IETF Logo Mail Archive

draft-ietf-curdle-ssh-modp-dh-sha2 & draft-ietf-curdle-ssh-kex-sha2

"Mark D. Baushke" <mdb@juniper.net> Tue, 13 September 2016 00:58 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54B0C12B04A for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Mon, 12 Sep 2016 17:58:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.708
X-Spam-Level:
X-Spam-Status: No, score=-5.708 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.508, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=junipernetworks.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xT9zjSEnkEA6 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Mon, 12 Sep 2016 17:58:04 -0700 (PDT)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:470:a085:999::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A38C12B03F for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Mon, 12 Sep 2016 17:58:04 -0700 (PDT)
Received: by mail.netbsd.org (Postfix, from userid 605) id AFB3285ED2; Tue, 13 Sep 2016 00:58:02 +0000 (UTC)
Delivered-To: ietf-ssh@NetBSD.org
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id D440685EB0 for <ietf-ssh@NetBSD.org>; Tue, 13 Sep 2016 00:57:58 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (1024-bit key) header.d=junipernetworks.onmicrosoft.com
Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id SXn0G-TK9a1T for <ietf-ssh@netbsd.org>; Tue, 13 Sep 2016 00:57:58 +0000 (UTC)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0723.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe48::723]) by mail.netbsd.org (Postfix) with ESMTP id E7E8F84CED for <ietf-ssh@NetBSD.org>; Tue, 13 Sep 2016 00:57:56 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=junipernetworks.onmicrosoft.com; s=selector1-juniper-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=B1xAwguZUkXKsuIJbSN5HmhOrDmRufgt8vEnjXfDxKA=; b=fqPbM49lOU+jD8jTcr0mkdFcq0DUKuqfk0KKmoszHJuHpUftT0u5mRwi+NYEZKosDpTt2Z5PGPRWVzh7KJkM7NqjPf7USyviUvcbFZyLGRa2myonq51wTyaj3AgFjnfMgsNYLNLrjkY8MqwhRe8JMqSykPRomN3bPjkTajqQ+ks=
Received: from SN1PR0501CA0033.namprd05.prod.outlook.com (10.163.126.171) by SN2PR0501MB991.namprd05.prod.outlook.com (10.160.17.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.609.3; Mon, 12 Sep 2016 04:09:15 +0000
Received: from BY2FFO11FD005.protection.gbl (2a01:111:f400:7c0c::134) by SN1PR0501CA0033.outlook.office365.com (2a01:111:e400:52fe::43) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.629.6 via Frontend Transport; Mon, 12 Sep 2016 04:09:15 +0000
Authentication-Results: spf=softfail (sender IP is 66.129.239.18) smtp.mailfrom=juniper.net; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.18 as permitted sender)
Received: from p-emfe01a-sac.jnpr.net (66.129.239.18) by BY2FFO11FD005.mail.protection.outlook.com (10.1.14.126) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.619.6 via Frontend Transport; Mon, 12 Sep 2016 04:09:15 +0000
Received: from p-mailhub01.juniper.net (10.160.2.17) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Sun, 11 Sep 2016 21:09:15 -0700
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id u8C49ETu009706; Sun, 11 Sep 2016 21:09:14 -0700 (envelope-from mdb@juniper.net)
Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id F405C1141B; Sun, 11 Sep 2016 21:09:12 -0700 (PDT)
To: Curdle <curdle@ietf.org>
CC: IETF SSH <ietf-ssh@NetBSD.org>
From: "Mark D. Baushke" <mdb@juniper.net>
Subject: draft-ietf-curdle-ssh-modp-dh-sha2 & draft-ietf-curdle-ssh-kex-sha2
Date: Sun, 11 Sep 2016 21:09:12 -0700
Message-ID: <41049.1473653352@eng-mail01.juniper.net>
MIME-Version: 1.0
Content-Type: text/plain
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:66.129.239.18; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(7916002)(2980300002)(199003)(189002)(9170700003)(626004)(8936002)(86362001)(19580395003)(15975445007)(586003)(92566002)(54356999)(7126002)(77096005)(50466002)(50986999)(230783001)(81166006)(5660300001)(356003)(2906002)(106466001)(7696004)(2810700001)(4326007)(76506005)(117636001)(229853001)(48376002)(305945005)(189998001)(5003940100001)(47776003)(11100500001)(53416004)(87936001)(105596002)(4001520100001)(110136002)(8676002)(5001760100003)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:SN2PR0501MB991; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; A:1; MX:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; BY2FFO11FD005; 1:+KoJT0Of18VtveoNQXAYaPnrB6j+Zt7kFM1nPN23ZmI02SNlDHKMoI/9j95MOR6hpbXpN7pdqbBRNEyLFuQn95CppQEWMfnOo1KQuHyul2vbQR4PNObTXeScz5auzpzrefkKQ/KeYxUsoIg/5uts2hXWZB9iuSXk1pflZDXeqJSr0cQwfO1QcVPI+PHVlEhJoZEuC+RONOozV+ysUuztb9nnifZhTH19viGZ5FmXP46I9kByzI2Z30KBiJ2hvNbb1BKR+qkiGyX0LmdNOxyMEoQG65eT7FZ1W/CsEkMZlWoFxEWypcGaY3tNUq6iv1KIPbuWCaXbihXMy4ypmSr+9w+RWdwF42XJw5sc6CqmzzfUG9e5UFG3SllMyJCcs0aBGjbKmyh2/SFM3Y/nQ+NV7uoOlz4F+VNGs2b5auNq7N0h7YlrjOdDsldl9J9WenfS8J28Zt7sNUmao3jSfZJu2fCLAQsjTCfgxC3GMfuCh1B76bxb1rSGt/lSQAybGY5gTJLbPu3egbc0NqxG/aZwBS6kIGvfYL3HKzy8GLgd5+s=
X-MS-Office365-Filtering-Correlation-Id: 70968944-9e68-4965-ad2e-08d3dac28f8f
X-Microsoft-Exchange-Diagnostics: 1; SN2PR0501MB991; 2:ABjRQdT59axHFFaOQX/aqfH3+7XS7Oin22vl8i76WgCLLPiJCJq+xzgHGCSmkOk/rc9mvhBG+PmPmzlV0rPtgF9oE5QzzNGKFVqxCx4b/zanl04VbMtw7GnxYxDzHD0Dx7M9e8KX4KlpguIXupaNW66g1ulBbXzDfpGfyjgJzLW6kVrsfU2HAyUDjfWJR6DT; 3:EJOseA2EctiBkGOGlPSyMi+A6xVJU2VUjjpiWWAw+WX1kIFRpbBmTdQL+teTvlSoci9iPXXN+0CyIk/PywJtGzNKdppNhsf4dx9y73IOYBQ3ZusOeMWiX6Y4uBhSasKAlQAwLQKIo153QoTvMlfOLZsaU8ZOi4QxPnHJLQciADj04I/5lTgVY7gT6d9hU5xM6VSzcwMFT+GNXSewGTeJoAZWIMVdsdR9UQFPriCM/zk=
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:SN2PR0501MB991;
X-Microsoft-Exchange-Diagnostics: 1; SN2PR0501MB991; 25:7HeRZ+AkO67r1bHzu8JG6Wkkg+6sug6omsnjKc/jNN6C9yMB4kKQtAXx6SnQs2sEQnONc6mZV0ED2UNGH/SD0kywiW0HyalVsJ6SIV0VZZ7LAeDP/d4P8pHJXWOz7dP3Mhz7ArNnRPkPqx7nNhqUWfu1SpL13Z2Sj/ZhiOETQhg4AuGACQmRuXezOhhBue+p6SK8YrKv6ZQeNUk5OxzN4MvoQswJCIMkHrdy0uAoEn2CH0haK0judbSg2JrkjNFNozAB9/ImTcDFChqfsx+AE0rFXoAJK6NeqYXdK/hNwjYVbIMIyrkMYvrfglWR8QS7EovJDGgfgUumx+h2Bo8qbd0X6tBlS2PnchHk1ifESBoCSKYkyyYZNf8sQDUdD9pbGkiVKewaMhfU5UkspLoAX+1lfKxon3umG8cwEWIN/uJ5U5efeanumJvDqKrQ2p3XbB4O3OjMzFqmPvWY+T9NFH8PFBcUAjgpg34JojuxsOWMHIDL6RGe++K6aJWqS9YnQJ8CGK0lMyZhCc7DLASUT+HtxWQ1g5EGpgGkuefgfRoGsDq5ltJEB7zEanPJmr6ppaiarApu2CKpL9+Z8040IiixQrpxIFK+i/lNt2oc7dI4Y9aNTGCTfIpGzk+nYO6yuBJ/X5BN0qjBMj31cRfgQE+uVOWtTyyHtJsnGxrMfOZMJkjaki98gHKfznwvxhW4Pt8IQnmzlwTparZR1LIrM6QPLYl2F+EwB3ln5Kq3UhlkEXlES37STIoYwxt69rhISNhnBA8d46erKDghRecIxPj8rFrNgiWQBmh7vA4ajJzzXEgkYDORdf+j8IgHJu7qPK1BY5FKpzj/CMkrT1MvWPPvvByPB4Zs617jZg+sjxk=
X-Microsoft-Exchange-Diagnostics: 1; SN2PR0501MB991; 31:BqSiZgZzJNgOFUUei4GiKMivqn++vQy4F45cwvVr/Mzb1c/Vt+T0FmBVuM+cvgxZrr+0uyai50wSW3KmkIUc8U4yEVIe2CAQQutF+jT6Bt8fnGluu9uWUUJGepU5mgVqKl9gPhzG3gE9tKWIu/Lcc/PtGN4PdcChpHcuf6pTqeyoeN04sCLEGj8z+ETgn2xqjDvF+CRXVAquT0MdTwkyDX1JJyHV8lOS71cAlKgtpmw=; 20:3JupKz19ez6h2OYHv+PoQd2iPAfk3kD1R8+dxG9cHIyOnBCaFvqT2vdItlA+ZkWglDzZlr9OzhQg61BEwa0M+ZYYxzk0DissRBpsOqPhdUtCK/Ualdy+VCANZo7eV30fP3IAe359v3lvt24Z1eSkp1FMXwFeeN/W2ufVR1o+PEXlNtA6MIZmg38fveoAaRSVVWW9+0l82X1jc1gpSU5A3sioLx8XfnaweXhMQymDGBB4tXqpA4p7vIBlbyoCl8DUtSdotRpesjx3PocPlNcy2VhbDVASFO2RY04AetMaVcEJbZBQY5jSSd18ZWGIQYIw0Ru0JgdiN4ukeEEMxD3XtERVn7GX8rz28JXDyhgdJCMtsCwrFhRzJtwYwp84PWfn4fz2U8PoZYhF6Ejjgzqttil8w//+Aa9mbd/AqT3a83V3ADrw/oh1LJuphwO3Rbns8HQY9axAO67bosfv2salyTGljwdx5VQu4Jsym0vDckdmu2HqnRv0GMnCJgk6OOCR
X-Microsoft-Antispam-PRVS: <SN2PR0501MB991B7A2347BF07B02692930BFFF0@SN2PR0501MB991.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(13015025)(13017025)(13023025)(13024025)(13018025)(5005006)(8121501046)(3002001)(10201501046)(6055026); SRVR:SN2PR0501MB991; BCL:0; PCL:0; RULEID:; SRVR:SN2PR0501MB991;
X-Microsoft-Exchange-Diagnostics: 1; SN2PR0501MB991; 4:fiWVjpRw5GtQHipdtS+p8a0xjbMn27u9yrTC1g6OppJQIoS6DxYr65eipXThUef6fY+km1PzQoQCZoOD/jlztz15HeKtDsUUzfOGR2gEXXlfpie80BVOoM9PjpwmqMkLk/3wO5mOVRE5Cm2EUIl06JKr8erHo3QMwg3xbzIwCCBv6Bb83L1aBKgMjf+KsCspM6apTY0LWIif9Snd9rqtO2Ce+4HYz1YwU3TO3PG8Ale/7mX/6l9+ekQxMNUzfkXGOQr601RzjTSEeSiPI8Bhv8AVrDsizrSu6aaWbVBK2QsBckg0eeKJJ+O9DJkyVxPtz0u0CSVzSLuYPDuq4ZFLoRgeC1PLvVPkfEaTq8YGgEgenUFX90F0IGBsMOdv6eQ0OJzPXePxKIiTBTuh9vPCBPQk1iFs3XRNgzXXouqCYqlq/QFdVqrv8JhLdKfjkNaJ0ecehJNkpZBFNaF4F1YYoVy8ziv8ZmsEQAbEb0LbF8E/IVwr4upLhXYVWjyLd3Vn
X-Forefront-PRVS: 006339698F
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN2PR0501MB991; 23:uzqEZ/8eSdCzOc/7uaEPj2/y+/13sCGZ7rTzkZII?= =?us-ascii?Q?frHbv08ez/u4vb9ywihFDOqr6BGTULDB6IKd1AF/v+iUazvCv+QDAqqQz8jx?= =?us-ascii?Q?w5MYdcljm3GiM7WdPyuMvTZvbpYidM2xU6Q2OdhdC1hL4QvsxtBPD0SlAYIX?= =?us-ascii?Q?Yg7+J4wMzuzudXN23Sy/95RffNuOBJhw+/B+Je8S1BYNH1mR7CEbheT43gDq?= =?us-ascii?Q?mFGNV2JFQnAedRG2piAHCss5Vo+JmBsPJDuuIo07V1YFANt3gJ7u2gGyaUco?= =?us-ascii?Q?Z7xMbF1SZHBjsaJ0PjpSHYHIoezxhQ27EDSfw0YqFo2mHCorTA8B11BDRY8L?= =?us-ascii?Q?apzL3t1DH0Eh408f3iD5CeDHlDBx4nk6friPzJ8vs9552NPURRX2bXvX2kHD?= =?us-ascii?Q?ftc3PMyUOMdQObxGfmlZKdpF6sxIwS6rxyOD6zr0L+VtYw0stGpqQ68wJ0nf?= =?us-ascii?Q?3s9+wl21+NqVee3qZ6hsm8WAlp7QDGET9byryt7q2GE1j/XEMlMe3sQYrdPh?= =?us-ascii?Q?pHEVSmVnD1Vn0Ibjq0VoU01WjGPpntbocVhdFkgReDn4NTldCXcPpyxbBK2Q?= =?us-ascii?Q?hbDgpGvkI135dRfdlzorB0OFlGMLl41K/UtEc367ar1smAlIO6Z9ZCYJLMFj?= =?us-ascii?Q?VOeEUpuw1h/Fu7sOjT0QmmfgS7NDcrmU4vGCT65WaqDqwVI6+q9kAZyQajiw?= =?us-ascii?Q?KV9sYtrWQ2CuToPQcToydNbSv3HqFZ5ETLyPJrDtkt2nd0Y72RMQaGW+9H0q?= =?us-ascii?Q?TD/eEcUPPpsn0VQvHcP+a6mI9A+1JY4/KZzAzchB06e00+Pyk7GQ+MxRBqRk?= =?us-ascii?Q?syW707no9j6Fe8jP6UYL3c3X+/mJt7hhBtK7He1IvghYajmZhwbLF2f1633k?= =?us-ascii?Q?QLjSb7izn/nND0CRo9jXT4DmqRI8AwyFa+0URH6lOrdbJIueBI2tAhlQfmUL?= =?us-ascii?Q?M6JSMmMbSJFI2e/d076fBWXp+AsvujEOIIElmF301KwrJo+yuMCkAWDSODsj?= =?us-ascii?Q?Zf/dqyWXGXYjYnkIiTzLcuKij1W0cYF0pqnXWhbHxcxRHMXMWqLu+2ZtpRr/?= =?us-ascii?Q?gdnSjtachyLjCooQO5U9+pCB0XYlAsQRbm4R3BFL08df9pAW+Q=3D=3D?=
X-Microsoft-Exchange-Diagnostics: 1; SN2PR0501MB991; 6:NloFtWRHpIvVoGtOmlyVlXfr+Ct1sLNbG1PGiskOUpBT/zxeFZuoZISh09TsBNHKxn78mYrLo0Ogmvd860iUpVk5qZxgfL6TGDsNVyXIO8RSIjatIN/3Ly5CJMzyz7MJthMK64lU2aRBj8tyI/el69tp8H0h10Gbbr+9F+7AK8xGkS31620WHx1Wq7byOVIaM6Nk52IQf9Wkhv+ozEgj99GodJLX/0Q4gFSQ98tByoaROX0ClTHjtON5xW0pNgugawqxru4Yjntqbpg0Ygs5XN3xVHL+aUGoK+Fu00PjqQWpvSc8e8ihfVvH2qgERcE38aeN01MaGj/TWzVKAXgGlQ==; 5:wCVHWBae8UNUbL/fqOqQqUn5QXN0i1OivrjkHKiaoROgv2091Yvw796aDy3GRU/gGnbAVebmrgdVQDMcr2yV27NPA2S044/d77Egt/ZOnjJaBUefJIiTb6rW/Pr3Z2SFW8dTEdOFPD4iuMpwSIty/Q==; 24:cIzgMESz8V8jgS/qnvuMG6d3yoTW4yGNmfouRI7ElLXitDTYmDsPpQj0ehqjoCgPk9O3w6YI5oZjCjASWDUO2I2sR/ItsTyeCGl892tVDv0=; 7:j7DLxUTcT/eyIt7/t3Wn6Oa83WTQ1rZYog/UhUri6KFxmyfXbmSp1BijdU0NbU6cLgr1wuUOSTJYI7seu0gGfmgZI4zlksqrTeEgdWjZZR//bYZpNr+6LioYMrb1ybznHBtPQg/o+ppfVZR43fikWcNXjOBNTQ2kstzrkYMuUduApAY6RiDzkG3sQv5hq1WoerAGqVwtiJOrc1RaN8T0yQzZAPMvorVMHT1fL1HoeWoOFrBCfYK+3SGOuFe6tsyQ
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2016 04:09:15.4100 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.18]; Helo=[p-emfe01a-sac.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN2PR0501MB991
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list

I have split out a new draft draft-ietf-curdle-ssh-modp-dh-sha2 [1]
(called "new-modp" in the Reference table below) forked from the
draft-ietf-curdle-ssh-kex-sha2-04 draft. It specifies the new MOD DH KEX
Groups that use SHA-2 hashes. This edition specifies both the new
diffie-hellman-group* names of the -04 revision as well as adding the
gss-group* names.

Before I update draft-ietf-curdle-ssh-kex-sha2-05 to point to it, I
would like to take a straw poll of which algorithms (if any) should be
defined as a MUST to implement. My personal preference was just
curve25519-sha256. However, at least a few implementors have said that
they were not planning to do any ECDH implementations. So, I am guessing
that "diffie-hellman-group14-sha256" may be the only one that everyone
might be able to agree is a MUST to implement.

Key Exchange Method Name              Reference     Note
curve25519-sha256                     ssh-curves    MUST
curve448-sha512                       ssh-curves    MAY
diffie-hellman-group-exchange-sha1    RFC4419       SHOULD NOT
diffie-hellman-group-exchange-sha256  RFC4419       MAY
diffie-hellman-group1-sha1            RFC4253       SHOULD NOT
diffie-hellman-group14-sha1           RFC4253       SHOULD
diffie-hellman-group14-sha256         new-modp      MUST
diffie-hellman-group15-sha512         new-modp      MAY
diffie-hellman-group16-sha512         new-modp      SHOULD
diffie-hellman-group17-sha512         new-modp      MAY
diffie-hellman-group18-sha512         new-modp      MAY
ecdh-sha2-nistp256                    RFC5656       SHOULD
ecdh-sha2-nistp384                    RFC5656       SHOULD
ecdh-sha2-nistp521                    RFC5656       SHOULD
ecdh-sha2-*                           RFC5656       MAY
ecmqv-sha2                            RFC5656       MAY
gss-gex-sha1-*                        RFC4462       SHOULD NOT
gss-group1-sha1-*                     RFC4462       SHOULD NOT
gss-group14-sha1-*                    RFC4462       SHOULD
gss-group14-sha256-*                  new-modp      SHOULD
gss-group15-sha512-*                  new-modp      MAY
gss-group16-sha512-*                  new-modp      SHOULD
gss-group17-sha512-*                  new-modp      MAY
gss-group18-sha512-*                  new-modp      MAY
gss-*                                 RFC4462       MAY
rsa1024-sha1                          RFC4432       SHOULD NOT
rsa2048-sha256                        RFC4432       MAY

I plan to post the above table in the new
draft-ietf-curdle-ssh-kex-sha2-05 draft
after 05:00 UTC on 12 September 2016.

Of course, everyone can still lobby for changes with the Curdle group, I
just don't want to generate a huge number of revisions if possible.

	Thank you,
	-- Mark

URL: [1] https://tools.ietf.org/html/draft-ietf-curdle-ssh-modp-dh-sha2-00

v2.8.7 | Report a Bug | By Email