RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)
Peter Gutmann <pgut001@cs.auckland.ac.nz> Sun, 14 February 2016 08:36 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07F101B3ACA for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sun, 14 Feb 2016 00:36:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.006] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o4nAVti5c5L9 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sun, 14 Feb 2016 00:36:07 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1A1D1B2E43 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Sun, 14 Feb 2016 00:36:07 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id 943CC85EC3; Sun, 14 Feb 2016 08:36:06 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id CEC8B85E1A for <ietf-ssh@netbsd.org>; Sun, 14 Feb 2016 08:36:03 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id 5bFcQ1xoLVeF for <ietf-ssh@netbsd.org>; Sun, 14 Feb 2016 08:36:03 +0000 (UTC)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id CC42084CFB for <ietf-ssh@netbsd.org>; Sun, 14 Feb 2016 08:36:02 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1455438963; x=1486974963; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=h5th8CRzVIvYgxjnMGmCfkRYjOno8QreAWROw38kBqw=; b=3vEIFvpkTwNVkWKrJo60Eq8oTqhi0lRVA4ZOG50DlaEpBBMGDZA1FqLy BNLV9B9iQc7KFxNXw0DoBKzTpkoCF4mJxEP6wPokZ317oUNHI4GJLSiYv MQ3fDfV+Tf3mGNbhx7S5+92WAhF7CUUtV0BlmXlctg2PwfD8RygiVAqso zRo45UIV4Ea/c9bWR+um7Ro1tFOgPJYp+1usS0R+8c84W8KHeiF2E+0JJ YQXtA5U+fYfgOd0JVmSQ5lTeOzQjWTrGoZVNbhO6BzLtsP8csOnJOTYXI 9ErsBZOIEfn90LPKG/ZSH9e9eFEXM2aHtIlUZntZdPbFbPhErIPhTVZvR Q==;
X-IronPort-AV: E=Sophos;i="5.22,444,1449486000"; d="scan'208";a="67804946"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.171 - Outgoing - Outgoing
Received: from exchangemx.uoa.auckland.ac.nz (HELO uxchange10-fe4.UoA.auckland.ac.nz) ([130.216.4.171]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 14 Feb 2016 21:36:01 +1300
Received: from UXCN10-5.UoA.auckland.ac.nz ([169.254.5.153]) by uxchange10-fe4.UoA.auckland.ac.nz ([169.254.109.63]) with mapi id 14.03.0266.001; Sun, 14 Feb 2016 21:36:00 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: denis bider <ietf-ssh3@denisbider.com>, "Mark D. Baushke" <mdb@juniper.net>
CC: Niels Möller <nisse@lysator.liu.se>, Simon Josefsson <simon@josefsson.org>, "ietf-ssh@netbsd.org" <ietf-ssh@netbsd.org>
Subject: RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)
Thread-Topic: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)
Thread-Index: AQHRZobUMdJDQld0Qaiw70eVAW98z58rOBFi
Date: Sun, 14 Feb 2016 08:36:00 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4BF1342@uxcn10-5.UoA.auckland.ac.nz>
References: <219217362-2196@skroderider.denisbider.com>
In-Reply-To: <219217362-2196@skroderider.denisbider.com>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
denis bider <ietf-ssh3@denisbider.com> writes: >It seems to me we don't have reason enough to be that aggressive. If someone >asks why SHA-1 is not currently secure for key exchange, we can't point to a >document saying "here's how to break diffie-hellman-group14-sha1". We can however point to mass-market, mainstream products, and mainstream industry groups (e.g. the CAB Forum), that have banned SHA-1 outright: Effective 1 January 2016, CAs MUST NOT issue any new Subscriber certificates or Subordinate CA certificates using the SHA-1 hash algorithm. Go to a site using SHA-1 right now with Chrome or Firefox and you'll get an indicator that the connection is untrusted, i.e. it'll be treated worse than if it wasn't encrypted at all (which is pretty stoopid, but that's a different issue). MSIE will also start doing this in a couple of months, if they don't move the date up yet again. For crypto as most people experience it, use of SHA-1 will be flagged as insecure, or (for CA use) banned outright. So we have a pretty good precedent for warning about SHA-1: In line with widespread industry practice that deprecates SHA-1 as insecure from January 2016, the SHA-1 [algorithm] SHOULD NOT be used. If it is used, it should only be provided for backwards compatibility[,] should not be used in new designs[,] and should be phased out of existing key exchanges as quickly as possible. Since SHA-1 is being actively phased out, anyone continuing to use it should expect increasing problems in its use, for example public CAs will no longer issue certificates using SHA-1. I think that's a fair warning to people of what's in store for SHA-1, so no- one can say they weren't warned. Peter.
- draft-baushke-ssh-dh-group-sha2-01 (was Re: DH gr… Mark D. Baushke
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Stephen Farrell
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… IWAMOTO Kouichi
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Damien Miller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Niels Möller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
- RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
- RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Niels Möller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Damien Miller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Damien Miller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Damien Miller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Niels Möller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Niels Möller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Damien Miller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Simon Josefsson