IETF Logo Mail Archive

Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)

denis bider <ietf-ssh3@denisbider.com> Sun, 14 February 2016 08:09 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 377D01B3A84 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sun, 14 Feb 2016 00:09:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.905
X-Spam-Level:
X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.006] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XAcm6vSHDWWZ for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sun, 14 Feb 2016 00:09:56 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9ABE11B3A7F for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Sun, 14 Feb 2016 00:09:45 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id 3DD4085EB4; Sun, 14 Feb 2016 08:09:45 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: by mail.netbsd.org (Postfix, from userid 1347) id EF80A85E1A; Sun, 14 Feb 2016 08:09:44 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 99FE085F24 for <ietf-ssh@NetBSD.org>; Fri, 12 Feb 2016 16:11:46 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id IMHOOBpJJSwd for <ietf-ssh@netbsd.org>; Fri, 12 Feb 2016 16:11:46 +0000 (UTC)
Received: from skroderider.denisbider.com (skroderider.denisbider.com [50.18.172.175]) (using TLSv1.1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id 2044584CF0 for <ietf-ssh@NetBSD.org>; Fri, 12 Feb 2016 16:11:46 +0000 (UTC)
X-Footer: ZGVuaXNiaWRlci5jb20=
Received: from localhost ([127.0.0.1]) by skroderider.denisbider.com for pgut001@cs.auckland.ac.nz; Fri, 12 Feb 2016 16:11:44 +0000
Date: Fri, 12 Feb 2016 16:11:44 +0000
Subject: Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)
X-User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0
Message-ID: <130305716-2760@skroderider.denisbider.com>
X-Priority: 3
Importance: Normal
MIME-Version: 1.0
From: denis bider <ietf-ssh3@denisbider.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, "Mark D. Baushke" <mdb@juniper.net>
Cc: ietf-ssh@NetBSD.org
Content-Type: multipart/alternative; boundary="=-5Q2tKXOtnavHJ0uGbVYE"
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list

Because we have customers opposite of what you describe. Some of ours are large institutions that come to us with a list of algorithms they deem acceptable, and it's stricter than what we implement. Some are government organizations that have to follow what NIST says. If NSA announces yesterday that the minimum secure is now SHA-384, it's not unlikely that within a few years, we'll have people coming to us, asking how to disable lesser algorithms.

With regard to NOT RECOMMENDED, that sounds to me equally as heavy as SHOULD NOT. I can't fathom that people would read "NOT RECOMMENDED", and interpret as if it said "sure, what the heck". It seems to me a stern disrecommendation.

That being said, SHOULD NOT is also in RFC 2119, and is a synonym. If you think "SHOULD NOT be used" would work better, I'm not opposed.


----- Original Message -----
From: Peter Gutmann
Sent: Friday, February 12, 2016 07:52
To: denis bider ; Mark D. Baushke
Cc: ietf-ssh@NetBSD.org
Subject: RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)

denis bider <ietf-ssh3@denisbider.com> writes:

>If we settle on SHA-256, we run the risk of having to introduce SHA-512
>versions a year or two later.

Why would we need to do that?

Peter.

v2.23.0 | Report a Bug | By Email