Re: DH group exchange (Re: SSH key algorithm updates)
Darren Tucker <dtucker@zip.com.au> Sat, 12 December 2015 08:56 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8A621A21A6 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sat, 12 Dec 2015 00:56:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.578
X-Spam-Level:
X-Spam-Status: No, score=-0.578 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, FM_FORGED_GMAIL=0.622, J_CHICKENPOX_21=0.6, T_DKIM_INVALID=0.01, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xqG3DJPeDKmp for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sat, 12 Dec 2015 00:56:35 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:470:a085:999::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47DFB1A21A3 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Sat, 12 Dec 2015 00:56:35 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id BAA148629D; Sat, 12 Dec 2015 08:56:33 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id EB3EB862A1 for <ietf-ssh@netbsd.org>; Sat, 12 Dec 2015 08:56:31 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (2048-bit key) header.d=dtucker-net.20150623.gappssmtp.com
Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id Fd7G7Ewft2MY for <ietf-ssh@netbsd.org>; Sat, 12 Dec 2015 08:56:31 +0000 (UTC)
Received: from mail-ig0-x230.google.com (mail-ig0-x230.google.com [IPv6:2607:f8b0:4001:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id 2FDD68629D for <ietf-ssh@netbsd.org>; Sat, 12 Dec 2015 08:56:29 +0000 (UTC)
Received: by igbxm8 with SMTP id xm8so54486978igb.1 for <ietf-ssh@netbsd.org>; Sat, 12 Dec 2015 00:56:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dtucker-net.20150623.gappssmtp.com; s=20150623; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=79dSm9Dhh/bw2NTjvSpZHutYXDNLk/tP0cDtILeoWVM=; b=E00mN4T9ux5tgppafWxW6vZJr+tiZw7W7gAzT0D/wqEEcIPJnTgQvivNUtqqIO1w5D CO90UX9PWcQloS6AEMqQPrRcLJHJRnaV2xliirigzHgMlDitxy6YmqzkuHMlUnZ4RvWD 3elttv1xyFRIDmF4J/fYjD01BoaH87VyWwgl6d2G8OMuN0fSQ1iEgOS8nBltEbxNYxnn UAdTIztKpk+FgrQYSLQ422qkiKseePMUpQg9PUSVh6iTHq1HHb4IPlKX75uAhidOAran vHd+NNOcSLjaxauX1YTqU+/zhfIAM7ce4tmuwx+STqP2SVNHrMlaku4gmTWh9VfC9mbc 3PIA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-type; bh=79dSm9Dhh/bw2NTjvSpZHutYXDNLk/tP0cDtILeoWVM=; b=W+0x25dfcg4Njc0cJ8yIyujaboQ9PAlk0X3MBHTnbyO/ehZL9pfKSIOA9v+PKQ6bwl olJlBsr6lLV61+//mxO5hLYvanu36wGR0vZ5VJYPUYGEHGx2/GA5KW5CwG/way/lU2ok yTZNAhUCrpOB9OA0U0fTeH/ENOB6QOBtogF7RpKzmahOJWo+ZWbwBC9m6TtRIiDRqyU1 gFxqVNozx2elzEa93q/Oynrs9W4AWwzTFSpvh6kiLcvquuzXpvn9jCDQqtqY6LPlj0DX JQ+BWezUxbjbtWa5SJHqt1RGWg7WkAvu5C9vMymYo7DNKyVNwYPsvdcz4CHmTheZirSz VYoA==
X-Gm-Message-State: ALoCoQl64r3w+2EsRPk5CR6W/uqFLV9P5sqd1HMpfqCEJns0drCEZb+T72l01e/RVj4Y/GJ/AEYokY80Fm2czCWYVSdWXOjChA==
X-Received: by 10.50.22.33 with SMTP id a1mr7212579igf.52.1449910588647; Sat, 12 Dec 2015 00:56:28 -0800 (PST)
MIME-Version: 1.0
Received: by 10.64.132.226 with HTTP; Sat, 12 Dec 2015 00:56:09 -0800 (PST)
In-Reply-To: <52B062CA-0159-4ED9-AF58-BBED122D6F09@ucc.asn.au>
References: <9A043F3CF02CD34C8E74AC1594475C73F4B5993D@uxcn10-5.UoA.auckland.ac.nz> <2096379125-720@skroderider.denisbider.com> <9A043F3CF02CD34C8E74AC1594475C73F4B599ED@uxcn10-5.UoA.auckland.ac.nz> <55190.1447001241@eng-mail01.juniper.net> <9A043F3CF02CD34C8E74AC1594475C73F4B5A9BC@uxcn10-5.UoA.auckland.ac.nz> <nnziyn2ft7.fsf@armitage.lysator.liu.se> <65113.1447107876@eng-mail01.juniper.net> <nn37we320r.fsf@armitage.lysator.liu.se> <alpine.BSO.2.20.1511101829460.8324@natsu.mindrot.org> <90378.1447145301@eng-mail01.juniper.net> <nnbnb11utb.fsf@armitage.lysator.liu.se> <41119.1447226323@eng-mail01.juniper.net> <nnfv0az4dl.fsf@armitage.lysator.liu.se> <67048.1447534953@eng-mail01.juniper.net> <nnpozbybp8.fsf@armitage.lysator.liu.se> <26466.1447573713@eng-mail01.juniper.net> <nnlh9zy912.fsf@armitage.lysator.liu.se> <29562.1449755093@eng-mail01.juniper.net> <nn37vamk6e.fsf@armitage.lysator.liu.se> <83020.1449762143@eng-mail01.juniper.net> <CALDDTe0B+Bf-3m2HTwweUUDnkkdOPacF0Lp9azCPjnwM5gX9Rw@mail.gmail.com> <52B062CA-0159-4ED9-AF58-BBED122D6F09@ucc.asn.au>
From: Darren Tucker <dtucker@zip.com.au>
Date: Sat, 12 Dec 2015 19:56:09 +1100
X-Google-Sender-Auth: PM7MQsFVKHaVqKui3vo8i-cKP68
Message-ID: <CALDDTe1bD9JNAWMtekipsw3X3UUwVBb+jXxNh_UAF8xwvbPfNg@mail.gmail.com>
Subject: Re: DH group exchange (Re: SSH key algorithm updates)
To: Matt Johnston <matt@ucc.asn.au>
Cc: "Mark D. Baushke" <mdb@juniper.net>, Niels Möller <nisse@lysator.liu.se>, Damien Miller <djm@mindrot.org>, Peter Gutmann <pgut001@cs.auckland.ac.nz>, denis bider <ietf-ssh3@denisbider.com>, Jeffrey Hutzelman <jhutz@cmu.edu>, "ietf-ssh@NetBSD.org" <ietf-ssh@netbsd.org>, "stephen.farrell@cs.tcd.ie" <stephen.farrell@cs.tcd.ie>, "jon@siliconcircus.com" <jon@siliconcircus.com>
Content-Type: text/plain; charset="UTF-8"
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
On Sat, Dec 12, 2015 at 1:20 AM, Matt Johnston <matt@ucc.asn.au> wrote: > I've added preliminary diffie-hellman-group14-sha256 to Dropbear, https://secure.ucc.asn.au/hg/dropbear/rev/d2f9ef67af15 > > The OpenSSH patch seems to have problems, I've replied in bugzilla. Damien implemented the missing code and I've updated the patch in the bug. With that change, openssh client interops with dropbear server. There's some problem with dropbear client and openssh server, but that combination doesn't work for me without my changes using group14-sha1 so I'll follow up with that off-list. Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
- Re: DH group exchange (Re: SSH key algorithm upda… Jeffrey Hutzelman
- DH group exchange (Re: SSH key algorithm updates) denis bider
- Re: DH group exchange (Re: SSH key algorithm upda… denis bider
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… denis bider
- RE: DH group exchange (Re: SSH key algorithm upda… Peter Gutmann
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- RE: DH group exchange (Re: SSH key algorithm upda… Peter Gutmann
- RE: DH group exchange (Re: SSH key algorithm upda… Peter Gutmann
- Re: DH group exchange (Re: SSH key algorithm upda… denis bider
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- RE: DH group exchange (Re: SSH key algorithm upda… Peter Gutmann
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- RE: DH group exchange (Re: SSH key algorithm upda… Peter Gutmann
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- Re: DH group exchange (Re: SSH key algorithm upda… Damien Miller
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… denis bider
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… Darren Tucker
- Re: DH group exchange (Re: SSH key algorithm upda… Matt Johnston
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- RE: DH group exchange (Re: SSH key algorithm upda… Peter Gutmann
- Re: DH group exchange (Re: SSH key algorithm upda… Darren Tucker