IETF Logo Mail Archive

Re: [saag] SSH & Ntruprime

Christian Huitema <huitema@huitema.net> Tue, 16 April 2024 20:53 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDA65C14F707 for <saag@ietfa.amsl.com>; Tue, 16 Apr 2024 13:53:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RHCAD-xLrJkc for <saag@ietfa.amsl.com>; Tue, 16 Apr 2024 13:53:14 -0700 (PDT)
Received: from se04.mfg.siteprotect.com (se04.mfg.siteprotect.com [64.26.60.167]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3EE6C14F5EE for <saag@ietf.org>; Tue, 16 Apr 2024 13:53:14 -0700 (PDT)
Received: from smtpauth01.mfg.siteprotect.com ([64.26.60.150]) by se04.mfg.siteprotect.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1rwpnk-00DIT0-R6 for saag@ietf.org; Tue, 16 Apr 2024 16:53:13 -0400
Received: from [10.32.61.238] (unknown [192.0.32.236]) (Authenticated sender: huitema@huitema.net) by smtpauth01.mfg.siteprotect.com (Postfix) with ESMTPSA id 4VJx8838ddz163NqM for <saag@ietf.org>; Tue, 16 Apr 2024 16:53:12 -0400 (EDT)
Message-ID: <9c274d83-23b8-4c6a-a1b6-6bf7660ffe0f@huitema.net>
Date: Tue, 16 Apr 2024 13:53:11 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: saag@ietf.org
References: <20240416182212.179605.qmail@cr.yp.to>
Content-Language: en-US
From: Christian Huitema <huitema@huitema.net>
Autocrypt: addr=huitema@huitema.net; keydata= xjMEXtavGxYJKwYBBAHaRw8BAQdA1ou9A5MHTP9N3jfsWzlDZ+jPnQkusmc7sfLmWVz1RmvN J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PsKWBBMWCAA+FiEEw3G4 Nwi4QEpAAXUUELAmqKBYtJQFAl7WrxsCGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgEC F4AACgkQELAmqKBYtJQbMwD/ebj/qnSbthC/5kD5DxZ/Ip0CGJw5QBz/+fJp3R8iAlsBAMjK r2tmyWyJz0CUkVG24WaR5EAJDvgwDv8h22U6QVkAzjgEXtavGxIKKwYBBAGXVQEFAQEHQJoM 6MUAIqpoqdCIiACiEynZf7nlJg2Eu0pXIhbUGONdAwEIB8J+BBgWCAAmFiEEw3G4Nwi4QEpA AXUUELAmqKBYtJQFAl7WrxsCGwwFCQlmAYAACgkQELAmqKBYtJRm2wD7BzeK5gEXSmBcBf0j BYdSaJcXNzx4yPLbP4GnUMAyl2cBAJzcsR4RkwO4dCRqM9CHpVJCwHtbUDJaa55//E0kp+gH
In-Reply-To: <20240416182212.179605.qmail@cr.yp.to>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Authentication-Results: mfg.siteprotect.com; auth=pass smtp.auth=huitema@huitema.net
X-Originating-IP: 64.26.60.150
X-SpamExperts-Domain: mfg.outbound
X-SpamExperts-Username: 64.26.60.150/31
Authentication-Results: mfg.siteprotect.com; auth=pass smtp.auth=64.26.60.150/31@mfg.outbound
X-SpamExperts-Outgoing-Class: ham
X-SpamExperts-Outgoing-Evidence: Combined (0.13)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT/HvbfYlJVrPHDq1xpmSkNwPUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5yWiPbS8Ro+eA58J1YtqZ1vKj/EwzSHE5FGYwwjsNRPCBvu Jjj3FfmaTPZf0c1qYFHmD6wdmZPcItWbGe10hXJtXL4FsauCVkDjmcYJdU3yWp7KuHNaaKdg7iBE ZefdsNUFWKwa/wzJUjmazeC7ImcaN0SLEGcpkTI+iD6hd1GTghQ6V51u76v35b1wNe/MvdJht3Zw sZGZYHdpTeyqUXujeBIFAjLLyM86CtnWN4P3m03FrKlNunbw3GCGM2ilT85qqPgohIhFInkx+MTw 5q6dkTJhh/tOaUjeIRypcrgDrUKEcxAcIwRZNf0cSHBI/j8xKX6Z6/Qz1w7TE/bz3YPRvZkkFd+V 6gVrU+3pTnsIEruzeQVSa0/ZpGo0y/wp4NMvhAXLR4H+Kw/zd724csQF4dM8j+vMkhFuGi1fREQK LihN0S8XYuX5DbM52MHctO0A5OZ1iIiHLYXU2qLZCGq02Wq2InZGQXRwgp4DivepysN6jYX/nXkL yQnRCh0nB+uYUazmWajDqA7NT8Js52zSASJFC/49WOPBr5nlEUI4xI6Ld1ZMmIDr9jcFmWxYdPyC d5iXYJuZDVz9Fg6INCqeNcdE7gavto7QU1Nv2dn26DH5j2CFj6+706T0XkZqBQDQE00a8Fpr9nDs sqWATLjELPdeC2osMQ2uc367tvJ8uqBlkBL2blkAqDWoat5k50U5LeFt5cHop9hd+sqg3A9QUe4C riTs+ob0zmJ3PuOhHj0NIBmZeGVdnzUV2e2uIRpmsREvUNPtavWzXYeaZWrZHHASJNUmoOHSoqgq xfHmWcWNqD/adyNiT8AYeygFhNx2KrOPJsrOJ757NJJ57tLdvNRChAIgei5bdpiB8QeseINKrdD5 Yp7RgwCs1BD5z9z1xEX1mGbvxNGPtnFv0mVW1p6kA78rrfR4c9KIaEsbbcrXhq01lqWJldJRrUuJ LDcW8QKCG4hZodU6uOugh5+wPnCNh7SP65jcQKYR2ruTCxp8h97+SueKd/e090Gqnl8=
X-Report-Abuse-To: spam@se02.mfg.siteprotect.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/w07jVPy6B1LiVo_LYDJc8E8FI-I>
Subject: Re: [saag] SSH & Ntruprime
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Apr 2024 20:53:16 -0000


On 4/16/2024 11:22 AM, D. J. Bernstein wrote:
> Note the words "such as encryption technologies" above. I wouldn't say
> that crypto patents were the_only_  driver of the BCP 79 text, but I
> have no idea how anyone could imagine that they're out of scope, or how
> anyone could argue that excluding them would be a good idea.

If I remember correctly, the RSA patents were indeed a key driver of 
this discussion. That's why TLS 1.0 (RFC 2246, January 1999) said:

    In the absence of an application profile standard specifying
    otherwise, a TLS compliant application MUST implement the cipher
    suite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA.

... instead of requiring RSA. So, yes, I think that Dan is right.

-- Christian Huitema

v2.23.0 | Report a Bug | By Email