Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)
"Mark D. Baushke" <mdb@juniper.net> Wed, 10 February 2016 17:24 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 560851B2D70 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Wed, 10 Feb 2016 09:24:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FuYdIdaBZIOO for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Wed, 10 Feb 2016 09:24:48 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:470:a085:999::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5050E1B2D6D for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Wed, 10 Feb 2016 09:24:48 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id E8BBC85F0D; Wed, 10 Feb 2016 17:24:46 +0000 (UTC)
Delivered-To: ietf-ssh@NetBSD.org
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 5ACDA85EBA for <ietf-ssh@NetBSD.org>; Wed, 10 Feb 2016 17:24:40 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id VkJG6OCporeC for <ietf-ssh@netbsd.org>; Wed, 10 Feb 2016 17:24:39 +0000 (UTC)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0789.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc09::789]) by mail.netbsd.org (Postfix) with ESMTP id 1C6AA84CF5 for <ietf-ssh@NetBSD.org>; Wed, 10 Feb 2016 17:24:34 +0000 (UTC)
Received: from SN1PR05CA0027.namprd05.prod.outlook.com (10.163.68.165) by BN1PR05MB060.namprd05.prod.outlook.com (10.255.202.153) with Microsoft SMTP Server (TLS) id 15.1.403.16; Wed, 10 Feb 2016 17:24:32 +0000
Received: from BY2FFO11FD037.protection.gbl (2a01:111:f400:7c0c::104) by SN1PR05CA0027.outlook.office365.com (2a01:111:e400:5197::37) with Microsoft SMTP Server (TLS) id 15.1.403.16 via Frontend Transport; Wed, 10 Feb 2016 17:24:32 +0000
Authentication-Results: spf=softfail (sender IP is 66.129.239.18) smtp.mailfrom=juniper.net; cs.auckland.ac.nz; dkim=none (message not signed) header.d=none;cs.auckland.ac.nz; dmarc=none action=none header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.18 as permitted sender)
Received: from p-emfe01a-sac.jnpr.net (66.129.239.18) by BY2FFO11FD037.mail.protection.outlook.com (10.1.14.222) with Microsoft SMTP Server (TLS) id 15.1.409.7 via Frontend Transport; Wed, 10 Feb 2016 17:24:31 +0000
Received: from magenta.juniper.net (172.17.27.123) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Wed, 10 Feb 2016 09:24:29 -0800
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by magenta.juniper.net (8.11.3/8.11.3) with ESMTP id u1AHOQD24444; Wed, 10 Feb 2016 09:24:27 -0800 (PST) (envelope-from mdb@juniper.net)
Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id 3FBC111454; Wed, 10 Feb 2016 09:24:26 -0800 (PST)
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
CC: "ietf-ssh@NetBSD.org" <ietf-ssh@NetBSD.org>
Subject: Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4BEC444@uxcn10-5.UoA.auckland.ac.nz>
References: <9A043F3CF02CD34C8E74AC1594475C73F4BEC444@uxcn10-5.UoA.auckland.ac.nz>
Comments: In-reply-to: Peter Gutmann <pgut001@cs.auckland.ac.nz> message dated "Wed, 10 Feb 2016 08:22:32 +0000."
From: "Mark D. Baushke" <mdb@juniper.net>
X-Phone: +1 408 745-2952 (Office)
X-Mailer: MH-E 8.6; nmh 1.2; GNU Emacs 24.3.1
X-Face: #8D_6URD2G%vC.hzU<dI&#Y9szHj$'mGtUq&d=rXy^L$-=G_-LmZ^5!Fszk:yXZp$k\nTF? 8Up0!v/%1Q[(d?ES0mQW8dRCXi18gK)luJu)loHk, }4{Vi`yX?p?crF5o:LL{6#eiO:(E:YMxLXULB k|'a*EjN.B&L+[J!PhJ*aX0n:5/
Date: Wed, 10 Feb 2016 09:24:26 -0800
Message-ID: <86698.1455125066@eng-mail01.juniper.net>
MIME-Version: 1.0
Content-Type: text/plain
X-EOPAttributedMessage: 0
X-Microsoft-Exchange-Diagnostics: 1; BY2FFO11FD037; 1:pmNkj9liZVgPGfz+3++1sQrNAR3TktzUhsJ76GuB2tgaIZYKZHkoTROY8y8TxLzPSiN2dnosjrYOkFBHRZFr3N1nrWFsDK5HiOrXAXZCMH6AQ70J7nQoClCOVAK1yjhHGZWVnFfjURveYmizVAQswxK7lLwQ7FO6fFZYExD1B4hBNVu7zGn63zSjhYv1e89+Z+ra7hO98qisAp8subhY2S6XMZVf1CX5cxWBAzQXFIpfVl/gwxCtT61KvGBucH8E0F1EwTtPQjeZp0MZTR7BUPE5eeg8WSIqX+wBRHebDCCwssv4Mg57d5mXAo7xzlkbufRREGFM5CNbwd1kSHshfr92BorsJF8FzRF336yxpOd6RVH5JhlvFO6qSeLHYAf6TcXB8lP/lpyr0IwgaBJ0VQ==
X-Forefront-Antispam-Report: CIP:66.129.239.18; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(2980300002)(199003)(164054003)(189002)(5003600100002)(6806005)(4326007)(110136002)(586003)(11100500001)(53416004)(2906002)(19580405001)(50226001)(1096002)(47776003)(86362001)(5001960100002)(76506005)(106466001)(50986999)(1220700001)(117636001)(76176999)(2950100001)(87936001)(50466002)(230783001)(5003940100001)(48376002)(189998001)(92566002)(15975445007)(105596002)(77096005)(2810700001)(19580395003)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN1PR05MB060; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; MLV:sfv; A:1; MX:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; BN1PR05MB060; 2:P2+y+T+4LRvQpkQBjAGkPqMgiJMVv0OW92atCowP+XNxyTKuY15cfu5WeoMiLNaNLf0JTvzgjp0V1cm0CRQ7RLLBGvpCOgor1gz3vR3I1iMran36WJo6AV2h98g4ArovgcYx84LloSym9QPTVH/pIg==; 3:4m7P4aeuo7tWVJ3hNtPbJnDsjlxyW1k3P1HXMM4gopoG95Akz7LZnkd06FdLmaBiv9Bt4qu54VdaLSKKgc1wruRVxLk/Ap4shtAhFp2LKcvHhIcaQ1jrH8ywqUUnE4EUFxNHd7JKE01RUkl0JqAMIAGvEzNa7RyAk+EKKLrgmAIQYiqnVThai+w349VjPkzbAkUEvWka9ElFumMJZVOPw4pZmd34o1b8fMbRL6nfsyU=; 25:fZQSRqAg1VFYWmvBaDmFs3LZgUoGoS3V5e453bEExCevta+WIPuJW8AxVRPpgJalH1ImsRFadZgM7+ozSFC3v+eZlfGyklYFeYiK4z7BPQfvTh0s9ttJ9VfR6rgd6cdm5UvAb5otT3oWhXl4J4PO04PJ8SCawf1qzKoKu6A1FmIGHN+L1u+JZFjoCJE/NtWGT3+H6Bc6doi+QULQMd5veuAmIgNTOzNjtlKZQvezL1gD1pKf+BGae04sA1fOxrf5sS3+3tqIqju605JpnfTTucjo7T0v10FfLjy4OaUB5R5S6iKqDZpx908KvR012pRd
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN1PR05MB060;
X-MS-Office365-Filtering-Correlation-Id: 6058f879-f49f-4f48-cd20-08d3323f098f
X-Microsoft-Exchange-Diagnostics: 1; BN1PR05MB060; 20:odOrZqhr92CCjncRo0EkyR9v3A+zqI4moUTUKgej4/0bGWlYGBijTh5izzq9TLqNaianW1stVxreGMOO7NIN2H/GuxYw2UZkR5wr+OQ/g03xJJI/nNypBIDdzSxKp3fm6s1yzIB4Un6E70NlGD6Ak6k/uJgRwwKyWToa2Ee85hVCNnhDb83y3QDxU+uY/hX0pi9LtOZ+cdBuc2Ch0zc2lsEwQAeZlZo6BAWES3ZAo68jCcP/+xgRHjtvokovJ5yBibo2uQtp2yX+kYWPAdSjHPBILCI5m3wUiJjwoDI2D9tuleRZ/tLvb72sl4zyGVbLOQgRPwLDh3LnWg2+v8O8ysBIa3Of56BoKefSGSMmmIEn1r0l2VgTgjDabtWIOsQ7p3PT5WkU03kgKhMsMatdHMYsKeQb/jJW1sbC+a39N8w+8oI4j6vxI2yjo/4CFHQwNBj0zVG3VsnBNzYJ3U5U/kguHhTHzB1sZ1ErDiFbuJz5rgobjHhurCV9fVFX6Akl
X-Microsoft-Antispam-PRVS: <BN1PR05MB060835DE04EC07D8FE75611BFD70@BN1PR05MB060.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401047)(13017025)(13024025)(5005006)(8121501046)(13018025)(13023025)(13015025)(10201501046)(3002001); SRVR:BN1PR05MB060; BCL:0; PCL:0; RULEID:; SRVR:BN1PR05MB060;
X-Microsoft-Exchange-Diagnostics: 1; BN1PR05MB060; 4:3dI9ayEskbQFw6HYjUA6oOyOLPcS4C3ib7WDrcugb6mK5iX26FPDAnHUeFnvWc3Xai81wzr++++FukM1DhVgu8DjM0dMoM2XruXW0A+RztG5n5/1e55QcAddleYZwBPM6ZO30TyAb7FwKgfarlikbWc082QJiIWQrOwsYX4uLAJAGGuecxpEb9Nug25WSscGuKFp0pO7tV7iuw2Svdi6Wz9rQsUzgcJbls8izlD7lasFPwe5fNMNJ3t5ml50C4+mJnVbm8p4mWl7jkEp7BgXCCaD3ve+f7p/JRe917JOf0cjTiCmuq7iT30lID429YLYnduLwUeX4/9voFQRVXfBiRg2GEdhl79nPkpOa96yi5oAG9K9pNk1q5o8uDK/i0ziYsc1zuzo30w2jS6LZ78eJ9ghY/Dg2AJ294aKOgASzVQ/ujhWg5U1cLDrSFvtidV9YAoMdydxXtYMnNXdGh5rsg==
X-Forefront-PRVS: 0848C1A6AA
X-Microsoft-Exchange-Diagnostics: 1; BN1PR05MB060; 23:ldmqdXhRPD80VW6//Uw4e92g7oiocN5orqPl00WhmkctS5r53AFCIDRYi/vklBLBRDNeRB68CFK9yZbC8DrCFmE9XHOIo9nJ+gcJs2ORKsg6AKJOQZI+zENL0wdqstMyydMBky5GuEmuz4NvqU+87V3RijhZ4dvrjldgJief7afej3XIiVf857pYswSiZCWXTnyeQQr0mohcsYwySzS4ivtnQyXSDSP6rgVO2Ofnae+EOPtlmXGNYvwB3bl615aYRE6AXDUqYEftcfo6QQpRZys0L4gOPu6O3y7JfRuAAOD1DzBOjm7yZQ6KBq0iIlF+hhLMDseO0Dt+OXcskjJa0y3KN8fkbcfELQlO+9oReP+ENIpdHZxWWe4PBCMLYz5sjio4vY1RJHuRjsbFS2uFIZrRE2xAjCp6cr2AITbo9pOevyOg31d5lHB3/188cyiy/ASIAbEZokVdz1DwLDKFRKYqo0XQyl/rT+bR5U6kKBy8Fb4s7j2gMwvtlYxEhpFboxchA8eZIWoVA1Fr5J6CoWoDv4T058hUliiA3HP7pwswwb5kYfpB3vxoHVKc54+gOyHowxi4iR/NYrzp2+dnbRy7CXbhZBm+L3rXpqFmXKWY2Qt8uCHzavhZ4qMEz/yqVsi9qWuI1hgDIv22+ej3Gz6OZOqfkUJRbdNwguCGsLIxPFlWq6bNXFs5A56vWTju/IQQAm26fECSzoAUPw/LtUnVe1gKtiKzX2YWu50gfNGJZ/qZjJV2pJz7uch20bOYwfInwlZT7XTU8ASyovcWIGnYgMEom0Ckli1Jwjnlu5QR4lxoKDNh4FhJuTdVM+o0AqTrHG0PohyL6MSb20PyzJ8ERPrSlX8OVSQDNrWCkNJL6rvhlJy++NBpASB7+SsDWh21RpkO03lgkfygVoMygEogQcr4cbUmCnGsDLyFfECKOiu+/c3JeDVmo/64lgZfA0oJgV8WIYsYYf7RY7ajOhxmPcai0dBnZy61vpaZZVh4cX/FVsdEYtNYcA6fm/SvpFNLMPGl/QRxV6VL7NJS+XPfUY8+4VqL8S9OFz7EZi0=
X-Microsoft-Exchange-Diagnostics: 1; BN1PR05MB060; 5:Gp0uQKsQrAFBXmMa44kr71rBtjP5/JhJesFTDwCMQRy3b8UROLGJYRd4r/5+ykZN5rTaidrH3NQ2+WVx0MRqd2PUooBgpD5Dwr2tSD6tbLjWjDWHG2raeoea83NRkan8HFj9K3d+5Sa0R8d9hW9u7g==; 24:lzEV2UZkTVbKFKnroqr1d6wNbQ2rB+K4Tn4Sf/Lukzx206tYAtHgjutddB65O0lnOSpAJc2fXKfkbv6VyiOOLSxWexKcs+1U0zTLXdMPFWw=
SpamDiagnosticOutput: 1:23
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Feb 2016 17:24:31.1779 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.18]; Helo=[p-emfe01a-sac.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1PR05MB060
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
Peter Gutmann <pgut001@cs.auckland.ac.nz> writes: > Damien Miller <djm@mindrot.org> writes: > > >So my recommendation would be: > > > >diffie-hellman-group1-sha1 NOT RECOMMENDED > >diffie-hellman-group14-sha256 RECOMMENDED > >diffie-hellman-group16-sha512 RECOMMENDED > >diffie-hellman-group18-sha512 OPTIONAL > > > >(but 16+256 & 18+512 would be fine too) > > From an embedded perspective (which is what triggered this late reply) I'd > prefer the -256's over the -512's, the less extra huge hash functions I have > to include code for the better. I'd also like to see SHA-1 just die, there's > no reason to specify it in a new spec published in 2016. Having said that I > realise that there are other profiles that still specify SHA-1, but then I'd > like to at least see the wording given as "SHOULD NOT" rather than "NOT > RECOMMENDED". The latter is for restaurants, not security-critical > infrastructure components. RFC2119 says that "SHOULD NOT" and "NOT RECOMMENDED" have the same meaning. To make it stronger would mean moving to "MUST NOT" instead. Today diffie-hellman-group1-sha1 is "REQUIRED" so I only moved to "NOT RECOMMENDED/SHOULD NOT" are you suggesting a need to move to "MUST NOT" here? Today diffie-hellman-group14-sha1 is "REQUIRED" and is not mentioned. Do you believe that we should change that one to "OPTIONAL/MAY" and select a new "REQUIRED" key exchange to avoid SHA-1? If so, which one should now be "REQUIRED" ? > In fact same with RECOMMENDED and OPTIONAL, what's wrong with SHOULD > and MAY? Nothing is wrong with SHOULD or MAY. Per RFC2119: * "RECOMMENDED" and "SHOULD" are equivalent * "OPTIONAL" and "MAY" are equivalent * "MUST" and "REQUIRED" are equivalent > Those are more widely-used in standards. I have seen the terms used interchangeably per RFC2119. > In particular I'd like to be able to point to SHA-1 as SHOULD NOT > (which is pretty unambiguous) rather than NOT RECOMMENDED, which seems > to say that people can keep on using it for as long as they like. The terms are supposed to be understood in the context of RFC2119. Are you speaking of the use of SHA-1 in key exchange only? There is diffie-hellman-group-exchange-sha1 in RFC4419 which also uses SHA-1. I presume it is currently an OPTIONAL key exchange. Should we be moving it to a MUST NOT now too? I have no strong preference for which of the equivalent terms are used if it helps make the point better. Does it really make the point better? > It'd also be good to include a note, where the groups are defined not > down in the security considerations, saying that the SHA-1 option is > provided for backwards compatibility, shouldn't be used in new > designs, and should be phased out of existing ones as quickly as > possible because it's not secure. The concern for SHA-1 is specified in the Overview nd Rationale as well as in the Security Considerations section. Where do you feel it should be noted in addition to those two locations? > The danger here is is illustrated by the TLS 1.2 RFC: ...elided... Yes, I think we are currently trying to do the right thing with the Secure Shell requirements. I suspect we really do need to have at least one REQUIRED key exchange mechanism that is common before and after these drafts are published. Otherwise, we probably need to bump to SSHv3 if we are going to get rid of all of the MUST NOT algorithms. Are there any additional thoughts for this draft? Is it desirable to list out all of the Key Exchange Method names in the https://www.ietf.org/assignments/ssh-parameters/ssh-parameters.xml table and their new state? Key Exchange Method Names Method Name Reference Note diffie-hellman-group-exchange-sha1 RFC4419 MUST NOT diffie-hellman-group-exchange-sha256 RFC4419 MAY diffie-hellman-group1-sha1 RFC4253 MUST NOT diffie-hellman-group14-sha1 RFC4253 MAY ecdh-sha2-nistp256 RFC5656 MUST ecdh-sha2-nistp384 RFC5656 MUST ecdh-sha2-nistp521 RFC5656 MUST ecdh-sha2-* RFC5656 Other curves are possible? ecmqv-sha2 RFC5656 MAY gss-gex-sha1-* RFC4462 MUST NOT gss-group1-sha1-* RFC4462 MUST NOT gss-group14-sha1-* RFC4462 MUST NOT gss-* RFC4462 MAY rsa1024-sha1 RFC4432 MUST NOT rsa2048-sha256 RFC4432 MAY diffie-hellman-group14-sha256 This Draft MAY diffie-hellman-group15-sha256 This Draft MUST diffie-hellman-group16-sha512 This Draft SHOULD diffie-hellman-group17-sha512 This Draft MAY diffie-hellman-group18-sha512 This Draft MAY Above I have moved all of the *sha1* exchange methods to MUST NOT with the exception of diffie-hellman-group14-sha1. Should that one also be moved to MUST NOT too? If we want to fix RFC4419 to pass q in addition to g,p so that we are able to use Lim/Lee primes for q and allow for run-time checking of a g being a generator of the q-ordered subgroup, does that need to be rolled into this draft too? What do we want to call this option for negotiation? Additional comments solicited on these topics. Thanks, -- Mark
- draft-baushke-ssh-dh-group-sha2-01 (was Re: DH gr… Mark D. Baushke
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Stephen Farrell
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… IWAMOTO Kouichi
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Damien Miller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Niels Möller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
- RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
- RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Niels Möller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Damien Miller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Damien Miller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Damien Miller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Niels Möller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Niels Möller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Damien Miller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Simon Josefsson