Re: deaft-gree-sedsh-ecc-08: small correction
Damien Miller <djm@mindrot.org> Fri, 13 August 2010 06:49 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@core3.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3532F3A6892 for <ietfarch-secsh-tyoxbijeg7-archive@core3.amsl.com>; Thu, 12 Aug 2010 23:49:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VmMfSlR3pmI9 for <ietfarch-secsh-tyoxbijeg7-archive@core3.amsl.com>; Thu, 12 Aug 2010 23:49:03 -0700 (PDT)
Received: from mollari.NetBSD.org (mollari.NetBSD.org [IPv6:2001:4f8:3:7:230:48ff:fed3:af12]) by core3.amsl.com (Postfix) with ESMTP id A42EB3A681B for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Thu, 12 Aug 2010 23:49:01 -0700 (PDT)
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mail.NetBSD.org", Issuer "Postmaster NetBSD.org" (verified OK)) by mollari.NetBSD.org (Postfix) with ESMTPS id 5561C709CB for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Fri, 13 Aug 2010 06:49:38 +0000 (UTC)
Received: by mail.netbsd.org (Postfix, from userid 0) id 439F563B101; Fri, 13 Aug 2010 06:49:23 +0000 (UTC)
Delivered-To: ietf-ssh@NetBSD.org
Received: from natsu.mindrot.org (natsu.mindrot.org [116.66.166.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mail.netbsd.org (Postfix) with ESMTPS id E26A863B100 for <ietf-ssh@NetBSD.org>; Fri, 13 Aug 2010 06:49:21 +0000 (UTC)
Received: by natsu.mindrot.org (Postfix, from userid 506) id 8B1AEC4C11; Fri, 13 Aug 2010 15:29:52 +1000 (EST)
Received: from fuyu.mindrot.org (fuyu.mindrot.org [203.217.30.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "fuyu.mindrot.org", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by natsu.mindrot.org (Postfix) with ESMTPS id 49361C4AC3; Fri, 13 Aug 2010 15:29:47 +1000 (EST)
Received: by fuyu.mindrot.org (Postfix, from userid 1000) id C913A3F7F0; Fri, 13 Aug 2010 15:29:46 +1000 (EST)
Received: from localhost (localhost [127.0.0.1]) by fuyu.mindrot.org (Postfix) with ESMTP id C0CEF3F7C2; Fri, 13 Aug 2010 15:29:46 +1000 (EST)
Date: Fri, 13 Aug 2010 15:29:46 +1000
From: Damien Miller <djm@mindrot.org>
To: "Igoe, Kevin M." <kmigoe@nsa.gov>, Douglas Stebila <douglas@stebila.ca>
cc: ietf-ssh@NetBSD.org
Subject: Re: deaft-gree-sedsh-ecc-08: small correction
In-Reply-To: <80F9AC969A517A4DA0DE3E7CF74CC1BB034955@MSIS-GH1-UEA06.corp.nsa.gov>
Message-ID: <alpine.BSO.2.00.1008131523540.29473@fuyu.mindrot.org>
References: <80F9AC969A517A4DA0DE3E7CF74CC1BB034955@MSIS-GH1-UEA06.corp.nsa.gov>
User-Agent: Alpine 2.00 (BSO 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
On Tue, 16 Jun 2009, Igoe, Kevin M. wrote: > In the Introduction to draft-green-secsh-ecc-08 we find > > In the interest of adding Suite B algorithms to SSH this document > adds three ECC Suite B algorithms to the Secure Shell arsenal: > Elliptic Curve Menezes-Qu-Vanstone (ECMQV), Elliptic Curve Diffie- > Hellman (ECDH), and Elliptic Curve Digital Signature Algorithm > (ECDSA), as well as utilizing the SHA2 family of secure hash > algorithms. > Slight error here: ECMQV is no longer part of Suite B. For sake of > correctness, I'd suggest something like the following: > > In the interest of adding Suite B algorithms to SSH this document > adds two ECC Suite B algorithms to the Secure Shell arsenal: > Elliptic Curve Diffie-Hellman (ECDH), and Elliptic Curve Digital > Signature Algorithm (ECDSA), as well as utilizing the SHA2 family > of secure hash algorithms. Additonally, support is provided for > Elliptic Curve Menezes-Qu-Vanstone (ECMQV). Why not drop ECMQV from the draft entirely? AFAIK it is patented, which is enough to stop us (OpenSSH) from implementing it. I think new KEX methods need a very good justification, since they represent a significant part of the pre-auth attack surface. Also on the -08 draft, shouldn't the client and server in ECDH reject public keys from the peer that are points at infinity? Are there other degenerate values to worry about? -d
- deaft-gree-sedsh-ecc-08: small correction Igoe, Kevin M.
- Re: deaft-gree-sedsh-ecc-08: small correction Douglas Stebila
- Re: deaft-gree-sedsh-ecc-08: small correction Damien Miller
- Re: deaft-gree-sedsh-ecc-08: small correction Damien Miller
- RE: deaft-gree-sedsh-ecc-08: small correction Igoe, Kevin M.
- RE: deaft-gree-sedsh-ecc-08: small correction Igoe, Kevin M.
- RE: deaft-gree-sedsh-ecc-08: small correction Igoe, Kevin M.
- RE: deaft-gree-sedsh-ecc-08: small correction Peter Gutmann
- RE: deaft-gree-sedsh-ecc-08: small correction Damien Miller
- RE: deaft-gree-sedsh-ecc-08: small correction Damien Miller
- RE: deaft-gree-sedsh-ecc-08: small correction Peter Gutmann
- Re: deaft-gree-sedsh-ecc-08: small correction Damien Miller
- Re: deaft-gree-sedsh-ecc-08: small correction Peter Gutmann
- Re: deaft-gree-sedsh-ecc-08: small correction Jeffrey Hutzelman
- Re: deaft-gree-sedsh-ecc-08: small correction Nicolas Williams
- Re: deaft-gree-sedsh-ecc-08: small correction Peter Gutmann