IETF Logo Mail Archive

Re: [secdir] draft-ietf-curdle-ssh-modp-dh-sha2 SECDIR review

"Mark D. Baushke" <mdb@juniper.net> Wed, 06 September 2017 17:51 UTC

Return-Path: <mdb@juniper.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEED0132705; Wed, 6 Sep 2017 10:51:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.801
X-Spam-Level:
X-Spam-Status: No, score=-4.801 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fwj7kCRB1eGX; Wed, 6 Sep 2017 10:51:50 -0700 (PDT)
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0131.outbound.protection.outlook.com [104.47.41.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA69A132494; Wed, 6 Sep 2017 10:51:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=w2P2fqsPiDT5oeB2vMieM5khv/avr5QcbaeDGyvE2hY=; b=RqBUdS/aeeGFoP4mdGI09VF9XNoP/uqG1z74FDaWYj2EvTOkIzzx8abJmCeQU2EUlVHD/JikN+oyJpoLPlTYGfZWp7gVcK623CvCZb4xmPFC3srCvzxPEgcErFQTDVVYfnpRjvyNC4LyxBPbKVdi5rVx+aNQRlJwjI7noM9FWvk=
Received: from SN4PR0501CA0025.namprd05.prod.outlook.com (10.167.112.38) by CY1PR0501MB1225.namprd05.prod.outlook.com (10.160.145.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.35.3; Wed, 6 Sep 2017 17:51:47 +0000
Received: from BY2NAM05FT057.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e52::204) by SN4PR0501CA0025.outlook.office365.com (2603:10b6:803:40::38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.35.3 via Frontend Transport; Wed, 6 Sep 2017 17:51:47 +0000
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender)
Received: from p-emfe01a-sac.jnpr.net (66.129.239.12) by BY2NAM05FT057.mail.protection.outlook.com (10.152.100.194) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256) id 15.1.1385.11 via Frontend Transport; Wed, 6 Sep 2017 17:51:46 +0000
Received: from p-mailhub01.juniper.net (10.160.2.17) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Wed, 6 Sep 2017 10:51:21 -0700
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id v86HpKnb000459; Wed, 6 Sep 2017 10:51:20 -0700 (envelope-from mdb@juniper.net)
Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id EF4431144E; Wed, 6 Sep 2017 10:51:19 -0700 (PDT)
To: Donald Eastlake <d3e3e3@gmail.com>
CC: "iesg@ietf.org" <iesg@ietf.org>, draft-ietf-curdle-ssh-modp-dh-sha2@ietf.org, "secdir@ietf.org" <secdir@ietf.org>
In-Reply-To: <CAF4+nEEmMSWzuK050Pf2ytCF0hwpHJwDfENStFaYDe+Z_4bVkQ@mail.gmail.com>
References: <CAF4+nEEmMSWzuK050Pf2ytCF0hwpHJwDfENStFaYDe+Z_4bVkQ@mail.gmail.com>
Comments: In-reply-to: Donald Eastlake <d3e3e3@gmail.com> message dated "Thu, 24 Aug 2017 18:26:13 -0400."
From: "Mark D. Baushke" <mdb@juniper.net>
Date: Wed, 06 Sep 2017 10:51:19 -0700
Message-ID: <21748.1504720279@eng-mail01.juniper.net>
Sender: mdb@juniper.net
MIME-Version: 1.0
Content-Type: text/plain
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:66.129.239.12; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(39860400002)(2980300002)(199003)(189002)(48376002)(2906002)(50466002)(4326008)(2810700001)(7846003)(106466001)(105596002)(626005)(6392003)(8936002)(97736004)(1411001)(8676002)(76506005)(53416004)(478600001)(47776003)(81156014)(68736007)(189998001)(81166006)(86362001)(53936002)(117636001)(2950100002)(229853002)(77096006)(6266002)(97876018)(230783001)(7126002)(6246003)(69596002)(39060400002)(7696004)(5660300001)(6916009)(54906002)(55016002)(356003)(305945005)(54356999)(50986999)(5003940100001)(110136004)(4743002)(76176999)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR0501MB1225; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; BY2NAM05FT057; 1:bgcs1KasJ4nXF3vN2m8a3WGgXOdj6OtZSrFMMfrG/oer3b1r7IK794asaU32maPOGBfi6CYRb0XKXjXZjTK/hQ6bQ2rfrXLuJWMOXNuPdnBQCatfBCRHJ6hutvy3Ceq4
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 9c027aa0-edc6-4f4b-a403-08d4f54ff192
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(300000502095)(300135100095)(22001)(2017030254152)(300000503095)(300135400095)(2017052603199)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:CY1PR0501MB1225;
X-Microsoft-Exchange-Diagnostics: 1; CY1PR0501MB1225; 3:aEKFwATBdrCFx4lYURey8ERQC+HvBrALwSm5K/uS7pAN/9hcVkW0V64fmW4PMvLy5vUHz5zVskPGiY9svuLRxQ/KPWmQ63wuTEhXm5D0Y+rOs4TorWbCsMaiILpxSwD5tSY9WCUzxHd7U6JOG4NLI2o9NzN4TLFsAqh4+vyEEmSm8ptB67B06oPBNctUFnbT+QC33jJ/wciQeGDe5DHUtO1JrZkD6FbNQbDnYlqTm8bMNH1XIG2R8ykgazPp3vfkOXSA7U/Z8UdQqOW7etiHc053J/JFE2E8/Jry/tnAdjfAh1iqSMlX7Et7RS5YUTK6YzWmA0DtVxWz8DpQZVHEDjrxLjPdwdvKyCKASJNyJ/E=; 25:mgHYdruzfMilPxBLE9cyn4c27ke6uINH1vLmCaaNVmH2xqkNGBdgu0A8WWYH9Tyw18OTHnnq1Bcl/J7cn8d8Lf7r0Rd6bVrfd1t22ygrjsSOScz72eatvnrllp5mw4ln4SdwzBsaRuBjKebrghAaVLP6URfzCQkTv5OUHnPYrIK99m5y9U90mWRhgWa2qqDlgPsWQDarzV/xlq8pAuh0LkUx/hb8lQp251AZgrjJhorgqtcn6gNSyp1DYK9FW5ZjzgRX5+O4cZ3Mt90rUTEKNklyjWRJILPU/Bkl/tkjr6SBfPBIEib/b0K9NArGCHHr1AZAWKNbUZ0BzFwRPpaxDQ==
X-MS-TrafficTypeDiagnostic: CY1PR0501MB1225:
X-Microsoft-Exchange-Diagnostics: 1; CY1PR0501MB1225; 31:nSxFb1hmHVMBrhjqhLO2GH3rllpJFPz4GNWs2AGVqpEXJ/iOrQe7NDTqBPDbJF7rAaKDM+/R81pfFysHhEgScEmoON6+QxygtqWCzVwP+drrHmSIGm4Nhf5ew1mvEaXL3CZVnpxXuibOeGs1I3RzmMrx5rA1T9Vq5fJHtakSENvbbgOD27YQLyYaMQEZ0AkZZohrzw06E4T3ih2Vb3ruzYmW9O9mXrhbSOjRxcCj9VQ=; 20:qkA7bkXf1cszn5fppQODxeGXeAVpzEv3QFpC/pfUcLuoE+DbCiSuijWfIy+NFzmLYjMIeRF371IFCcg7DGevtfzGc3duGM/QPssmPboJCFkh9w6N35JzvDV1wAiw/UnDrLzAtTgZ/bzC1mDZtpI08HpNFrwL95HcgCuzs6RnGJPmeu/jXLei6GZ8LsQjRHGrORxKqFtum9rQOb+KmjFz+wR5H6qX+Clp/v04DDqH3kULlM97TnYhkuJOPGuRjGJQsburovyUCGP0RMTvnb2ZFUtDjrkl8Rqp3lZt1Fj2bwVLM5NLAvzSY7AJqR3prIB5KJaLIy3hQ+t3IolVngdne17PaGin0DYdsG3YoAXIppcPWKitjLmzs96lOhEkR8P9Lfe0pdgtQo2raTlKcQKUjDna82YC7vtkakpTHqb5ooo74t4B9TZ5eWHcrYIvM14V+GZ64p4rEKLCuGTMvKZeMbBBlK61QZPhvI9197mq4n/gRuRFjGCQkDwgjZ9DKhzW
X-Exchange-Antispam-Report-Test: UriScan:(192374486261705);
X-Microsoft-Antispam-PRVS: <CY1PR0501MB1225773D2C7CB5EFA5FCB612BF970@CY1PR0501MB1225.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(100000703101)(100105400095)(93006095)(93003095)(10201501046)(3002001)(6055026)(6041248)(20161123560025)(20161123562025)(20161123564025)(20161123558100)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY1PR0501MB1225; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY1PR0501MB1225;
X-Microsoft-Exchange-Diagnostics: 1; CY1PR0501MB1225; 4:KkgPNp061AGrki/3q+173hRq3nIH3MSzaJHuoK3xPLhLxG4VI9smOBI2jyjIHgC3A1S2q2S2xoiSv/8dkw+zn7JEpNgvSdH8UfppbIEQ2MF8fII7VdBLkmaqHZZxYaSYUCLnf9EstnojryvIeZgGe8hsyT9g9N4ZwT7Wd9STZoRvt19lxnUnL5yAK3UexTCDf/dnuFZ+k1ZKtRJ1eF52pzB4I3DPsPk1o4n1uSvWxQ/Zi/WreemQJfSa0Osls/dePVrTvPgedNzeBLVErKLMPFAuwp3FYfIJNis2YyJScHc=
X-Forefront-PRVS: 0422860ED4
X-Microsoft-Exchange-Diagnostics: 1; CY1PR0501MB1225; 23:CSh4PrV+b68V/knMzJGOln/eXotoBdjOeUb+nA/1mp3c820XsODWSbnCBYNJryCdzqSSOYFFzNBT7dcfJpwX6pHEmmB7hxN/FFLTL3diziRy6gi7s/jMT3hxnG1p0zafLN9Dmw7+oBPP4Wsl9iv76zAfCgSdPjiYBnJQHG6SF0p0XKvrJ+GMgLVpqqZi1dXCV02idoGlG42uGNSn1Lq8lAXhN+KlWs3NzRcs9hAQcEjm3saWGb8W767hOu+gZZNnMnvpzLMFdWA4dp5Bich4IAVGyzDNb0uPub0RNBv3pc8cBNgFZV1xZoqH+3eYDkMdvYjdMRL93xcYL3Em4jYEBFfwrfTguGK7bLwO11qNZqumqZwO6ruzf+f+bSfbVS4CSA44IopgUsWPzMxmgke9IuWLWhJtajro+JOmnn8BP6hIqxgwCoOlxMXyMnNq0Kl3YHr/v0bu91ZVbFsLkm2BRNoQm5Qt2hBNmh+wTDwJDD69/DSbg12b6vsdLNXScYebDhr08gVobNyYmuFhRFObnScHygScBx1m+IM20de4brKVEnx9yp5LGk5CQzXTledkXaRgc7iQnMcY5OQ6yjN+RZ0t6ClpCCO13QInhUO1vIWtw6e9QqnFm2j0Q2xW34HZxBsK51Yx9793gE39i8g2Ob/7WMgej1eOiF0kh37BBkycg8D8B7Or3CYFOSe20ZSYER08wCUeQ85VsRaYvgbl7ZUoYAC7NfXvBpImBpqva98k6GU/ok6cbK382GX2s1zDNmCGScrlFLz1JXE8I8WxlV16arcyZJVudV6ZBMZ2109qxh2VVtYQapSjKOiE/XEP0myxWB7fPzuoeiNfoA/ISfIGEPCzfuZxcHWLaJXy/efDNIq/J6wcsc0RmiCzsFoVdPirdfTxyAlUhh2MDGynvFAU5eeEJNVIWo9xYvreQ6H003/eGq2Vf2GeX/TKIWV9aCOpEyWOxMIHjrDjf3w9lvfipcOD/lGVtit+XnCOIXa3Ar2SXmVfPJM78hOXygpIZu+bJOoT0sUYaq43t1Aohy100n3GQvktl+GKdi7VYY1mfjy/J6ZNTlsV8lcXmaLVQ2aXPqh9QeFBQ7eNCfwTatsyGwwbepjr5j91exxy3VfVfUr49IUtxd7zdqQGaLWMMFjGPrTHIlBoivz2nMs1bcfvgEKNWIc6c2aOHVYptooIsnRae6x9r6JPvazQ/gNKRfIpK1WLxmOdbSPPrV2x2pPSf9g5MBepm/puRCjfoVgtiY0jlTb666D4Dj5cndmo
X-Microsoft-Exchange-Diagnostics: 1; CY1PR0501MB1225; 6:PP7tWJD6tYtu2aZN9xFTJMoPcCCC0NyGIKxVFJ7qCz/huaPRmoHyqdsbgkYTWEVQmi4/wq+W2yFVkXwg05VjfutOPqNKKQDk7KXff/bjQ91d1i1gQG+BfZFdoMV9ajl3EIXBBvzYX7OziDWXSat9MShW3ca7iGh4Ur0yiHqbSxpRTOMbfyAvF+BeT3fsKhTlSIW0GnmEAro6WbJ8DBPb9xFNHYf4Keg/hqPuG5rdUNudX8sXF6LEe5z8CHiU6ILfmOnOJlsE0TtXljpHhyzxwBVQNjcFstVfDdULBLJbSgxpnri+uNUXfqRWimqqbrxO5RXjfn6zMvAGBN3oZZlP+Q==; 5:ZW3fHpEqGEmXR4oJPibdsh+JPtQClTulG2rOY4fSx3m+yNI/A/U7PGiCGi22o9Mi+rCnLOpyiWvBxi4x/XaK6HlI8LR1+X5kT5JJn80tYfkgWCrofZhX13M4bpEHzwKnoMWXMiufoHQ0iLzMH4u8TQ==; 24:OQmdsti8eJKQEsUM9VVetDZR8KeHiTr9ueOObduFr4v5fvNEkTM2SScGkOwf+9t9tyETFG87KZhkLc6FmMKYAUPWsEW3JBu0liTItSLfQI4=; 7:FuYuEbLtEKU3ny3KCSPAjdkxl7WwevCOhC8dsSa2fALVzGpOEP/Cssh3FQ6Mc3+3QJxIwLKkqjNlo0anYkJwLCXaVyXiHYl92woTVN1gkinmFT8uGpD3xjiLq+QOm8WPTd5ifSLBJ809pdQJr96GrTbNc/mrfkeg3KCxG1YT46eFCgdiHOt8vzE9yEQ7ixa0cUqs0otZ6Ak3bl7YVsGwIzI/Gb6QQYu3xKrEQzOCTlI=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Sep 2017 17:51:46.7879 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[p-emfe01a-sac.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0501MB1225
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/i993G9jdu4luJAJYw0ABtVaJC88>
Subject: Re: [secdir] draft-ietf-curdle-ssh-modp-dh-sha2 SECDIR review
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Sep 2017 17:51:52 -0000

Hi Donald,

Donald Eastlake <d3e3e3@gmail.com> writes:

> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  Document editors and WG chairs should treat these comments just
> like any other last call comments.
> 
> The summary of the review is Ready.
> 
> I am not an expert on MODP groups or the like but this document looks
> good to me.
> 
> I would comment that I am used to information about where comments on
> the draft should be sent being on the title page rather than on page 3
> at the end of Section 1.

My appologies for the use of a non-standard section for the note.
I will try to do better in future documents.

As it is in a 

       [TO BE REMOVED: Please send comments on this draft to curdle@ietf.org.]

paragraph, I do not plan to revise the document to address this concern.

	-- Mark

v2.23.0 | Report a Bug | By Email