Re: New version of rsa-sha2-512 draft posted: no more DSA
denis bider <ietf-ssh3@denisbider.com> Sat, 07 November 2015 09:31 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 380611B2E95 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sat, 7 Nov 2015 01:31:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4ANb-yL_0VEA for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sat, 7 Nov 2015 01:31:06 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:4f8:3:7::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FE221B2E5D for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Sat, 7 Nov 2015 01:31:06 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id DADB614A201; Sat, 7 Nov 2015 09:31:05 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: by mail.netbsd.org (Postfix, from userid 1347) id 6E2AB14A1CD; Sat, 7 Nov 2015 09:31:05 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id A755414A1E9 for <ietf-ssh@netbsd.org>; Sat, 7 Nov 2015 02:22:20 +0000 (UTC)
X-Virus-Scanned: amavisd-new at NetBSD.org
Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id O9ZqOuUp1mGF for <ietf-ssh@netbsd.org>; Sat, 7 Nov 2015 02:22:20 +0000 (UTC)
Received: from skroderider.denisbider.com (skroderider.denisbider.com [50.18.172.175]) (using TLSv1.1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id E31BA14A1E7 for <ietf-ssh@netbsd.org>; Sat, 7 Nov 2015 02:22:19 +0000 (UTC)
X-Footer: ZGVuaXNiaWRlci5jb20=
Received: from localhost ([127.0.0.1]) by skroderider.denisbider.com for pgut001@cs.auckland.ac.nz; Sat, 7 Nov 2015 02:22:14 +0000
Date: Sat, 07 Nov 2015 02:22:14 +0000
Subject: Re: New version of rsa-sha2-512 draft posted: no more DSA
X-User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0
Message-ID: <1985908046-756@skroderider.denisbider.com>
X-Priority: 3
Importance: Normal
MIME-Version: 1.0
From: denis bider <ietf-ssh3@denisbider.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: ietf-ssh@netbsd.org
Content-Type: multipart/alternative; boundary="=-zSk8JTppaAJBkxs3hRU8"
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
Apologies for my ignorance about the embedded situation. That's interesting to know. I was wondering how much SSH there is on embedded devices. I'm glad to hear you have that covered. :-) I understand SHA-2 512 won't fit into P-256. It does fit into RSA, though, and I was figuring it would not be a problem for applications to support both hash types. No problem if it's impractical, though. I appreciate the information! I'll prepare new stuff hopefully tomorrow. ----- Original Message ----- From: Peter Gutmann Sent: Friday, November 6, 2015 18:51 To: denis bider Cc: ietf-ssh@netbsd.org Subject: RE: New version of rsa-sha2-512 draft posted: no more DSA denis bider <ietf-ssh3@denisbider.com> writes: >From my perspective, SHA-2 512 seems like the clear winner in the RSA >situation, due to 64-bit CPUs being destined for ubiquity (already ubiquitous >on desktops, a few years away on mobile), ... and decades away on embedded. Most of my users are running SSH on embedded platforms, for which the presence of 64-bit is close to zero, and no plan to move to that. I probably have more SSH running on 16-bit embedded than 64-bit embedded. >why not have a larger hash output at no additional cost (it's embedded in the >signature, anyway). Not if you're using P-256 rather than RSA. Only SHA-256 will work with P-256 which (again from the Mozilla discussion) is the most widely-used parameter set, with P-521 (needed for -512) being barely used: lots of products can (and, it seems, are planning to, or already are) omitting support for P-521. (Comment from https://mozillians.org/en-US/u/briansmith/) (You can truncate -512 to make it work with P-256, but I wouldn't want to take any bets on how well-supported that will be in practice). >However, if there are platforms where availability is a problem, then okay, >let's have both versions. I'll update the draft to re-add rsa-sha2-256, and >make that recommended, and -512 optional. Thanks! Peter.
- New version of rsa-sha2-512 draft posted: no more… denis bider
- RE: New version of rsa-sha2-512 draft posted: no … Peter Gutmann
- RE: New version of rsa-sha2-512 draft posted: no … Peter Gutmann
- RE: New version of rsa-sha2-512 draft posted: no … Peter Gutmann
- Re: New version of rsa-sha2-512 draft posted: no … denis bider
- Re: New version of rsa-sha2-512 draft posted: no … denis bider
- Re: New version of rsa-sha2-512 draft posted: no … Niels Möller
- Re: New version of rsa-sha2-512 draft posted: no … Niels Möller
- RE: New version of rsa-sha2-512 draft posted: no … Damien Miller
- RE: New version of rsa-sha2-512 draft posted: no … Peter Gutmann
- RE: New version of rsa-sha2-512 draft posted: no … Damien Miller
- RE: New version of rsa-sha2-512 draft posted: no … Peter Gutmann