IETF Logo Mail Archive

Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)

Damien Miller <djm@mindrot.org> Mon, 15 February 2016 08:01 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E4E01A8781 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Mon, 15 Feb 2016 00:01:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.006] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XWCarntVkIom for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Mon, 15 Feb 2016 00:01:39 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:470:a085:999::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE09C1A6F51 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Mon, 15 Feb 2016 00:01:38 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id E6BAB85EE9; Mon, 15 Feb 2016 08:01:37 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id F3A5185EE4 for <ietf-ssh@netbsd.org>; Mon, 15 Feb 2016 08:01:35 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id DVUMIlLJf_x2 for <ietf-ssh@netbsd.org>; Mon, 15 Feb 2016 08:01:35 +0000 (UTC)
Received: from newmailhub.uq.edu.au (mailhub1.soe.uq.edu.au [130.102.132.208]) by mail.netbsd.org (Postfix) with ESMTP id 1AEAC84CBD for <ietf-ssh@netbsd.org>; Mon, 15 Feb 2016 08:01:34 +0000 (UTC)
Received: from smtp2.soe.uq.edu.au (smtp2.soe.uq.edu.au [10.138.113.41]) by newmailhub.uq.edu.au (8.14.5/8.14.5) with ESMTP id u1F80w9V029600; Mon, 15 Feb 2016 18:00:58 +1000
Received: from mailhub.eait.uq.edu.au (hazel.eait.uq.edu.au [130.102.60.17]) by smtp2.soe.uq.edu.au (8.14.5/8.14.5) with ESMTP id u1F80wxE059268 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 15 Feb 2016 18:00:58 +1000
Received: from natsu.mindrot.org (natsu.mindrot.org [130.102.96.2]) by mailhub.eait.uq.edu.au (8.15.1/8.15.1) with ESMTP id u1F80sLd017000; Mon, 15 Feb 2016 18:00:55 +1000 (AEST)
Received: by natsu.mindrot.org (Postfix, from userid 1000) id DA812A4F35; Mon, 15 Feb 2016 19:00:54 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1]) by natsu.mindrot.org (Postfix) with ESMTP id D9CC9A4F34; Mon, 15 Feb 2016 19:00:54 +1100 (AEDT)
Date: Mon, 15 Feb 2016 19:00:54 +1100
From: Damien Miller <djm@mindrot.org>
To: "Mark D. Baushke" <mdb@juniper.net>
cc: denis bider <ietf-ssh3@denisbider.com>, Niels Möller <nisse@lysator.liu.se>, Peter Gutmann <pgut001@cs.auckland.ac.nz>, Simon Josefsson <simon@josefsson.org>, ietf-ssh@netbsd.org
Subject: Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)
In-Reply-To: <86136.1455402404@eng-mail01.juniper.net>
Message-ID: <alpine.BSO.2.20.1602151851550.4613@natsu.mindrot.org>
References: <223360780-3264@skroderider.denisbider.com> <86136.1455402404@eng-mail01.juniper.net>
User-Agent: Alpine 2.20 (BSO 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
X-Scanned-By: MIMEDefang 2.73 on UQ Mailhub
X-Scanned-By: MIMEDefang 2.75 on 130.102.60.17
X-UQ-FilterTime: 1455523260
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list

On Sat, 13 Feb 2016, Mark D. Baushke wrote:

> Hi denis & Niels,
> 
> You have both made good points. I have adopted the updated text from
> denis and tried provide a meaning for the Note column. I have also added
> a pointer to the Simon's ssh-curves draft and included both of the
> currently published curve names in the table in this draft.
> 
> https://datatracker.ietf.org/doc/draft-baushke-ssh-dh-group-sha2/
> 
> Please let me know of additional comments.

IMO curve25519-sha256 should be a MUST, if not immediately then soon.
It's already supported under the curve25519-sha256@libssh.org alias by
a few implementations.

This paragraph:

>  The group15, group16, group17, and group18 names are the same as
>  those specified in [RFC3526] as 3072-bit MODP Group 14, 4096-bit MODP
>  Group 15, 6144-bit MODP Group 17, and 8192-bit MODP Group 18.

is incorrect: group 14 is 2048 bits, not 3072. Group 15 is 3072 bits,
not 4096. Group 16's length is not described (4096 bits). 17 and 18 are
correct.

I think the table of "Group modulus security strength estimates" should
have a reference - are these from NIST SP800-57?

-d

v2.39.1 | Report a Bug | By Email | System Status