Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 & draft-ietf-curdle-ssh-kex-sha2

"Mark D. Baushke" <mdb@juniper.net> Tue, 13 September 2016 19:23 UTC

Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.18 as permitted sender)
To: Damien Miller <djm@mindrot.org>
CC: Curdle <curdle@ietf.org>, IETF SSH <ietf-ssh@NetBSD.org>
Subject: Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 & draft-ietf-curdle-ssh-kex-sha2
In-Reply-To: <alpine.BSO.2.20.1609140340320.58455@natsu.mindrot.org>
References: <41049.1473653352@eng-mail01.juniper.net> <alpine.BSO.2.20.1609140340320.58455@natsu.mindrot.org>
Comments: In-reply-to: Damien Miller <djm@mindrot.org> message dated "Wed, 14 Sep 2016 03:47:20 +1000."
From: "Mark D. Baushke" <mdb@juniper.net>
Date: Tue, 13 Sep 2016 12:21:53 -0700
Message-ID: <38090.1473794513@eng-mail01.juniper.net>
MIME-Version: 1.0
Content-Type: text/plain
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Sep 2016 19:22:42.0553 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.18]; Helo=[p-emfe01a-sac.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0501MB1186
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list

Damien writes:

> Has anyone ever implemented this? AFAIK the motivation for this was
> MQV being included in NSA Suite B at the time, but it was subsequently
> dropped. IMO if nobody is using it then it should be recommended
> against. I.e. SHOULD NOT

Hmmm... ecmqv-sha2 is mentioned in defined in RFC 5656 and mentioned in
RFC 6187. I see a JIRA request to add it to MINA SSHD, but I am unaware of
any implementations of it. 

I have no problems moving ecmqv-sha2 to SHOULD NOT if no one has
implemented it. However, I guess I should ask that of the ietf-ssh list
first.

> > gss-group14-sha1-*                    RFC4462       SHOULD
> > gss-group14-sha256-*                  new-modp      SHOULD
> 
> IMO these two should be MAY. Most implementations don't support
> GSSAPI key exchange at all.

Perhaps I need a paragraph like this one:

     If GSS-API methods are available, then the RFC4462 REQUIRED
     gss-group14-sha1-* method SHOULD be retained for compatibility
     with older Secure Shell implementations and the
     gss-groups14-sha256-* method SHOULD be added as for "sha1".

	-- Mark

draft-ietf-curdle-ssh-modp-dh-sha2 & draft-ietf-c… Mark D. Baushke
[Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 & dra… Tero Kivinen
Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 &… Mark D. Baushke
Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 &… Mark D. Baushke
Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 &… denis bider (Bitvise)
Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 &… Mark D. Baushke
draft-ietf-curdle-ssh-modp-dh-sha2 & draft-ietf-c… Mark D. Baushke
Re: draft-ietf-curdle-ssh-modp-dh-sha2 & draft-ie… Damien Miller
Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 &… Mark D. Baushke
Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 &… Damien Miller
Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 &… Mark D. Baushke
Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 &… Tero Kivinen
Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 &… denis bider (Bitvise)