Re: DH group exchange (Re: SSH key algorithm updates)
"Mark D. Baushke" <mdb@juniper.net> Sat, 07 November 2015 19:33 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E9F81ACEFB for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sat, 7 Nov 2015 11:33:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G31aV8F9d2-8 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sat, 7 Nov 2015 11:33:15 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:4f8:3:7::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 744901ACE91 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Sat, 7 Nov 2015 11:33:15 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id A6DA014A3FE; Sat, 7 Nov 2015 19:33:12 +0000 (UTC)
Delivered-To: ietf-ssh@NetBSD.org
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id D1B2114A3F9 for <ietf-ssh@NetBSD.org>; Sat, 7 Nov 2015 19:32:59 +0000 (UTC)
X-Virus-Scanned: amavisd-new at NetBSD.org
Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id nQ2T4XeluoAW for <ietf-ssh@NetBSD.org>; Sat, 7 Nov 2015 19:32:58 +0000 (UTC)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0710.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc0c::710]) by mail.netbsd.org (Postfix) with ESMTP id 314B414A3F4 for <ietf-ssh@NetBSD.org>; Sat, 7 Nov 2015 19:32:57 +0000 (UTC)
Received: from CO2PR05CA025.namprd05.prod.outlook.com (10.141.241.153) by BN1PR05MB059.namprd05.prod.outlook.com (10.255.202.149) with Microsoft SMTP Server (TLS) id 15.1.312.18; Sat, 7 Nov 2015 19:32:55 +0000
Received: from BN1BFFO11FD001.protection.gbl (2a01:111:f400:7c10::1:107) by CO2PR05CA025.outlook.office365.com (2a01:111:e400:1429::25) with Microsoft SMTP Server (TLS) id 15.1.318.15 via Frontend Transport; Sat, 7 Nov 2015 19:32:54 +0000
Authentication-Results: spf=softfail (sender IP is 66.129.239.17) smtp.mailfrom=juniper.net; denisbider.com; dkim=none (message not signed) header.d=none; denisbider.com; dmarc=none action=none header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.17 as permitted sender)
Received: from p-emfe01a-sac.jnpr.net (66.129.239.17) by BN1BFFO11FD001.mail.protection.outlook.com (10.58.144.64) with Microsoft SMTP Server (TLS) id 15.1.325.5 via Frontend Transport; Sat, 7 Nov 2015 19:32:53 +0000
Received: from magenta.juniper.net (172.17.27.123) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Sat, 7 Nov 2015 11:32:52 -0800
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by magenta.juniper.net (8.11.3/8.11.3) with ESMTP id tA7JWnD84610; Sat, 7 Nov 2015 11:32:50 -0800 (PST) (envelope-from mdb@juniper.net)
Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id 421891141B; Sat, 7 Nov 2015 11:32:49 -0800 (PST)
To: Jeffrey Hutzelman <jhutz@cmu.edu>
CC: denis bider <ietf-ssh3@denisbider.com>, Niels Möller <nisse@lysator.liu.se>, ietf-ssh@NetBSD.org, stephen.farrell@cs.tcd.ie, jon@siliconcircus.com
Subject: Re: DH group exchange (Re: SSH key algorithm updates)
In-Reply-To: <1446868237.5945.12.camel@destiny.pc.cs.cmu.edu>
References: <1990286542-756@skroderider.denisbider.com> <1446868237.5945.12.camel@destiny.pc.cs.cmu.edu>
Comments: In-reply-to: Jeffrey Hutzelman <jhutz@cmu.edu> message dated "Fri, 06 Nov 2015 22:50:37 -0500."
From: "Mark D. Baushke" <mdb@juniper.net>
X-Mailer: MH-E 8.5; nmh 1.2; GNU Emacs 24.3.1
X-Face: #8D_6URD2G%vC.hzU<dI&#Y9szHj$'mGtUq&d=rXy^L$-=G_-LmZ^5!Fszk:yXZp$k\nTF? 8Up0!v/%1Q[(d?ES0mQW8dRCXi18gK)luJu)loHk, }4{Vi`yX?p?crF5o:LL{6#eiO:(E:YMxLXULB k|'a*EjN.B&L+[J!PhJ*aX0n:5/
Date: Sat, 07 Nov 2015 11:32:49 -0800
Message-ID: <87436.1446924769@eng-mail01.juniper.net>
MIME-Version: 1.0
Content-Type: text/plain
X-EOPAttributedMessage: 0
X-Microsoft-Exchange-Diagnostics: 1; BN1BFFO11FD001; 1:ImwYdDvRqAvuPOYDA1CV4l+pi/xR5HvK9/fdCtVGwe0KTn5a6Hz1pOigemBQaOw6OtmrNv7z/0/mGvCGE+ixoodxXprpEW+WMj6/pXdZR4He6F1/Nm/kdHebkaiGbx00KIJf2Dg7/IYNyUjhI2xfyNSBtjuSet8KWV3dzIHRRQx7R2inrpwWe+Oy8lN9aElqPHmP7U7rd+A+Gdg6ZixL7YT82YH7NIfIKu0rXxi6ULb2SUbHH1LQoPEwOK1ebt3OBadWwUN3AdgDgV0vmuHGBWDPR4oNu19myrDa8OyL/dfQhhH4zy+4NGOuzrbPVn/Tjl6KZ8SEPAbqVTLPNiIP3sqX4YagaLeHiNmU5P24YYoD1Jh0nvRLTFXBVz+XdDkFHzPpa+wmZ5qg3kpyUalUPA==
X-Forefront-Antispam-Report: CIP:66.129.239.17; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(2980300002)(377424004)(24454002)(243025005)(189002)(199003)(50466002)(5007970100001)(2171001)(10710500006)(87936001)(50226001)(48376002)(117636001)(53416004)(92566002)(189998001)(110136002)(5001960100002)(97736004)(7110500001)(81156007)(76176999)(50986999)(76506005)(106466001)(105596002)(77096005)(19580395003)(69596002)(5003600100002)(19580405001)(86362001)(15975445007)(47776003)(5003940100001)(2420400006)(6806005)(2950100001)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN1PR05MB059; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; BN1PR05MB059; 2:1u85FZB7fAJIyggEJ8zD3suchOMXNCRwO9NffYX1F0q9Ksg1e6KXZni/7cNJ9HLwimjUzP+Nhn7RoApEL/hKPpJMk7TJo9kKX+ktKrotW5og6RXZ6zzg3xHDCtYmmXpx6gAr3zVIaikojLuNfmTr7I89yWEc7SgHti/kRyFDoI4=; 3:nmzw1lZwlfPXrh0mMLCPAtasjcQWJb0Hc5er5pD/VryPXhEXEVZU61skJFFkaSInUSlak6nCYiedlctwHjqvaCr3GqcH4hot8mbTkURwEtRZCo4ZxDWNMnFJxetlKkhsCwmjxP2luXEtkFudogAyEBkW2jC5RqFyyodfJngGtcbwwJX0jYo8oFqA069ollJbgD8T4HzUSxW7obNOpeCN2JSvrR9tVEIVwzaUTk4eF54=; 25:xOLxptnKjaVhNqjn8jQg2q/M3zPEfdIzI7gwpnvAUTCkQRpmZ/u9gCy79YJ+PF+lJJpWE9+vyjiyUQUOUut9dI4sijMK8rhAhUEv5t0wUC6SB8q20H5lBsaPcoFbn6rCh4WTlYRZPP+TJUQgG2/NjdwIzkTwnc0NZw8CzIHnArWWYEfW0gjfoa5J9Wwt9tdnOukoxI0awTgqDZPSzRk6Dkl6FxcvO0psVTySwg72o0jBc6U8bMCMQNxebAQ3fTEpw5Oe3N11HbCrufejs8HUOg==
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN1PR05MB059;
X-Microsoft-Exchange-Diagnostics: 1; BN1PR05MB059; 20:7n6MQsXgIlsuORzkUJOYJgSb1MX4X2VBB1VmLh5YC6ZrGQJ+DjPzKQN6k6pEdAjZw/FAOVl+NmWBd/al4hl/SU6EVhf+jwBtBaVr0q1M+4+J+5frym0uP27qREnRN11PpEdK96v6lG/MGpWv3yBKHi3s0Mm78IPq1rVu1IlkI4rRdyn8fcqci6lvWMfwrBYENToXLhI3GZAU3qLGDYTfZ5qfEUxW/wY4Fqenu3Fa1mdf9lNWd6GSXBoZcYgiLgeouepr/Tn2idzo5VCRJScNi7jqAlUSTd+SHablcS8LTrp8B9XVzWrPGLfUtDNmGAuo2RFPy0guf8SaFDr2ZgvW2GPwL7Q0uVfPuz/KOTApSDd9R4O1gWa0x4HrCOEbyb7im7Z9JqPb3gCf2mrlNxslZHPCAySvTFoVUoEHLS5y8T4XgJNskVEGs8tJMvlT5eBnTpTMrwy7zB1Nl6YEFMhdOFkq9RmhEtYp2VPj9j2G/kIKs65jX06cozf4KNIhPI23; 4:Hxq/TLbOPkg3CWPK4y30tUVCtTHPuKegnu9yDMLFsHCYTC35ga0+tcbGpL0JNqLAjj96pEWom2UB6CXVQHGz+hefWSKQoXPlpo+0DbnpKjRRTGrmIGojQ36GzHVP+hcDlriTulZoZ1j49uLVJmwzWcBdQohwyCfEZH4TGnvEMt5RplIBrokcaa2IGjruxUq2mfBABM2eRjHgJRkmZdOKrsmmeRmrjQnxOOXcb7EbtlmGK3aBOiAx2wlYmgTZSE29O5UVSqUtW6RLEntLiRXb/4tewQgo6CSrHpvDPFoFVT4SQKNw9y22BBP7oVQ+ryLWZAYDT2FHNEmfL2smzbI5s97oMLVv2kIoEWEN1hDuS5g4px8mtgLEALQz02IjuVrn
X-Microsoft-Antispam-PRVS: <BN1PR05MB0599B5403AB1FBA9525737BBF170@BN1PR05MB059.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(65766998875637);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401047)(5005006)(520078)(8121501046)(10201501046)(3002001); SRVR:BN1PR05MB059; BCL:0; PCL:0; RULEID:; SRVR:BN1PR05MB059;
X-Forefront-PRVS: 0753EA505A
X-Microsoft-Exchange-Diagnostics: 1; BN1PR05MB059; 23:oIvwNRwOVkS2r46dWSaxNH0ucXK5QqlhFWvMAK7Tc9wI/sag1BIaG6DhU+UXZJ4y9RN+NVFZkLB7VTpdPaej3dwUk+dYbpVLaDAeuDPzLbUw7mkLFWqcLazEAOd2bgjc1/2PtCpBo+R1oZMO+6fbCrzlz9VD8fQ5ieJOL7jPZRWVPHOVMoCcDEq10ij2lS095sWwweSjcNudMl8F+xOUuYpbYpp/Rzj5VwGUSpWHjfPVPn1q5hJ8G3zXWGy+vZKDVF3affOf+6Qo/fYd6x64ZqDaUDzz+U0ARSzgoJIPEodK4P9ZfDh1L41arraTVAuZXof4UYMiX6MW+hf54vflRNOFCElJE0zozAltduMK9prejisQypj2aNxEg8iAnARlECjXqoaOWN3gw6R7WOFw17Q9Awec86RkshYRImiBu1Xl9/CphUsp/6yTSVsMQyxzBOLME74Ot5M9V0NybEYzQuoYC7vQbEPvnp45sIQmap4Aeiw3d3D1PxJIYPwvdiGfmP3P+hIkqScR20CJyldIRWQOf0zu/MX1lnVxWYuwGLdkn1K4kkctEPm0hj7ih7D6EETt86/g+DC843qVggxaEgrde74tMeTKWurmQGjZpwb99/dudYeMMLPhFHihZSUTTTw9r9cDla0A0x5N3qnWwSpRSnOKGlKenxIReE9sz4pihU0wpzm4tsawk2CRYptJ/V4j91KTPDUwvgDRtf52xKT37yhCosTusissLkaQB2aNRO+QMSNa+it+v2NiiFnLJINXlMRIDnKHr+c7BDzO5tnG7ZY9R8I6j/z7oDOjoMQgtVeeMOoF44DGMsb/B2l3KsLD4I75ii1KheGJkXFfOimWC0WUzeVVyQhfwQeMb+P0fGu6fvNHSXa5dXoGZCIvd1PuWRjNIx3TneJ0HsbIgV4CEzcgj62FwKjKVSVVsU369Q5ZqZT18bG8lsvjSPVSJUQaOW0crFD2z2OQVb/vUJVL1weHazwXau1I6+V5SJEmIZsQ5JF48r1EQnoNf/AFFWvZL8KHmleK61qcq/2azv+mdJmmILaJa4ipcRvxJhE4FeOs5+qoXIJeHgjr4RpL00Glc3jsIJWLh+qEjYn9JbCASgwgI4KXzHU7AvR22u0=
X-Microsoft-Exchange-Diagnostics: 1; BN1PR05MB059; 5:eqyO6L89wehxmMKYSAc4vBFZxob7GITWS8/dsRkE7s7VJpypspFds6YbS1QBPVfGMem2gulRWJfOX/bvfHOXeYiXunxW8ZQwy5+vSoqD30Wz91kR3TRLUxgjr398myRpahdtGMReYBCyG1afW2b21A==; 24:VHm5dBmlXFLLfPIcZYHcaRNJBcuIIb3Lav3lYclXw0gV4VdPVOBlRHldmlvkkVBUpSlcr2lrfLdbsQYqcR+ziGp+KKAd0hFZZQA53g1nBeQ=; 20:zK8qHKoOHJhcsuGI0zmh/gvfTjrq6FjTdiYao+hbRul+8HbNpTkicaEFvp8YMUWAffnKZ7nbzPYdrpfVFjCkgA==
SpamDiagnosticOutput: 1:23
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Nov 2015 19:32:53.4520 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.17]; Helo=[p-emfe01a-sac.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1PR05MB059
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
Jeffrey Hutzelman <jhutz@cmu.edu> writes: > On Sat, 2015-11-07 at 03:33 +0000, denis bider wrote: > > > It is a fairly substantial problem that most dynamically generated > > groups aren't usable with our FIPS module. > > What's broken about the groups that don't work? The root case is the selection of the generator g in RFC 4419 is not sufficient to meet FIPS requirements. Start here: http://dx.doi.org/10.6028/NIST.SP.800-56Ar2 in section 5.6.2.3.1 "FFC Full Public-Key Validation Routine" you will see the tests that must be run during DH negotiation. Given the public value y sent from the client, validate 2 <= y <= p-2 and 1=y^q mod p. Of course, if a generator g has been selected incorrectly, then the public key y will not have the correct order and will therefore have the incorrect subgroup. So, we really need to take a look at how g is to be selected. This is specified in section 5.5.1.1 "FFC Domain Parameter Generation" which in turn specified "FFC Domain parameters shall be generated using a method specified in [FIPS 186]," and so we move to the latest FIPS 186 here: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf Read section A.2 and note that a simple test for g is 2 <= g <= (p-1) g^q = 1 mod p The above two tests are mandatory in FIPS approved diffie-hellman. For non-FIPS users, a g which is not a valid generator means that the g^(ab) operation may be leaking one bit of the key (ab). You may wish to read the thread here: https://lists.mindrot.org/pipermail/openssh-unix-dev/2015-June/034060.html For our implementation of the /etc/moduli file, * find prime candidates p and q where q=(p-1)/2 * (because we are not sure if all RFC 4419 implementations will accept a generator g which is not either g=2 or g=5), check g=2 and g=5 using the steps in A.2.2 "Assurance of the Validity of the Generator g" - if g=2 or g=5 meets the PARTIALLY VALID test, then use Elliptic Curve Primality Proving to validate that both p and q are provably prime rather than just probably prime. (The use of ECPP is not required, but does not hurt.) else throw away p and q and start over. If we were guaranteed that all RFC 4419 implementations were able to accept any small prime for g, then we could walk up the list of primes until we found one that meets the PARTIALLY VALID test. However, that might also be very slow for some embedded ssh processors to implement, so choosing a g=2 is a good idea in any case. * an alternative would be to populate the /etc/moduli file for RFC 4419 with the MODP groups that are well constructed for generating q=(p-1)/2 So, adding RFC 3526 group15 (3072-bit MODP Group) and/or group16 (4096-bit MODP Group)... I do not see a good reason to add group17 (6144-bit MODP Group), but do it if you wish. Because the SSH server is the one who provides the g and p values, if it is using valid RFC 4419 moduli, the client will just work. If the SSH server is NOT FIPS-compliant, then if the SSH client implements the older test like A.2 where the provided g^x=1 (mod p) test which was in older of testing the 'random' value of x as being one that lets the g^(xy) = 1 (mod p) have a 50% of being wrong as the y^q mod p operation will return either 1 or p-1 and all of the p-1 values are wrong for FIPS. I hope that you find this information useful. ----------%<----------%<----------%<----------%<----------%<---------- From: "Roginsky, Allen" <allen.roginsky at nist.gov> Subject: RE: Question on SP 800-56A rev2 The reason the y^q=1 (mod p) tests exists is to verify that y is in the required subgroup. In general, for any y mutually prime with p, it is true that y^(p-1) = 1 mod p. (The Fermat's Little Theorem.) Of course, when taking an arbitrary y into the power smaller than (p-1) the above equality does not necessarily hold. Suppose, however, that y is a generator of a cyclic subgroup that has q elements. This is subgroup of a larger group that has (p-1) elements; (p-1) is a multiple of q). The way y was selected was by taking an arbitrary number w into the power of (p-1)/q mod p (to be sure that it is in the subgroup of order q) and checking that the result is not 1 (mod p) (otherwise, it is in the right subgroup but is a unit element there - not a useful case.) Now, to test that y is in a subgroup of order q one has to check that y^q = 1 mod p. This would indeed hold if, as designed, y=w^(p-1)/q) mod p and therefore, y^q = [w^(p-1)/q]^q ] = w^(p-1) = 1 mod p. This is why this test (y^q = 1 mod p) exists in FIPS 186-4. \ My guess is that the value of 5 in your vendor's example, does not satisfy this test, so it is not a generator of a subgroup of order q. This value 5 could not have then been generated using w^[(p-1)q] (mod p) method. I do not know why some other standards appear to impose the additional requirements on g. To find a generator of the entire cyclic group of the order of (p-1) one usually has to make many tries, so some specific methods or restrictions may apply there, but any g not equal to 1 and such that g = w^[(p-1)q] (mod p) is good to be a generator of the smaller subgroup (size q), as far as I can tell. Please do not hesitate to call me or let your vendor call if they have any additional questions. Regards, Allen ----------%<----------%<----------%<----------%<----------%<----------
- Re: DH group exchange (Re: SSH key algorithm upda… Jeffrey Hutzelman
- DH group exchange (Re: SSH key algorithm updates) denis bider
- Re: DH group exchange (Re: SSH key algorithm upda… denis bider
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… denis bider
- RE: DH group exchange (Re: SSH key algorithm upda… Peter Gutmann
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- RE: DH group exchange (Re: SSH key algorithm upda… Peter Gutmann
- RE: DH group exchange (Re: SSH key algorithm upda… Peter Gutmann
- Re: DH group exchange (Re: SSH key algorithm upda… denis bider
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- RE: DH group exchange (Re: SSH key algorithm upda… Peter Gutmann
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- RE: DH group exchange (Re: SSH key algorithm upda… Peter Gutmann
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- Re: DH group exchange (Re: SSH key algorithm upda… Damien Miller
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… denis bider
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… Darren Tucker
- Re: DH group exchange (Re: SSH key algorithm upda… Matt Johnston
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- RE: DH group exchange (Re: SSH key algorithm upda… Peter Gutmann
- Re: DH group exchange (Re: SSH key algorithm upda… Darren Tucker