IETF Logo Mail Archive

Re: DH group exchange (Re: SSH key algorithm updates)

"Mark D. Baushke" <mdb@juniper.net> Sun, 15 November 2015 07:48 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF8021A8AE7 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sat, 14 Nov 2015 23:48:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.61
X-Spam-Level:
X-Spam-Status: No, score=-1.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WA5zdCslJ4CI for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sat, 14 Nov 2015 23:48:55 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:4f8:3:7::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD5C61A8AE5 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Sat, 14 Nov 2015 23:48:55 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id 535A214A209; Sun, 15 Nov 2015 07:48:51 +0000 (UTC)
Delivered-To: ietf-ssh@NetBSD.org
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 066A214A207 for <ietf-ssh@NetBSD.org>; Sun, 15 Nov 2015 07:48:44 +0000 (UTC)
X-Virus-Scanned: amavisd-new at NetBSD.org
Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id ElWqYtTqsRpK for <ietf-ssh@NetBSD.org>; Sun, 15 Nov 2015 07:48:43 +0000 (UTC)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0795.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:795]) by mail.netbsd.org (Postfix) with ESMTP id BD06514A201 for <ietf-ssh@NetBSD.org>; Sun, 15 Nov 2015 07:48:42 +0000 (UTC)
Received: from CO2PR05CA018.namprd05.prod.outlook.com (10.141.241.146) by DM2PR0501MB1391.namprd05.prod.outlook.com (10.161.224.13) with Microsoft SMTP Server (TLS) id 15.1.325.17; Sun, 15 Nov 2015 07:48:38 +0000
Received: from BL2FFO11OLC012.protection.gbl (2a01:111:f400:7c09::124) by CO2PR05CA018.outlook.office365.com (2a01:111:e400:1429::18) with Microsoft SMTP Server (TLS) id 15.1.325.17 via Frontend Transport; Sun, 15 Nov 2015 07:48:38 +0000
Authentication-Results: spf=softfail (sender IP is 66.129.239.17) smtp.mailfrom=juniper.net; cs.tcd.ie; dkim=none (message not signed) header.d=none;cs.tcd.ie; dmarc=none action=none header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.17 as permitted sender)
Received: from p-emfe01a-sac.jnpr.net (66.129.239.17) by BL2FFO11OLC012.mail.protection.outlook.com (10.173.160.159) with Microsoft SMTP Server (TLS) id 15.1.325.5 via Frontend Transport; Sun, 15 Nov 2015 07:48:37 +0000
Received: from magenta.juniper.net (172.17.27.123) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Sat, 14 Nov 2015 23:48:36 -0800
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by magenta.juniper.net (8.11.3/8.11.3) with ESMTP id tAF7mYD78225; Sat, 14 Nov 2015 23:48:34 -0800 (PST) (envelope-from mdb@juniper.net)
Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id F3CDA1149E; Sat, 14 Nov 2015 23:48:33 -0800 (PST)
To: Niels Möller <nisse@lysator.liu.se>
CC: Damien Miller <djm@mindrot.org>, Peter Gutmann <pgut001@cs.auckland.ac.nz>, denis bider <ietf-ssh3@denisbider.com>, Jeffrey Hutzelman <jhutz@cmu.edu>, "ietf-ssh@NetBSD.org" <ietf-ssh@NetBSD.org>, "stephen.farrell@cs.tcd.ie" <stephen.farrell@cs.tcd.ie>, "jon@siliconcircus.com" <jon@siliconcircus.com>
Subject: Re: DH group exchange (Re: SSH key algorithm updates)
In-Reply-To: <nnpozbybp8.fsf@armitage.lysator.liu.se>
References: <9A043F3CF02CD34C8E74AC1594475C73F4B5993D@uxcn10-5.UoA.auckland.ac.nz> <2096379125-720@skroderider.denisbider.com> <9A043F3CF02CD34C8E74AC1594475C73F4B599ED@uxcn10-5.UoA.auckland.ac.nz> <55190.1447001241@eng-mail01.juniper.net> <9A043F3CF02CD34C8E74AC1594475C73F4B5A9BC@uxcn10-5.UoA.auckland.ac.nz> <nnziyn2ft7.fsf@armitage.lysator.liu.se> <65113.1447107876@eng-mail01.juniper.net> <nn37we320r.fsf@armitage.lysator.liu.se> <alpine.BSO.2.20.1511101829460.8324@natsu.mindrot.org> <90378.1447145301@eng-mail01.juniper.net> <nnbnb11utb.fsf@armitage.lysator.liu.se> <41119.1447226323@eng-mail01.juniper.net> <nnfv0az4dl.fsf@armitage.lysator.liu.se> <67048.1447534953@eng-mail01.juniper.net> <nnpozbybp8.fsf@armitage.lysator.liu.se>
Comments: In-reply-to: Niels Möller <nisse@lysator.liu.se> message dated "Sun, 15 Nov 2015 08:16:19 +0100."
From: "Mark D. Baushke" <mdb@juniper.net>
Date: Sat, 14 Nov 2015 23:48:33 -0800
Message-ID: <26466.1447573713@eng-mail01.juniper.net>
MIME-Version: 1.0
Content-Type: text/plain
X-EOPAttributedMessage: 0
X-Microsoft-Exchange-Diagnostics: 1; BL2FFO11OLC012; 1:jXonINxUoOHWxXEg4+UteZTLz0aoy6/oEWsMz4ejko+r/S8MOr4jNQT4jOUozYS/ySTBCX6BGa+BBn42Ei+ZA8hBoUZymjL/Ib/4pISjDCx+oE0F0e/0Vv5+ir8Xl+M9HhRYpMCzCznhl5kL9Pb9JVxG7G/QQZ8TGFB3nspCJojNoHVn1KUvoiYElpPjZbcEs4Nuq5nMSpn6twIT8U4iyKpU8g5t039QVxHApm+iPISrmmTFEZpfPGM2vd1/+VnWUZcnifkBwCV700wp35xnvgheYoUqX2C4nt72qLqTwtxNdpfuno/zF8fr1vTewPYUe1r0trPz7T6VD4k2Rkd5NL9xlvLckiab3bUCNiI0W4Aa3cw/csjrHZaCZlfdoiGbrEWjW1Ctsqr019UXeS20xQ==
X-Forefront-Antispam-Report: CIP:66.129.239.17; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(2980300002)(199003)(189002)(106466001)(93886004)(50986999)(53416004)(105596002)(54356999)(2950100001)(76176999)(77096005)(117636001)(76506005)(19580395003)(5007970100001)(11100500001)(48376002)(5003600100002)(97736004)(189998001)(81156007)(5001920100001)(87936001)(92566002)(86362001)(50466002)(19580405001)(5001960100002)(110136002)(69596002)(6806005)(5003940100001)(47776003)(586003)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0501MB1391; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0501MB1391; 2:SFWnUuDyWmrURndjuYuP1CV4g5N7jet5mEtlFaaCe7CbcGGeGompJi8NNY+FzvrpFJShNFcQBMfgoUlqFATtY42z4tuutzdTNIFi7fs/PfrY2DyU44sz7KkHynMcuN1IGb2VaBp4O84jpQkmQHshanhqLwsdsUh+cdHrJtXt6uY=; 3:+lljEwufoEtbfNQejHThoOP7DDySohbjKKZ2D/FKC5N2FKf2DCtDr2jdrJ56TK7ZWlKFt5lTNlbmxbyTMatC50KHx7i2GABgLQrpn/JE2n/2dqWjpttL3GCXeOD2D1Bc0/RKl0eZ8Xw4aqP/Z7VZ2Dgy7UcYX8Lx6fi9IYJcukiuqEHH/0hMOGeh/OnP9Jf9SGD+9WkuL6Kp0ifMYvXvvEH0cXWlTO/IXk+3xK6p8SE=; 25:WfRZMGaU7bRWlylO66c3yE8noauaVOYywHqnBeI0kkKiWC0/bGxtwMRm2f8OGmZ7IHn12lI/yKTOs4+vqumQQxbxSQzq8os/zf6SqO8FwqAUIeRoRPVJ8UCfn4IY8J2BOrYuFP6Dj1uDYTeaWaIiWl0vKglmLQ6I6sqeqUmR2JznPAigtL1U8hKW41bDw8EuexiRYpVSjAX0jnEPg+tUstk4aCJ8dNV6dks8DTsyY80TNc/49c2alsUeYcYjazAtK4EeUcG7kTpHLuGLX8nMEw==
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DM2PR0501MB1391;
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0501MB1391; 20:mU2OjaI0kB3QhiTywAyDzGv4VrtVVlz1XwqOj/rAgI70ULpAdsuPtNRfp5RGBUfDLEMkLzZLd0WT1sMrN61jBKlzZy5e6abGOcuhOdvGw93Mm8LORoEP5AW8kMBewOxecaVjV4TIISs0Htkhj3hYN3md1cw0+4wac8Mv5G2RipCJMcujdxn9WZD5+SH0tulqgdzV/SEHl5xaeXCMmpdpy+y/s+ALICPtlon1oxPT018Zdap3M/oIzukSzs9HrvtnWhpNjXcGgsRC+eDSqar0B7eybeKszi4inwuIzjfp0FAmS/KQOSagPEnpwYJYKBxrsF0jFRHAflo6CX6DcvXROCxsUE0bc+pFrw/35ZtD+BRRSPKOAVfD338mWg0F+IETMtRBZEq3WnAyfys1FHnijds5NdkgVmdZy3+L+BHK7tjAkaIta3khch8XbwS7lUjmeroRajCeL7hxH9gMZvha0p0YrbmgZKneeu9G/RHzAOR1LjadmMyKQZGEVU6Wk+ds; 4:wW5knE89HrJSfM3WUwu9IkE4fQCSYMmKD75EMljHj3K9hohQ/zn7i1qPpafbtl9jpu8ibSq57nN5PLFH04EuJfUfGHNMPZyaRyZOUyTevUEpFBtNpcg7N6s0MPnrT+Rxm/Ea7VFGqMV7fl0/n9N9AIVV6CyCzHwd+5y9JbJCuJ3N3cXsnckcQftJoi3CXJUndnOGrx11lnWmuCmzhzZ9xOqZ4BhyBZ65PfNzqIy9CNhbRzd9hPyXgR2y/5VBmqyVaP65GFao/DFBqvffLJIvrIIbL45tN5840FFn8lMGDSdTc7NaAij+fn25zq10IpmwMa2RtM4eFo7ZQNRpL/k96J3LX+TvMzB7zA/8G/Xg/f/cV9d52yU9fxD1O+5JC10u
X-Microsoft-Antispam-PRVS: <DM2PR0501MB1391BF7307182E15841E3292BF1F0@DM2PR0501MB1391.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(138986009662008);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(520078)(3002001)(10201501046); SRVR:DM2PR0501MB1391; BCL:0; PCL:0; RULEID:; SRVR:DM2PR0501MB1391;
X-Forefront-PRVS: 0761DE1EDD
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0501MB1391; 23:qJCO/q1E6Sd6CC9u16WyjaV1atYjE2jTKpAvCff173aUiFTB+C8kETnKgdWH/nf2iZCQkwk9Dr3n0jI2DRo8xPSwU9wi3u5NsR19Jk5BF5c+mZ3fRsuQkrLvm8D5QbLC/LK6Cc7OqF/phoQIoFZKdxQDFkAWiDKkLLVYTznO7X7EI0zRSakkFxEfQtCYwsCttAvue+D4qWgjMRbG0eGLUBeaQLh8N6a+Ydpc7uxqKa295Hm8Ij5xHkWnkV92VzdjyCSv3uQdvE2zEu4KF7fhtt6X4MxdwVrT5hKwZX66SSFUQrzxAxE29opQ/eXAjuzoskTwr5BeDthUWGmZ3Nj9QIY/ZxQQvc8FZBPG+KSzSZdEQuFNA+56nvzk4Mcd6abnGX11rZ8BtvcyL9rIP9y2YahLRD+mizeiacZoYcbplTMhaUcV67FJrc0Pl5ArH6khb22tXBzyyF04CTLqQp1Bor0HHi4zeBLeibODLPCPHAgiLLhtJshHGiO2XRIhG1LtlYKnUpyNB8z+f2fYmdlnKOPKlXEivm1CjQ8vVIoI6LuG0onXdNFkgDTZP2nrhMbJr2VCNADbLa/Q3FgQ+nT6dZS9yIj1ZxYPklYvUR4SiT4HK4CfkVp0LZOeAgIwD3FJApk4IFGObYRZcBiLnKdkCj0Ty0zXnWqxMb35dUesvRKq9P370x9gbrLah5O0sVGaLxWZRdxay7U5hmn4zkw8TPOWk8qKXORhegBfQCdH4R5FuMDDLJXycCjf0cLHy3XxxV5KG3B5aDzLvZDlDk1HYZEJi0X2x//GkX/dVToMOq4EGnd0PM9aiTby0vD2MZItsAamJ/3gjU2my/lgkvw/Cqzuj9KdRnS+voDamGxWtTDxWEvN0itFZw3JipNHPxl4uYqEl1zmeY4btRsX/noAZ3NO29m4G1ICvSyKGxDM5Mtff8l2jXCdKDHICtZFttgdCxjcEBmif1q0uRiy3ysG0ew4VIAXCqL1UFB0jg6kLcsNb/OwLgaV55I//c+pJh48ZSePlYFSih6vQv4VOaBrAA==
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0501MB1391; 5:KjGQwA8PvXw8uDe90JeGDxD7to/qEocsit3CpwxOSR52yljLkmIZfrrY2nCE6fvxsTJYQgEafs3Ex58RFMW7FCgjKKga7mlG9yTpmudDa2DfwzOsKx47dYQazQ1Yyq8fz77sxQBwkwfWyoXKmfPrzQ==; 24:M7vrKMNar7sFKMnbJ1dGH091UVWabeZpoWkUJDcEX8Jcl2sg23eeAkVZHJid/RLDSuNFfSU4PxT5YiwN2TtVVHzrZQ28a/W+mqUvS0tNkXU=; 20:npqOO41WK5gpFdQ5TTkz1KYbAtd2S2iQ2WOchICjLYct/0pRzlCOnvhGcNAkKLIhb9mlJ5ObJiME8JOSyruiMg==
SpamDiagnosticOutput: 1:23
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Nov 2015 07:48:37.6004 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.17]; Helo=[p-emfe01a-sac.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0501MB1391
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list

Niels =?utf-8?Q?M=C3=B6ller?= <nisse@lysator.liu.se> writes:

> "Mark D. Baushke" <mdb@juniper.net> writes:
> 
> > For now, does it seem reasonable to add RFC 3526 group15 & group16 to
> > the protocol?
> >
> >   diffie-hellman-group15-sha256 (3072-bit MODP group ~130 bits of securit=
> y)
> >   diffie-hellman-group16-sha256 (4096-bit MODP group ~150 bits of securit=
> y)
> 
> I think it makes sense. It's good to have some specified algorithms
> with security a bit beyond what's currently used, to make it easy to
> move if/when needed attacks on the current algorithms emerge.

Agreed.

> Next question is what status they should have. I think it makes sense to
> have group15 as RECOMMENDED.

I agree with this suggestion.

> (By the same argument, I think it makes sense to specify some
> alternative to sha256 too, which I guess would be either sha512 or
> sha3-384 (sha384 makes litte sense to me, since it's essentially a
> truncated sha512, with same performance and shorter output)).

Given your point about sha2-384, I think there are three possibilities
that remain:

  sha2-512
  sha3-256
  sha3-512

There are aguments both in favor and against each of the alternatives.

fwiw: I have no idea if the SSH community is ready to consider the use
of sha3 (FIPS PUB 202 style) at this time, but it is more likely to
be a challenge to the attacks on diffie-hellman I heard of to date.

	-- Mark

v2.23.0 | Report a Bug | By Email