Re: DH Group Exchange in SSH (RFC 4419) - Avoiding Backsdoors
Damien Miller <djm@mindrot.org> Thu, 29 September 2016 17:29 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BF6412B141 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Thu, 29 Sep 2016 10:29:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.516
X-Spam-Level:
X-Spam-Status: No, score=-6.516 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-2.316, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nQw_jmhVukt5 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Thu, 29 Sep 2016 10:29:11 -0700 (PDT)
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F03DF12B025 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Thu, 29 Sep 2016 10:29:10 -0700 (PDT)
Received: by mail.netbsd.org (Postfix, from userid 605) id 91BD985E96; Thu, 29 Sep 2016 17:29:08 +0000 (UTC)
Delivered-To: ietf-ssh@NetBSD.org
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 1A94E85F04 for <ietf-ssh@NetBSD.org>; Thu, 29 Sep 2016 17:29:07 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id DrsmGttQ52di for <ietf-ssh@netbsd.org>; Thu, 29 Sep 2016 17:29:06 +0000 (UTC)
Received: from newmailhub.uq.edu.au (mailhub2.soe.uq.edu.au [130.102.132.209]) by mail.netbsd.org (Postfix) with ESMTP id 4A27C85E79 for <ietf-ssh@NetBSD.org>; Thu, 29 Sep 2016 17:29:03 +0000 (UTC)
Received: from smtp2.soe.uq.edu.au (smtp2.soe.uq.edu.au [10.138.113.41]) by newmailhub.uq.edu.au (8.14.5/8.14.5) with ESMTP id u8THSt3E023745; Fri, 30 Sep 2016 03:28:55 +1000
Received: from mailhub.eait.uq.edu.au (holly.eait.uq.edu.au [130.102.79.58]) by smtp2.soe.uq.edu.au (8.14.5/8.14.5) with ESMTP id u8THStQ8021354 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 30 Sep 2016 03:28:55 +1000
Received: from natsu.mindrot.org (natsu.mindrot.org [130.102.96.2]) by mailhub.eait.uq.edu.au (8.15.1/8.15.1) with ESMTPS id u8THStx1011761 (version=TLSv1.2 cipher=DHE-RSA-CHACHA20-POLY1305 bits=256 verify=NO); Fri, 30 Sep 2016 03:28:55 +1000 (AEST)
Received: by natsu.mindrot.org (Postfix, from userid 1000) id E4BCFA4F2E; Fri, 30 Sep 2016 03:28:54 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1]) by natsu.mindrot.org (Postfix) with ESMTP id DFFFBA4F07; Fri, 30 Sep 2016 03:28:54 +1000 (AEST)
Date: Fri, 30 Sep 2016 03:28:54 +1000
From: Damien Miller <djm@mindrot.org>
To: "Mark D. Baushke" <mdb@juniper.net>
cc: ietf-ssh@NetBSD.org, curdle@ietf.org, frg@irtf.org
Subject: Re: DH Group Exchange in SSH (RFC 4419) - Avoiding Backsdoors
In-Reply-To: <35937.1475160447@eng-mail01.juniper.net>
Message-ID: <alpine.BSO.2.20.1609300328040.29933@natsu.mindrot.org>
References: <35937.1475160447@eng-mail01.juniper.net>
User-Agent: Alpine 2.20 (BSO 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
X-Scanned-By: MIMEDefang 2.73 on UQ Mailhub
X-Scanned-By: MIMEDefang 2.75 on 130.102.79.58
X-UQ-FilterTime: 1475170136
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
On Thu, 29 Sep 2016, Mark D. Baushke wrote: > Hi, > > Question: > > Should RFC 4419 - "Diffie-Hellman Group Exchange for the Secure Shell > (SSH) Transport Layer Protocol" be deprecated? > > Background: > > The paper "How to Backdoor Diffie-Hellman" by David Wong > https://eprint.iacr.org/2016/644.pdf describes two ways > of creating a Nobody-But-Us (NOBUS) Diffie-Hellman backdoor: NOBUS backdoors aren't the only concern; another motivation was logjam-style precomputation attacks. -d
- DH Group Exchange in SSH (RFC 4419) - Avoiding Ba… Mark D. Baushke
- Re: DH Group Exchange in SSH (RFC 4419) - Avoidin… Damien Miller
- Re: DH Group Exchange in SSH (RFC 4419) - Avoidin… Mark D. Baushke
- Re: DH Group Exchange in SSH (RFC 4419) - Avoidin… Damien Miller
- Re: [Curdle] DH Group Exchange in SSH (RFC 4419) … Peter Gutmann