IETF Logo Mail Archive

Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)

Simon Josefsson <simon@josefsson.org> Fri, 26 February 2016 05:47 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6912B1A1B28 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Thu, 25 Feb 2016 21:47:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.006] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VjHw38mZBb-B for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Thu, 25 Feb 2016 21:47:02 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:470:a085:999::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B069B1A1A91 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Thu, 25 Feb 2016 21:47:02 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id 2D6F185F25; Fri, 26 Feb 2016 05:47:02 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: by mail.netbsd.org (Postfix, from userid 1347) id D3D3585EC9; Fri, 26 Feb 2016 05:47:01 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id E6CBF85EE6 for <ietf-ssh@netbsd.org>; Thu, 25 Feb 2016 12:31:02 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id IO5e6ltmyqkq for <ietf-ssh@netbsd.org>; Thu, 25 Feb 2016 12:31:02 +0000 (UTC)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id BC40385E47 for <ietf-ssh@netbsd.org>; Thu, 25 Feb 2016 12:31:01 +0000 (UTC)
Received: from latte.josefsson.org ([155.4.17.2]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id u1PCUQxQ023265 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Thu, 25 Feb 2016 13:30:27 +0100
From: Simon Josefsson <simon@josefsson.org>
To: denis bider <ietf-ssh3@denisbider.com>
Cc: "Mark D. Baushke" <mdb@juniper.net>, Peter Gutmann <pgut001@cs.auckland.ac.nz>, Niels Möller <nisse@lysator.liu.se>, ietf-ssh@netbsd.org
Subject: Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)
References: <219217362-2196@skroderider.denisbider.com>
OpenPGP: id=54265E8C; url=http://josefsson.org/54265e8c.txt
X-Hashcash: 1:22:160225:ietf-ssh3@denisbider.com::w/YnJyUJyH63av6w:1ze
X-Hashcash: 1:22:160225:mdb@juniper.net::rDd750EjwBEisU2X:BwKr
X-Hashcash: 1:22:160225:nisse@lysator.liu.se::nAlZd6EEQMeKenl3:WLMD
X-Hashcash: 1:22:160225:pgut001@cs.auckland.ac.nz::mugST7CMYc62PVoo:B4l2
X-Hashcash: 1:22:160225:ietf-ssh@netbsd.org::nG1NI7BnuzMIPe3O:aP5i
Date: Thu, 25 Feb 2016 13:30:25 +0100
In-Reply-To: <219217362-2196@skroderider.denisbider.com> (denis bider's message of "Sat, 13 Feb 2016 17:49:04 +0000")
Message-ID: <87oab5t1jy.fsf@latte.josefsson.org>
User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/24.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
X-Virus-Scanned: clamav-milter 0.98.7 at duva.sjd.se
X-Virus-Status: Clean
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list

denis bider <ietf-ssh3@denisbider.com> writes:

> Comments:
>
>
> - If we're being comprehensive, we should include a position with
> regard to Curve25519 and Curve448:
>
> https://tools.ietf.org/html/draft-josefsson-ssh-curves-03
>
> I suggest we take the following positions:
>
> curve25519-sha256    SHOULD
> curve448-sha256      SHOULD, or MAY?
>
> That being said:
>
>
> - Given the recent NSA recommendations, it seems to me it would be
> prudent to update the Curve25519/Curve448 draft, and to replace the
> SHA-256 algorithm with SHA-512 for Curve448. This would create the
> method "curve448-sha512" instead of "curve448-sha256".
>
> Simon, what do you think? Could your draft be updated to do that?

Yes, that will be part of -04.  For what's it worth: I support
curve25519-sha256 as MUST and curve448-sha512 as MAY in
draft-baushke-ssh-dh-group-sha2.

/Simon

v2.23.0 | Report a Bug | By Email