there is no need to keep RFC 5114 for anything SSH uses.
I do not know of any other uses of ECP groups for SSH.

> RFC4753 and 5903 only covers the IKE and IKEv2 cases, RFC5114 also
> covers other protocols, and I do not know what if they use 5114 or
> not, and if the NIST ECP group references in there are to 5114 or to
> something else.
> 
> For IPsec I think we are good, because we have separate document
> specifying the mandatory to implement algorithms, and that some
> document also specifies MUST NOTs and SHOULD NOTs.

For SSH, I have an IETF draft
https://datatracker.ietf.org/doc/draft-ietf-curdle-ssh-kex-sha2/
to cover the 'SHOULD NOT' values for key exchagne.

Perhaps we need to have a similar document for TLS and S/MIME as well?

	-- Mark

v2.23.0 | Report a Bug | By Email