Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)

"Mark D. Baushke" <mdb@juniper.net> Mon, 15 February 2016 09:36 UTC

Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.18 as permitted sender)
To: Damien Miller <djm@mindrot.org>
CC: denis bider <ietf-ssh3@denisbider.com>, Niels Möller <nisse@lysator.liu.se>, Peter Gutmann <pgut001@cs.auckland.ac.nz>, Simon Josefsson <simon@josefsson.org>, ietf-ssh@netbsd.org
Subject: Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)
In-Reply-To: <alpine.BSO.2.20.1602151851550.4613@natsu.mindrot.org>
References: <223360780-3264@skroderider.denisbider.com> <86136.1455402404@eng-mail01.juniper.net> <alpine.BSO.2.20.1602151851550.4613@natsu.mindrot.org>
Comments: In-reply-to: Damien Miller <djm@mindrot.org> message dated "Mon, 15 Feb 2016 19:00:54 +1100."
From: "Mark D. Baushke" <mdb@juniper.net>
Date: Mon, 15 Feb 2016 01:36:15 -0800
Message-ID: <35014.1455528975@eng-mail01.juniper.net>
MIME-Version: 1.0
Content-Type: text/plain
SpamDiagnosticOutput: 1:23
SpamDiagnosticMetadata: NSPM
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Feb 2016 09:36:32.6167 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.18]; Helo=[p-emfe01a-sac.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR05MB112
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list

Damien Miller <djm@mindrot.org> writes:

> On Sat, 13 Feb 2016, Mark D. Baushke wrote:
> 
> > https://datatracker.ietf.org/doc/draft-baushke-ssh-dh-group-sha2/
>
> IMO curve25519-sha256 should be a MUST, if not immediately then soon.
> It's already supported under the curve25519-sha256@libssh.org alias by
> a few implementations.

Good point. I have moved curve25519-sha256 to MUST.

> This paragraph:
> 
> >  The group15, group16, group17, and group18 names are the same as
> >  those specified in [RFC3526] as 3072-bit MODP Group 14, 4096-bit MODP
> >  Group 15, 6144-bit MODP Group 17, and 8192-bit MODP Group 18.
> 
> is incorrect: group 14 is 2048 bits, not 3072. Group 15 is 3072 bits,
> not 4096. Group 16's length is not described (4096 bits). 17 and 18 are
> correct.

Thank you for reporting this. I have updated the text in my copy and
removed group15 and group17 from the list.

I have submitted the new edition to 
https://datatracker.ietf.org/doc/draft-baushke-ssh-dh-group-sha2/
it should propagate shortly.

> I think the table of "Group modulus security strength estimates" should
> have a reference - are these from NIST SP800-57?

Actually, I do mention that I got the information from RFC3526,
but I will make that more explicit and also point to RFC3766
for making the security strength calculation in person.

	Thank you,
	-- Mark

draft-baushke-ssh-dh-group-sha2-01 (was Re: DH gr… Mark D. Baushke
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Stephen Farrell
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… IWAMOTO Kouichi
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Damien Miller
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Niels Möller
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Niels Möller
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Damien Miller
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Damien Miller
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Damien Miller
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Niels Möller
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Niels Möller
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Damien Miller
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Simon Josefsson