Re: DH group exchange (Re: SSH key algorithm updates)

nisse@lysator.liu.se (Niels Möller ) Mon, 16 November 2015 05:06 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1BAD1B2C90 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sun, 15 Nov 2015 21:06:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.185
X-Spam-Level:
X-Spam-Status: No, score=-2.185 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RP_MATCHES_RCVD=-0.585] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gjTY7wDsrTmw for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sun, 15 Nov 2015 21:06:38 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:4f8:3:7::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 941441B2C8E for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Sun, 15 Nov 2015 21:06:38 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id B984814A1C6; Mon, 16 Nov 2015 05:06:37 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: by mail.netbsd.org (Postfix, from userid 1347) id 61CFC14A1BD; Mon, 16 Nov 2015 05:06:36 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id D198014A207 for <ietf-ssh@NetBSD.org>; Sun, 15 Nov 2015 07:16:27 +0000 (UTC)
X-Virus-Scanned: amavisd-new at NetBSD.org
Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id wWRr8HNoryGA for <ietf-ssh@NetBSD.org>; Sun, 15 Nov 2015 07:16:27 +0000 (UTC)
Received: from mail.lysator.liu.se (mail.lysator.liu.se [130.236.254.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id 0271814A201 for <ietf-ssh@NetBSD.org>; Sun, 15 Nov 2015 07:16:25 +0000 (UTC)
Received: from mail.lysator.liu.se (localhost [127.0.0.1]) by mail.lysator.liu.se (Postfix) with ESMTP id 4012B4007B; Sun, 15 Nov 2015 08:16:23 +0100 (CET)
Received: from armitage.lysator.liu.se (armitage.lysator.liu.se [IPv6:2001:6b0:17:f0a0::83]) by mail.lysator.liu.se (Postfix) with SMTP id 1367E40079; Sun, 15 Nov 2015 08:16:19 +0100 (CET)
Received: by armitage.lysator.liu.se (sSMTP sendmail emulation); Sun, 15 Nov 2015 08:16:19 +0100
From: nisse@lysator.liu.se
To: "Mark D. Baushke" <mdb@juniper.net>
Cc: Damien Miller <djm@mindrot.org>, Peter Gutmann <pgut001@cs.auckland.ac.nz>, denis bider <ietf-ssh3@denisbider.com>, Jeffrey Hutzelman <jhutz@cmu.edu>, "ietf-ssh@NetBSD.org" <ietf-ssh@NetBSD.org>, "stephen.farrell@cs.tcd.ie" <stephen.farrell@cs.tcd.ie>, "jon@siliconcircus.com" <jon@siliconcircus.com>
Subject: Re: DH group exchange (Re: SSH key algorithm updates)
References: <9A043F3CF02CD34C8E74AC1594475C73F4B5993D@uxcn10-5.UoA.auckland.ac.nz> <2096379125-720@skroderider.denisbider.com> <9A043F3CF02CD34C8E74AC1594475C73F4B599ED@uxcn10-5.UoA.auckland.ac.nz> <55190.1447001241@eng-mail01.juniper.net> <9A043F3CF02CD34C8E74AC1594475C73F4B5A9BC@uxcn10-5.UoA.auckland.ac.nz> <nnziyn2ft7.fsf@armitage.lysator.liu.se> <65113.1447107876@eng-mail01.juniper.net> <nn37we320r.fsf@armitage.lysator.liu.se> <alpine.BSO.2.20.1511101829460.8324@natsu.mindrot.org> <90378.1447145301@eng-mail01.juniper.net> <nnbnb11utb.fsf@armitage.lysator.liu.se> <41119.1447226323@eng-mail01.juniper.net> <nnfv0az4dl.fsf@armitage.lysator.liu.se> <67048.1447534953@eng-mail01.juniper.net>
Date: Sun, 15 Nov 2015 08:16:19 +0100
In-Reply-To: <67048.1447534953@eng-mail01.juniper.net> (Mark D. Baushke's message of "Sat, 14 Nov 2015 13:02:33 -0800")
Message-ID: <nnpozbybp8.fsf@armitage.lysator.liu.se>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Virus-Scanned: ClamAV using ClamSMTP
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list

"Mark D. Baushke" <mdb@juniper.net> writes:

> For now, does it seem reasonable to add RFC 3526 group15 & group16 to
> the protocol?
>
>   diffie-hellman-group15-sha256 (3072-bit MODP group ~130 bits of security)
>   diffie-hellman-group16-sha256 (4096-bit MODP group ~150 bits of security)

I think it makes sense. It's good to have some specified algorithms with
security a bit beyond what's currently used, to make it easy to move
if/when needed attacks on the current algorithms emerge. 

Next question is what status they should have. I think it makes sense to
have group15 as RECOMMENDED.

(By the same argument, I think it makes sense to specify some
alternative to sha256 too, which I guess would be either sha512 or
sha3-384 (sha384 makes litte sense to me, since it's essentially a
truncated sha512, with same performance and shorter output)).

Regards,
/Niels

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.