IETF Logo Mail Archive

RE: deaft-gree-sedsh-ecc-08: small correction

"Igoe, Kevin M." <kmigoe@nsa.gov> Fri, 13 August 2010 14:06 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@core3.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F18E93A68F2 for <ietfarch-secsh-tyoxbijeg7-archive@core3.amsl.com>; Fri, 13 Aug 2010 07:06:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BqNTl4Y6LEno for <ietfarch-secsh-tyoxbijeg7-archive@core3.amsl.com>; Fri, 13 Aug 2010 07:06:07 -0700 (PDT)
Received: from mollari.NetBSD.org (mollari.NetBSD.org [IPv6:2001:4f8:3:7:230:48ff:fed3:af12]) by core3.amsl.com (Postfix) with ESMTP id 5BE3F3A68AC for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Fri, 13 Aug 2010 07:06:07 -0700 (PDT)
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mail.NetBSD.org", Issuer "Postmaster NetBSD.org" (verified OK)) by mollari.NetBSD.org (Postfix) with ESMTPS id 223567093C for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Fri, 13 Aug 2010 14:06:44 +0000 (UTC)
Received: by mail.netbsd.org (Postfix, from userid 0) id 180ED63B101; Fri, 13 Aug 2010 14:06:30 +0000 (UTC)
Delivered-To: ietf-ssh@NetBSD.org
Received: from msux-gh1-uea01.nsa.gov (msux-gh1-uea01.nsa.gov [63.239.65.39]) by mail.netbsd.org (Postfix) with ESMTP id C288263B100 for <ietf-ssh@NetBSD.org>; Fri, 13 Aug 2010 14:06:27 +0000 (UTC)
Received: from MSCS-GH1-UEA03.corp.nsa.gov (localhost [127.0.0.1]) by msux-gh1-uea01.nsa.gov (8.12.10/8.12.10) with ESMTP id o7DD5duZ010042; Fri, 13 Aug 2010 13:05:40 GMT
Received: from MSIS-GH1-UEA06.corp.nsa.gov ([10.215.228.137]) by MSCS-GH1-UEA03.corp.nsa.gov with Microsoft SMTPSVC(6.0.3790.3959); Fri, 13 Aug 2010 09:05:45 -0400
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
X-MIMEOLE: Produced By Microsoft Exchange V6.5
Subject: RE: deaft-gree-sedsh-ecc-08: small correction
Date: Fri, 13 Aug 2010 09:05:45 -0400
Message-ID: <80F9AC969A517A4DA0DE3E7CF74CC1BB034A7D@MSIS-GH1-UEA06.corp.nsa.gov>
In-reply-to: <alpine.BSO.2.00.1008131523540.29473@fuyu.mindrot.org>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: deaft-gree-sedsh-ecc-08: small correction
Thread-Index: Acs6s7WsNzunHQcfQKGGBDhPKlApTQAMylpg
References: <80F9AC969A517A4DA0DE3E7CF74CC1BB034955@MSIS-GH1-UEA06.corp.nsa.gov> <alpine.BSO.2.00.1008131523540.29473@fuyu.mindrot.org>
From: "Igoe, Kevin M." <kmigoe@nsa.gov>
To: Damien Miller <djm@mindrot.org>, Douglas Stebila <douglas@stebila.ca>
Cc: ietf-ssh@NetBSD.org
X-OriginalArrivalTime: 13 Aug 2010 13:05:45.0856 (UTC) FILETIME=[3E14B800:01CB3AE8]
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list

You are correct, MQV was thrown out of Suite B some time ago
and we should rephrase this statement to reflect that.  I
view leaving MQV in this draft as harmless.  Yes, currently
there are Intellectual Property issues involving MQV, but that
may well change in the future.

As to checking for the point at infinity in ECDH, I'd
rather have that issue addressed in a document that is
clearly directed at ECDH rather than having it hidden 
in a document that only peripherally touches ECDH.
I'll be putting out a "Suite B for Secure Shell" document
in the near future and plan to cover such issues in there.


> -----Original Message-----
> From: ietf-ssh-owner@NetBSD.org [mailto:ietf-ssh-owner@NetBSD.org] On
> Behalf Of Damien Miller
> Sent: Friday, August 13, 2010 1:30 AM
> To: Igoe, Kevin M.; Douglas Stebila
> Cc: ietf-ssh@NetBSD.org
> Subject: Re: deaft-gree-sedsh-ecc-08: small correction
> 
> On Tue, 16 Jun 2009, Igoe, Kevin M. wrote:
> 
> > In the Introduction to draft-green-secsh-ecc-08 we find
> >
> >    In the interest of adding Suite B algorithms to SSH this document
> >    adds three ECC Suite B algorithms to the Secure Shell arsenal:
> >    Elliptic Curve Menezes-Qu-Vanstone (ECMQV), Elliptic Curve
Diffie-
> >    Hellman (ECDH), and Elliptic Curve Digital Signature Algorithm
> >    (ECDSA), as well as utilizing the SHA2 family of secure hash
> >    algorithms.
> > Slight error here: ECMQV is no longer part of Suite B.  For sake of
> > correctness, I'd suggest something like the following:
> >
> >    In the interest of adding Suite B algorithms to SSH this document
> >    adds two ECC Suite B algorithms to the Secure Shell arsenal:
> >    Elliptic Curve Diffie-Hellman (ECDH), and Elliptic Curve Digital
> >    Signature Algorithm (ECDSA), as well as utilizing the SHA2 family
> >    of secure hash algorithms. Additonally, support is provided for
> >       Elliptic Curve Menezes-Qu-Vanstone (ECMQV).
> 
> Why not drop ECMQV from the draft entirely? AFAIK it is patented,
> which is enough to stop us (OpenSSH) from implementing it. I think
> new KEX methods need a very good justification, since they represent
> a significant part of the pre-auth attack surface.
> 
> Also on the -08 draft, shouldn't the client and server in ECDH reject
> public keys from the peer that are points at infinity? Are there
> other degenerate values to worry about?
> 
> -d

v2.23.0 | Report a Bug | By Email