RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)
Peter Gutmann <pgut001@cs.auckland.ac.nz> Fri, 29 January 2016 06:57 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 197A31A00FE for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Thu, 28 Jan 2016 22:57:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.601
X-Spam-Level:
X-Spam-Status: No, score=-1.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MIME_8BIT_HEADER=0.3, RP_MATCHES_RCVD=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gHtLWqiB742G for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Thu, 28 Jan 2016 22:57:34 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:470:a085:999::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3363C1A00F4 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Thu, 28 Jan 2016 22:57:34 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id B959F85ED1; Fri, 29 Jan 2016 06:57:33 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: by mail.netbsd.org (Postfix, from userid 1347) id 63EAC85E7C; Fri, 29 Jan 2016 06:57:33 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id BD0A085EAB for <ietf-ssh@netbsd.org>; Fri, 29 Jan 2016 04:27:52 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id bXlhKF2fNJYI for <ietf-ssh@netbsd.org>; Fri, 29 Jan 2016 04:27:52 +0000 (UTC)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id 92BE385E7C for <ietf-ssh@netbsd.org>; Fri, 29 Jan 2016 04:27:48 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1454041671; x=1485577671; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=bLWkPnSLuWfZWJDxxQho/NOyg/CEjJRw22qgocRG96c=; b=L5rmGXsCKLX1CbdKlSkEQYTZhup6ClIP1hLI5TQ43E+Lk31Gf6Apr0eK dMF/41kx5JuI5jBgPsGlA+kjBfSOng8VcEEmuV347WaRLwX02M+te5Vqr rtU13b5o7TkGPY4YGLKGCPU9dVN8p99MHHOz2PYIxvsW8IXBOS/dzv351 uoAnfibA4qD071LXIIdKzobZVd5Izq/BaCSov5CWr5nVEMa/mvFm9IBtM gRmZVGDRh/NZUtKAAPvCFjON5ttLvX9Lmld3ngfXO3qROLIp4xWamudSa pTvnYb++P1ZvDuAPIo5aC6G/Old2JmSjH3QiUMI9VF8QfLQ99rnzbanuv Q==;
X-IronPort-AV: E=Sophos;i="5.22,361,1449486000"; d="scan'208";a="65360360"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.171 - Outgoing - Outgoing
Received: from exchangemx.uoa.auckland.ac.nz (HELO uxchange10-fe4.UoA.auckland.ac.nz) ([130.216.4.171]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 29 Jan 2016 17:27:44 +1300
Received: from UXCN10-5.UoA.auckland.ac.nz ([169.254.5.153]) by uxchange10-fe4.UoA.auckland.ac.nz ([169.254.109.63]) with mapi id 14.03.0266.001; Fri, 29 Jan 2016 17:27:44 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "Mark D. Baushke" <mdb@juniper.net>, "ietf-ssh@NetBSD.org" <ietf-ssh@NetBSD.org>, Niels Möller <nisse@lysator.liu.se>, Damien Miller <djm@mindrot.org>, denis bider <ietf-ssh3@denisbider.com>, Jeffrey Hutzelman <jhutz@cmu.edu>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Jon Bright <jon@siliconcircus.com>, Simon Tatham <anakin@pobox.com>
Subject: RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)
Thread-Topic: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)
Thread-Index: AQHRWSboSa1qbfis1UGVrrajOS+IKp8R6C5c
Date: Fri, 29 Jan 2016 04:27:43 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4BDB868@uxcn10-5.UoA.auckland.ac.nz>
References: <95389.1452676866@eng-mail01.juniper.net>, <96437.1453915164@eng-mail01.juniper.net>
In-Reply-To: <96437.1453915164@eng-mail01.juniper.net>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
mdb@juniper.net <mdb@juniper.net> writes: >I just noticed that the Information Assurance Directorate at the NSA has a >new article on 'CNSA Suite and Quantum Computing FAQ' ... their URL is > >https://www.iad.gov/iad/library/ia-guidance/ia-solutions-for-classified/algorithm-guidance/cnsa-suite-and-quantum-computing-faq.cfm My response to this, on the CFRG list, was: >On the QC stuff. Of course we have to start looking at that now. But I think >we need to look at the problem on two separate tracks: > >1) Find a public key algorithm that resists QC using Shorr's algorithm. >2) Find a mechanism that makes symmetric key feasible in place of public. You forgot step 0: 0) Figure out whether any of this stuff is actually necessary This is just a bunch of random numbers pulled out of thin air, just as Suite B was in its day, and CCEP was before that. There's no empirical argument supporting any of this, just a huge what-if. For all we know the entire document could have come about from a barroom bet, "Well Bill, you had them chasing the Suite B white elephant, Dave got them really good with Dual-EC, now it's my turn to see how high I can make them jump. And best of all, TAO will love me for it because they'll have to throw out most of their already- deployed, partially-patched-up infrastructure and start again, leading to lots of new exploitable mistakes and errors". If you're worried about QC, why aren't you worried about TWINKLE/TWIRL, which is at least as feasible, if not more so, than QC, and has been around much longer? If the NSA wants to put forward a new white elephant to supplant Suite B and the rest, hand them a can of paint and point them at the nearest zoo. In the meantime I'll stick with addressing problems that are actual problems, there's more than enough of those to go round. Peter.
- draft-baushke-ssh-dh-group-sha2-01 (was Re: DH gr… Mark D. Baushke
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Stephen Farrell
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… IWAMOTO Kouichi
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Damien Miller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Niels Möller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
- RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
- RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Niels Möller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Damien Miller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Damien Miller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Damien Miller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Niels Möller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Niels Möller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Damien Miller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Simon Josefsson