IETF Logo Mail Archive

Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 & draft-ietf-curdle-ssh-kex-sha2

"Mark D. Baushke" <mdb@juniper.net> Tue, 13 September 2016 20:05 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B187C12B044 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Tue, 13 Sep 2016 13:05:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.708
X-Spam-Level:
X-Spam-Status: No, score=-5.708 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.508, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=junipernetworks.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zBtUMCXF2_fc for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Tue, 13 Sep 2016 13:05:37 -0700 (PDT)
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 715E2126FDC for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Tue, 13 Sep 2016 13:05:37 -0700 (PDT)
Received: by mail.netbsd.org (Postfix, from userid 605) id C159285EB3; Tue, 13 Sep 2016 20:05:35 +0000 (UTC)
Delivered-To: ietf-ssh@NetBSD.org
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 7BE2485E60 for <ietf-ssh@NetBSD.org>; Tue, 13 Sep 2016 20:05:30 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (1024-bit key) header.d=junipernetworks.onmicrosoft.com
Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id h3PxLAMkqSsU for <ietf-ssh@netbsd.org>; Tue, 13 Sep 2016 20:05:29 +0000 (UTC)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on0093.outbound.protection.outlook.com [104.47.36.93]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id 1E27C84CED for <ietf-ssh@NetBSD.org>; Tue, 13 Sep 2016 20:05:28 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=junipernetworks.onmicrosoft.com; s=selector1-juniper-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=V70TdCkK6JZAbD/o29pNvziVJmEUN7ZJrCg3ovUXtD0=; b=Y/cH79EY4eQR11TveavuzYqGRiLvcFIIYEI0ZmvEIS9JdROo1W1EBH2BzDtW/oeQUZvR1cGFz3jBW9gPGKTsV4P/eYcEaQmJyJAcVCV+Wrj4JLYFbxjS9ZHjc6e6wMYHhWn+dULcs2vMyx1oeXJ4BSDEpL60t0MVBxdN3TC3yHg=
Received: from CY1PR05CA0013.namprd05.prod.outlook.com (10.166.186.151) by DM2PR0501MB1199.namprd05.prod.outlook.com (10.160.245.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.629.6; Tue, 13 Sep 2016 15:34:48 +0000
Received: from BL2FFO11OLC013.protection.gbl (2a01:111:f400:7c09::109) by CY1PR05CA0013.outlook.office365.com (2a01:111:e400:c5a4::23) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.629.6 via Frontend Transport; Tue, 13 Sep 2016 15:34:48 +0000
Authentication-Results: spf=softfail (sender IP is 66.129.239.18) smtp.mailfrom=juniper.net; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.18 as permitted sender)
Received: from p-emfe01a-sac.jnpr.net (66.129.239.18) by BL2FFO11OLC013.mail.protection.outlook.com (10.173.160.161) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.619.6 via Frontend Transport; Tue, 13 Sep 2016 15:34:47 +0000
Received: from p-mailhub01.juniper.net (10.160.2.17) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Tue, 13 Sep 2016 08:32:36 -0700
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id u8DFWZWD023551; Tue, 13 Sep 2016 08:32:35 -0700 (envelope-from mdb@juniper.net)
Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id 8B15D1144E; Tue, 13 Sep 2016 08:32:34 -0700 (PDT)
To: Tero Kivinen <kivinen@iki.fi>
CC: Curdle <curdle@ietf.org>, IETF SSH <ietf-ssh@NetBSD.org>
Subject: Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 & draft-ietf-curdle-ssh-kex-sha2
In-Reply-To: <22487.55966.466134.811445@fireball.acr.fi>
References: <41049.1473653352@eng-mail01.juniper.net> <22486.43242.802279.610275@fireball.acr.fi> <54981.1473704788@eng-mail01.juniper.net> <22487.55966.466134.811445@fireball.acr.fi>
Comments: In-reply-to: Tero Kivinen <kivinen@iki.fi> message dated "Tue, 13 Sep 2016 13:53:18 +0300."
From: "Mark D. Baushke" <mdb@juniper.net>
X-Phone: +1 408 745-2952 (Office)
X-Mailer: MH-E 8.6; nmh 1.2; GNU Emacs 24.3.1
X-Face: #8D_6URD2G%vC.hzU<dI&#Y9szHj$'mGtUq&d=rXy^L$-=G_-LmZ^5!Fszk:yXZp$k\nTF? 8Up0!v/%1Q[(d?ES0mQW8dRCXi18gK)luJu)loHk, }4{Vi`yX?p?crF5o:LL{6#eiO:(E:YMxLXULB k|'a*EjN.B&L+[J!PhJ*aX0n:5/
Date: Tue, 13 Sep 2016 08:32:34 -0700
Message-ID: <91090.1473780754@eng-mail01.juniper.net>
MIME-Version: 1.0
Content-Type: text/plain
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:66.129.239.18; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(7916002)(2980300002)(199003)(189002)(47776003)(2906002)(19580405001)(305945005)(50226002)(189998001)(5660300001)(53416004)(19580395003)(4326007)(5003940100001)(2950100001)(92566002)(93886004)(11100500001)(81166006)(626004)(97736004)(230783001)(76506005)(87936001)(117636001)(48376002)(15975445007)(68736007)(7696004)(7126002)(86362001)(586003)(50986999)(77096005)(76176999)(106466001)(2810700001)(105596002)(8936002)(69596002)(8676002)(50466002)(110136003)(81156014)(356003)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0501MB1199; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; BL2FFO11OLC013; 1:JcjPPhdJJW1ZucOEz50v3wKMlu2D7ioK/5NJgRpYVUEUO/20Wq/qPCF+zRj0jLSwrnPqg5VzzHOrkz3HrfHwmoNgECwOTn/IqL4EKttwQmBMO2PdN0S2ZdIMoCrRcPeZSJOx2F3S17gu22nkrI6JGL/awkQDC0mFXMmueM4cekhAGeBxG4zSfwqaRNruYGYq8IHSIFVcIqTqasI6BjB97HHxed2Li+UKvPkj2+4v0q9AqkJlj7UIYmpZfOKziNDJQZ/RferPAIl/iUsKLpZkzTK67v+LSgAzdWHTimki110m8F89gC3GDxM4VzEWvLxDImWHboBE5NQZL1LEN4rNIJXM6t8kgaTzamR7pozPi4Uzkk6NQ03XeOtVRE74aasbhPhaO7uqLtAZ+4BFgFCssVKLRfRisvc0+smqK1Hqc0PvzF9AF6eA7w5ZFBIGVI0nUMGa/jfalC63LUuQ00FO1ee+XoykCP/QybLGFILG3qq0XnmF1uu76Rs2ol4rkDppA+AJSYEPau0TcjqUK3G8sBHzyTruRm7aUUhv0yvCSK/tM69evjZ0kGxHimlxwg+V
X-MS-Office365-Filtering-Correlation-Id: 58245304-c99c-4628-f88e-08d3dbeb7ef5
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0501MB1199; 2:0otQucaeYg6+BdiJaNIQlfvW63fuxYW5Ad3iuNCoAB5pFYj0hmHhwmhmwZM9Vw4W8H/wygvxjzhKUnW8EWAOPU4sXgQiuR6O6q8K/jRzxQdLWgWSjxlQSUk3yyTa7abyY6wZ+tVOpzOFyEKovIUS8pOD5TMdvZoBRowdACylRqvKyVlYx3R8j58f1XmpC7XD; 3:O6huQtfwxrzB2SbRtLYoNirRrrEzOiZ40lq2FY9mdQqbrGXW+MtjK7AUzU8lRS2mk0hx+6SBq0Aq4tQsmT95J9h4yZrR8DGkBf1an1Xk7hhGwYdLtr+FmAUDhv8l/iCpGZxJsaQb4fEQwbba0NF+VDjZsP5xwnDsuVKrjD2YJ7Sjvmyj3J6JEtLeTqGXsne0BdUzUWHZ+nBeAw2QovvfXJVHegndH2PDER44psOy5ZY=; 25:lnDtPMQjCyVqhIV5wZ/7i7IpORHoOqzDw+Fqu/hzbmqphq0J8UdYO68lovSamOflCzm+qGlyKaxQOPj++47QX4UQDCq2Dca0IuygrKMTzMtDl8Jkkru40IVc3/Vv3KsCjF3Od2QSNZ66Ar7sigSTSLyhU0R1jWYLFyS1QuedOMb2zEGWe28UG5fmB0DFuRZRn6tvch+3EtlnyyQreqyitFzZpxiSok/W0rbrscNNiBrLhHvDnGig+Zh3mfzrghoQad9bU/+3RfkvU9SLXQIvJ9y/FtcSMvvCRVQUxZn7JgMy0lzkgVbq5UHQm7S68KMuP70PqRnlBC3tqBPQoc5Rqy7a7egJf9F9Z1wzQc+BfmtOXO+VLJfq7AEkUNbsPYL8+qqu9fU4kR9BI7S9/CGhAfolKskfdIA/Aa/j4VbuvP0=
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DM2PR0501MB1199;
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0501MB1199; 31:6T9r+qdiD82tCToiX312/QiWcPnjM4XV8DHtQ8H+/VPRhI3OgvaMzT9WJvWsye2nrvnzDl6gU0bhfGibfF+A6tISwXp1RfZAjBJsJncvTXCwc8nNMj1usCDzJ9xbG9hZhh4Rs+l/BmIc1a4nxGYK+Va2nffaCPVCb0sffsx9C9Oo4u31Jnk6NHmAMjTJ9sIJN3C6PLWiedPtDCIonxgzXrYI0XY0X2gbr02oQ2Km1Zo=; 20:xpXp3zpboojKxQZqFawMRzlcEpcym4yToE5fwf4XHBNMvqgRWzFco9X7A97g2h3PhDsAkhwUjsMTQNAa0ZouUL174/wsRsHvM4Y7UZ0edQRuLOxIJHR+9WSSszX7bqtNhZn89wroR29qIOEOJRsfmXxvfxpkku1um9KB82AgDKBR6x8g/RVA27w8k6CTZpwZN+GoMwco0iBenuCkjZ9+Uqj4p5nW0dfkCcYloEEtMMH+WdMLiQgzl/slvXac4lvvcwFjvPwyj3PJSbcEZHH0KKtwewYPxSku3ZJdXhUv88KV7KzjLhulS7TLXbrvHGFaV3kjmOI2DIs6IdSHPF2Ry3OQ+l/XtlnM1ybnWVT7LPa5f1WFBSUyr9DZpjxciDiMuLfcadg/GNYAXYCrZYPaVYaoH3FW+MrpYFwTGUW0KGrtl4eNKz96nmOiAfjuI0aWyxuOL9ySNZLnMSWWpANzQ0i13+nMVF49q9MUX0PzD4mI8R21Ok/ABLsvBBEa/Qpk
X-Microsoft-Antispam-PRVS: <DM2PR0501MB11999B1F29120B74ACBDDD6ABFFE0@DM2PR0501MB1199.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(120809045254105)(1591387915157);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(13015025)(13017025)(13023025)(13024025)(13018025)(8121501046)(5005006)(3002001)(10201501046)(6055026); SRVR:DM2PR0501MB1199; BCL:0; PCL:0; RULEID:; SRVR:DM2PR0501MB1199;
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0501MB1199; 4:2hDhN7iuI0VfnO/yG9N0TliYfO+RhKrRrCngQYXXFchMTbG1y9uWi/nVcB2nMNzeCyGpRJcFpsu+AI3NS4/Shj1dO1/C50Zvbjy7JsJcIKSb3Cxs4GLEYxkGbmIxrijrGVoHwqTdCsG+zpH2+muIo7qeoCqTTXsAJWe86loamdBmv7ENV+XWxQ1EKNdMP5QjVwFRmY3sV5IZd+kzb/yVhveQeCZ8v1uqrGFbgx42v2nfYSv0BIeOTEpst4Byf9Hw8cTjgKO/T/YEKfQYgSl3VjTbNS1sYi0IltldCv1AeOr7ghSMkJCDM27TW2jmhecjNZY+0wnsaNCruYo1lfAgridLubGmD9iA6HtP54wCMvJ6UyJBTTtKVLkeXbGZ7KyOygXASAu6O13dX8+AAqquRGP3bxB/TxpT2oNxxTS5R7FD9IcEg26jEuU11tN9qN2LrBzOuffMFn+dNqLLtC3Ssrkq3FBfEvH90ikPc/QxGrQpQCibuYZQDVatqGRkYFAI3yM59ScJafpJzEsvrpy/zDIwxUvlYE0CHYzQwb9dfqUeG0ipWlX57I8melrP1wi2P8NMjBb8KQIOLjJNKojFQw==
X-Forefront-PRVS: 0064B3273C
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0501MB1199; 23:8D71IjoLMY0WTg7gj7lb87AQ7xyeQcTb2HXksLSeP79G7YVl+9OvW2cc4aGwRunoiINkZBBQcp+dBDKuETIqaVq8/5kXM2KXhDBKeuVFjc5AGLGgjgs5wB7Kw1o8SLfVkbcC7hmzBZq/6pVJxO6Hx4jUD5CRQ1GuZon785EG+3pMqmTIvu229PGXahBzLDCi2TssAQDFuS2sH01bonrQwfhWsIpUhr1k0dRILcijoU2Y/ujtxk4fLsAkUInqtnCsfDy7isk8BobRP9PQkHBbkGYEm2HRyqBQSwOvhXJ2ozTZpuiKHwQLqS6rSvROcOMLY2050N6oVn4bHQ7S0uemmrTz27IqCYJTBP3Dso8QKuFgnG9kWUsF8/UN5Ai+kTn8n8DLJHEkGN+QwmBY+35PjvXmD1m3y+fj4kFYkqZAwqMGkvyD39LmF+fBTqu6EY/PmWfbt0vKNY3A3cOFpR5C0pZsRQosbfZUkNNJ+R88WCz7UZnCBe7K2VaZ97aEWAfcpoHqSMIhGr4tAv3N5mpA/UV3f4yECcKzTL/NdaVuDaG0Oa8nMy9UKKtOfFMxBRmrhOUDAtw3IxPmkkl3EPz/PMBqecGZnIpIm2Vqeb5Hxu5gjf6L2tyt+swYEwQ2l5INgqlEXLLx+ZcO0yfvfkXXwYR8zSaBbE6ba6DbPw94Zkou2H5B/lftRV+8nCWuB0zWvZRidO2+Bgi70at03mpGMefXmN5iVvdFcqYf74XwYvxQXj/hwieyByyhPABHhyIUHpXBUhE7jhfZ3RkF9hdAjn1QMeTWW1QFHzo8K/MeXlJPAZA6w80O3OFgDQHkLn3mrSYXWDRIp7zW5wJ5A5AF02W17fVFlMz25zdVgFIf5HoORIBh5bXs/MOnk7Wxvr1c5FvTVH+v62TfQLA4u/TLlDEo7MfESI6ryAcxRKOXC68zfvLkN6YYvnHW0YawSGoQWj2YlL+Rha4HXznZDEbhP78V0HRvfB+5SBzpq3a8ejoic5LEhszFy/pM0cw88SYVdYIJ2u+7xk7pjMSb7T+3oHl8gzLi0vK5V3nsMZYkFd6Bu4JTojZHEm8CInoXVbe/4rQCsEkVlOvYelM6ofObMtRiVPNJbe5yopU5FcCMhK5py/saiCN4mwW1/6nqQQAsw6+PqBkBkxlH+PtR1i+VpA==
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0501MB1199; 6:vHfMs/hNF4PoObFSLmxvIS34mvAal+EHet/JKtQjTnicKLlY5rw0Gxnw5Kz0p7Jym8mN820IRMkdaLlpnZ6Z7N58q1hwjF7nI0vWwE+RCMiOFwEEhDcwUI5EC33FzVfjXj/NzWuYlKwsZ9aA9VQY3qP7a1r5REXxOK9rNsA0rNWHxgFCy8c8Bq5OenUX20Y8j1gMOqASlqdNfclh+bLbV7CDCf25Hr0xgt3b4TAT/SdilXHbofS0Xt3Gs3F/W8DrVLrbYqfTmVmr5eUkvTEcwP/WseGQSMw1cXH9h5odslhiykcY/Ec3Iu+M4XddiRvV+NcRxGjDMFbfx5M5NZpdJw==; 5:OOnE97IU4e2AtYO2023AaihxbeqHTWhy7hjsryjP48spIqLV/YoLUHnHTlVR0HluOd4nfehXbSSyqXiTk637VOW+TNlK00FzgWThhj1MvZWZIs12aQyyRP30tL6p9XSJ13UcKp4CApvmOlOyfCk3HQ==; 24:Q0LZ+eqZ7tCFgGdBxiMvlFeG/2PFD/w6LnoaKko21G+eqco1mnlzJOFPCvyZCxE5rceYCRa/CAkOHGh0NdespniWLsFiCSbR/uoMSqtjCj4=; 7:ATH0KyRkCQ9vCM0pRldH3z6zMV7H/iAzABSwak3rfBl5ktspY2Bxvkbn8OlQnU/769rvxAR32gJl9skb/IoF4cv/R41G8NcORV6yrqk8y3BokWCkC4PQtVZpZ/9GbTR4Mr94Nq/ey2m+sILqGadEy0jpXSjr2QlaWwtre0U/eRMe9UKdM6lQr7wxnVYiebLoDXgPstfdmd+cvi5J/uFgRxMMDtVkhq/5rNen1TROOX6iGoMl/9cF88EwQZWFJn+c
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Sep 2016 15:34:47.9630 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.18]; Helo=[p-emfe01a-sac.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0501MB1199
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list

Tero Kivinen <kivinen@iki.fi> writes:

> Mark D. Baushke writes:
> > > Also, is there need to update other algorithms, i.e. encryption
> > > algorithms, MAC algorithms, Public key names, comperssion algorithms
> > > etc? Are the implementation requirements for them up to date (I do not
> > > know, as I have no idea which of them are now mandatory to implement,
> > > and which are not).
> > 
> > Good question. I am not sure if they are all being managed by the Curdle
> > Group or not....
> 
> Curdle charter says:
> 
> CURDLE - CURves, Deprecating and a Little more Encryption
> 
...elided...
> so it seems to fit well to curdle charter, if we deprecate and collect
> mandatory to implement ciphers to one document. 

I agree.

> > I am not sure that they all belong in one document or not. It seems
> > like it might be better for each section to have its own document
> > specifying the MUST/SHOULD/MAY/SHOULD NOT advise...
>
> I would suggest we collect all "Algorithm Implementation Requirements
> and Usage Guidance for ssh" in one document here too.

Are we going to adopt all of the SSH changes at one IETF?

Right now, I am the author of two related drafts:

  draft-ietf-curdle-ssh-kex-sha2
  draft-ietf-curdle-ssh-modp-dh-sha2

they deal with updates to Key Exchange Algorithm Methods.

Of the current CURDLE documents
https://datatracker.ietf.org/wg/curdle/documents/

the only SSH drafts are:

  draft-ietf-curdle-rsa-sha2-02 
  draft-ietf-curdle-ssh-ed25519-00
  draft-ietf-curdle-ssh-ext-info-01
  draft-ietf-curdle-ssh-kex-sha2
  draft-ietf-curdle-ssh-modp-dh-sha2

and the rest are:

  draft-ietf-curdle-cms-chacha20-poly1305-01 
  draft-ietf-curdle-cms-ecdh-new-curves-01 
  draft-ietf-curdle-cms-eddsa-signatures-00
  draft-ietf-curdle-dnskey-eddsa-00 
  draft-ietf-curdle-pkix-01

I just realized that the

  draft-ietf-curdle-ssh-curves-00

draft has expired on September 9, 2016 and not been resubmitted, so
there is no ed25519-sha256 or curve448-sha512 KEX currently in an active
draft.

To the best of my understanding, no draft to add chacha20-poly1305 to
SSH similar to what has been added to OpenSSH has been written.

To the best of my understanding, no draft to fix the AEAD_AES_128_GCM
and AEAD_AES_256_GCM to negotiate in a way similar to OpenSSH have been
written.

Given the current drafts, they appear to impact only:

Key Exchange Method Names:
http://www.iana.org/assignments/ssh-parameters/
ssh-parameters.xhtml#ssh-parameters-16

Public Key Algorithm Names:
http://www.iana.org/assignments/ssh-parameters/
ssh-parameters.xhtml#ssh-parameters-19

Are there any other documents I have missed?

> In draft-ietf-ipsecme-rfc4307bis-12 for IKEv2 we even specified the
> mandatory to implement authentication methods, and recommended key
> lengths (see section 4.1.1). We also provide little bit of background
> reasoning for the MUST/SHOULD/MUST NOT/SHOULD NOT algorithms.

Okay.

	-- Mark

v2.23.0 | Report a Bug | By Email