IETF Logo Mail Archive

Re: DH group exchange (Re: SSH key algorithm updates)

Jeffrey Hutzelman <jhutz@cmu.edu> Sat, 07 November 2015 09:29 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 059FF1B2E8A for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sat, 7 Nov 2015 01:29:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aEwAoTrk2v7g for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sat, 7 Nov 2015 01:29:54 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:4f8:3:7::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47EA31B2E95 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Sat, 7 Nov 2015 01:29:53 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id C312014A2F8; Sat, 7 Nov 2015 09:29:52 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: by mail.netbsd.org (Postfix, from userid 1347) id 671EB14A2D5; Sat, 7 Nov 2015 09:29:52 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 1C5DC14A257 for <ietf-ssh@NetBSD.org>; Sat, 7 Nov 2015 03:50:56 +0000 (UTC)
X-Virus-Scanned: amavisd-new at NetBSD.org
Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id m0y7n5ep4Tvl for <ietf-ssh@NetBSD.org>; Sat, 7 Nov 2015 03:50:55 +0000 (UTC)
Received: from smtp02.srv.cs.cmu.edu (smtp02.srv.cs.cmu.edu [128.2.217.201]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id 6F62A14A258 for <ietf-ssh@NetBSD.org>; Sat, 7 Nov 2015 03:50:53 +0000 (UTC)
Received-SPF: none (cmu.edu: No applicable sender policy available) receiver=smtp02.srv.cs.cmu.edu; identity=mailfrom; envelope-from="jhutz@cmu.edu"; helo="[192.168.202.98]"; client-ip=74.109.252.206
Received: from [192.168.202.98] (pool-74-109-252-206.pitbpa.fios.verizon.net [74.109.252.206]) (authenticated bits=0) by smtp02.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id tA73oci3021336 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Fri, 6 Nov 2015 22:50:39 -0500 (EST)
Message-ID: <1446868237.5945.12.camel@destiny.pc.cs.cmu.edu>
Subject: Re: DH group exchange (Re: SSH key algorithm updates)
From: Jeffrey Hutzelman <jhutz@cmu.edu>
To: denis bider <ietf-ssh3@denisbider.com>
Cc: jhutz@cmu.edu, Niels Möller <nisse@lysator.liu.se>, "Mark D. Baushke" <mdb@juniper.net>, ietf-ssh@NetBSD.org, stephen.farrell@cs.tcd.ie, jon@siliconcircus.com
Date: Fri, 06 Nov 2015 22:50:37 -0500
In-Reply-To: <1990286542-756@skroderider.denisbider.com>
References: <1990286542-756@skroderider.denisbider.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.10.4-0ubuntu2
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Scanned-By: mimedefang-cmuscs on 128.2.217.201
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list

On Sat, 2015-11-07 at 03:33 +0000, denis bider wrote:

> It is a fairly substantial problem that most dynamically generated
> groups aren't usable with our FIPS module.

What's broken about the groups that don't work?

v2.23.0 | Report a Bug | By Email