Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)
"Mark D. Baushke" <mdb@juniper.net> Fri, 12 February 2016 07:50 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33EAC1B413E for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Thu, 11 Feb 2016 23:50:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ja__P-RM7RV3 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Thu, 11 Feb 2016 23:50:02 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:470:a085:999::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C1B81B413F for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Thu, 11 Feb 2016 23:50:01 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id 375A485EE1; Fri, 12 Feb 2016 07:49:59 +0000 (UTC)
Delivered-To: ietf-ssh@NetBSD.org
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id B69B385E70 for <ietf-ssh@NetBSD.org>; Fri, 12 Feb 2016 07:49:55 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id 2F0af_LhCMnJ for <ietf-ssh@netbsd.org>; Fri, 12 Feb 2016 07:49:55 +0000 (UTC)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0735.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc09::735]) by mail.netbsd.org (Postfix) with ESMTP id 1FCD485DFE for <ietf-ssh@NetBSD.org>; Fri, 12 Feb 2016 07:49:51 +0000 (UTC)
Received: from BLUPR05CA0043.namprd05.prod.outlook.com (10.141.20.13) by BN1PR05MB057.namprd05.prod.outlook.com (10.255.202.139) with Microsoft SMTP Server (TLS) id 15.1.396.15; Fri, 12 Feb 2016 07:49:48 +0000
Received: from BL2FFO11FD018.protection.gbl (2a01:111:f400:7c09::111) by BLUPR05CA0043.outlook.office365.com (2a01:111:e400:855::13) with Microsoft SMTP Server (TLS) id 15.1.409.15 via Frontend Transport; Fri, 12 Feb 2016 07:49:49 +0000
Authentication-Results: spf=softfail (sender IP is 66.129.239.18) smtp.mailfrom=juniper.net; cs.auckland.ac.nz; dkim=none (message not signed) header.d=none;cs.auckland.ac.nz; dmarc=none action=none header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.18 as permitted sender)
Received: from p-emfe01a-sac.jnpr.net (66.129.239.18) by BL2FFO11FD018.mail.protection.outlook.com (10.173.161.36) with Microsoft SMTP Server (TLS) id 15.1.415.6 via Frontend Transport; Fri, 12 Feb 2016 07:49:48 +0000
Received: from magenta.juniper.net (172.17.27.123) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Thu, 11 Feb 2016 23:49:44 -0800
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by magenta.juniper.net (8.11.3/8.11.3) with ESMTP id u1C7nhD92674; Thu, 11 Feb 2016 23:49:43 -0800 (PST) (envelope-from mdb@juniper.net)
Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id 380E911821; Thu, 11 Feb 2016 23:49:42 -0800 (PST)
To: denis bider <ietf-ssh3@denisbider.com>
CC: Peter Gutmann <pgut001@cs.auckland.ac.nz>, ietf-ssh@NetBSD.org
Subject: Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)
In-Reply-To: <99035674-2196@skroderider.denisbider.com>
References: <99035674-2196@skroderider.denisbider.com>
Comments: In-reply-to: denis bider <ietf-ssh3@denisbider.com> message dated "Fri, 12 Feb 2016 07:22:53 +0000."
From: "Mark D. Baushke" <mdb@juniper.net>
Date: Thu, 11 Feb 2016 23:49:42 -0800
Message-ID: <24239.1455263382@eng-mail01.juniper.net>
MIME-Version: 1.0
Content-Type: text/plain
X-EOPAttributedMessage: 0
X-Microsoft-Exchange-Diagnostics: 1; BL2FFO11FD018; 1:WEncRB6xIILofmURDslEz2upeYvohsoDYp6DHO7EG69Z7mO2/XR40NnGYoOlv3lASkWR1zxfoYM2Mrl8q6gLswbQz+JWMh+C6qnz4jZPOZjfTH01/q+R1V0so8mLC0P/LO5/n6k0PJNvEzqe2asLrQd5QJvN0ivBEDbPV24va32G355jhVcyXlX17b2mybRIePZ4QXZ7hRhxOx8QOBBB6zoUyughEeXRjAYJtWXx73yWAjW1ItAn+KWVPXR94I4hawTbGN63cuyMJ57ucmnSizd1KAt6JSimMgaWz23uDYQCmy0Pbwr59JxQUk1xdquDWnlGmw9Q2YYD9X69IxWcwwLytyAzv2ExFJoKFAMjVUZqYd1DjMwtp3gM1avGVy8J5Ub4+/ibptEfQ8g1aNh4vR77ajGdB19NhiFLeNogUnU=
X-Forefront-Antispam-Report: CIP:66.129.239.18; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(2980300002)(199003)(189002)(51744003)(87936001)(77096005)(15975445007)(5003600100002)(189998001)(53416004)(86362001)(47776003)(2950100001)(110136002)(5001960100002)(117636001)(586003)(1096002)(5003940100001)(1220700001)(4326007)(2906002)(2810700001)(19580395003)(50466002)(48376002)(230783001)(92566002)(6806005)(54356999)(76176999)(105596002)(106466001)(76506005)(50986999)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN1PR05MB057; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; MLV:sfv; A:1; MX:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; BN1PR05MB057; 2:ymL//J/AHOM2CdAdo6ZSVRHt/lRktJp2IIiY6h0qJE0ZSJwb1MQhLj6d1fVjC1qrTFAtxi9JBoruLVz30UkGoHxJ/jRdsBLl2zVPK8ZEdeXXXKOfvwrUgEN8bbQwWFMnCPm1hmRovoBMx6lKepRMJA==; 3:5Qeyurqk30TiV0dnJmO4o6OrieOvZEOAAhhuTir28IiKwo1AFHbia6d5Z9QD66TY3XfuTroTzF0maJ6AO898GU8RZ3UvGwhkqK7R1IPWiJzkAiNnSXj4nQI2/8LDgCabWNbT3qNkhAO2aW6e7Is2a3S9iif4cLxxc1me3Bp8SO2jolZFgGtActawFIHH1cKKBNUl2p+1czvvh7ZVnK6AfyBDxDAP0rg3Bc3p3pOQagc=; 25:yhQ+N5VR8/PzzzvW5dJaVtdarikN12BfjXoyxD53Q22z1P0mr5ry7SVP6hQ1BR6lK5M5uILLzqfl3QcChgy3YDQ/NnUE6QdI2sJdF8eNyRgOvgdEZE6fPSkkUe/ZzMpFGWouNs/CnOP28G2mgACrMV4kawHCNZD8qI8dvL1vMA3rwfeXv6hPEk2faiJzzkkrCf2yrRDiX7N44rWev2jiBfMkGOt6ve3IImpVhwHzH8h3awe73s98ErkMgLSQOUdr8IPijH4Q0OZUoIeFxckOUJ9taP1mYkOAWGR8YKhWjB/DYRIr5LTd8VUWXDRW0DLl
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN1PR05MB057;
X-MS-Office365-Filtering-Correlation-Id: 971a5dfd-5f8c-4c14-63c3-08d3338114e7
X-Microsoft-Exchange-Diagnostics: 1; BN1PR05MB057; 20:r6rDjdrc3FvZGOWabD96C+IXzKcmp/R0f/PpdmGxXiI7DEuBKH0xS5UhSmYRZUtkJYCS3BpHV7/LJYIQOhSBBrtIZErR5owZHrsZH7prj3+2tXUs0kmVyiftMZUWppkjqGqQD5dPzbJV1sMEr2wX3M51fCQerwUekfW2y6hcx2NhF2l1wa5LUuzkcJh3bIbYqR+ey++y5nSIy0Lxy06IZpPBvMBVE0nFM+uchQXP9ZLhQ5ZZ4We6T/FY+zPLwmPD756O+YKLHr7O1YSw3Mm0WRyMa5UH8vXZfjW0q2IXqYGTF8CFQzVaSgNRaQ9BEDDEPMIj6/XDl+BwFDMgsHQ9wu7if/QitXSbyPvmFj7X28hhU42wZz2RPYNUTD02yhBx1A+wk4WWda7uNrwyi2Ffmh2f9S8eTtsXZrquHXGigIDoSi0SFIqwT4Sfhj+Nhepsdcq1siqh0cjO0bqmb9XZ7qLk/F6poQqPiew+wot2TFJsPcePaDnRQuSbNAc/1pqR
X-Microsoft-Antispam-PRVS: <BN1PR05MB057E2498A37FA665F7B36CBBFA90@BN1PR05MB057.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401047)(13017025)(13018025)(8121501046)(5005006)(13023025)(13015025)(13024025)(10201501046)(3002001); SRVR:BN1PR05MB057; BCL:0; PCL:0; RULEID:; SRVR:BN1PR05MB057;
X-Microsoft-Exchange-Diagnostics: 1; BN1PR05MB057; 4:cJ8/Dvx1RaVHyS6XF579hxknRyAkKaHTQ/gFQCEi/clJEpPKrhgD2PWvKbn9POPME6oXsgH9ugA3Y8JSMm3SzLQelP1Lj00RdGGPRIW0BybsJySC1a7isKkJwsck8wNq7kqwF4RzIVaM98NQDNNEww0pKvjy/Y7kHMjulU61iBWgkCM72Eos+88f8l+85OepCt75jKM+jypN5RLVqI03XTfPcPliapmktfgjY/R0aVyQaDYyP+jwPOk56Uge9XqmB7RtyV8CKmEJL6l6poNHDS/xeb/Cq6KUfluRIAwTZTba1dLym4/+RdLv00PDXoeMV2d/A8S0uSTm8KAyNQfKStUAlOaCWiLb9e0ku7ToaTpMBYZENX20RniLhT0pa924QPNFLvBnzVV/Cxo+d1OlxZLivO7wb+t2d5mfI0VWNKsLcD0DBBnnFVHo2phCEEuJSzj69zguA9YQZpokKhiCew==
X-Forefront-PRVS: 0850800A29
X-Microsoft-Exchange-Diagnostics: 1; BN1PR05MB057; 23:r4HLImRJcwhCP1iJFLKDo6d6AB+Z82wx/bwGnLLg74cZaEtTFLT0k9DaC7UVunbCkhSJhz5PT/Q3zhgr90TFVYelBPaphtKUF1y1yCAkTyx7jj0pdC0b9zNLhmUDxhmGcMb8JbT1+12GPzTffzUmRD/CaCVg4nWAUa9KFemJPh1Evq9Xxu0TZq7afq58o1aR8GDX6RX0nxjFkOJVCqHmJQOU8TV+k5RZPyEOJpr9j/Bx/jgNHEYxifcqs++rsq5dyqEdc8MuJ2KIqh9aGx9/PKBIOzC+ddg5Ee3RjAJe0ZqwcsESSPMLzbzhVH6xNCRfmHeb7j0DCy6JgPF/FSkfhrn5Rfrdqxm7FGYdStxBSTEGdl3ibBSCEu8zhTvZyBRBUlqWywGmJBQWquHpfChLvm9R+GkNaASHin0mfw2eVzPfo2QOZlBM/GihpLXF8Q3PfbiIwpJo9fezP1cbPdJaWmyqPQSMRK4dFR5ohD2nQCvHCs9rJ6pZqCD6s4e4ZwUUxEPzR0HtPkHp7VpikjgDybUCnqAJQ+7D+wKtfpgWMCha3W1rx7BiadOLlDKyW5ghc0PCc8oXiWi6vzLLm34G5J9UiyZgREh9MDchJUcUfwJqk7ieWH30ixsgEUPEjKEHKd6/qE1tcJIUsd0PpMADApmCf6QpWW2WCsLUhw8QtqhA+8ezLNFXNq0WFP5Udn/adXxOlSgAqDZ147I4vyIKRviQZENgzvlJKpuczaZah1UsXZpKgj1pzim3vrrkZHE/HaCbpR66NJmsg0NeKdmKiB0NQRf5DnygmkSyi1nekPp0mng6qwvXu30O3kKU5En7TrzNVctmFlI8DuAW4NdZZXd+6+W9d8vMud17FDwLfkodDzSEUB2OXBen6mrQ3D/m/PXEDf2B0HqNATHKWzgCfD6CsPOJVYqChjXUc9uSKvy4g458Dlsj/mF7zoJI4JP3vs6LvrtaxOOx5fLP2Nb3beBfMf4h4uexOpn9y4xdl0g=
X-Microsoft-Exchange-Diagnostics: 1; BN1PR05MB057; 5:MI7vMdxx0Hya3DjEI2H31p/7EiRQureFQfn2sI/8kYrmpVrRKqgxh3rNi9HHNOU9iaZge2WhpDX0DPwZQwIz6HY5ZbrIYEu/8Kf5cLWi6siRbXw7ai4XCX3vBOZ1m6XrdggOAV3d0CkVxiijCcbzCQ==; 24:/7CZSxp9RaggsDQVnPUVL0v/h8+FiAdHqneAXhsgQ8CnpAN39ilNWfI5Xs5D5gCi1l5GEql6IiZClCS99WJmpqE6d0x1fkK+p8GA0t7pZqM=
SpamDiagnosticOutput: 1:23
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Feb 2016 07:49:48.0134 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.18]; Helo=[p-emfe01a-sac.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1PR05MB057
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
Hi denis, Two questions: a) Should the draft list all of the Key Exchange Method Names in the https://www.ietf.org/assignments/ssh-parameters/ssh-parameters.xml table? If so, does the following capture the desired state? Key Exchange Method Name Reference Note diffie-hellman-group-exchange-sha1 RFC4419 NOT RECOMMENDED diffie-hellman-group-exchange-sha256 RFC4419 OPTIONAL diffie-hellman-group1-sha1 RFC4253 NOT RECOMMENDED diffie-hellman-group14-sha1 RFC4253 OPTIONAL ecdh-sha2-nistp256 RFC5656 REQUIRED ecdh-sha2-nistp384 RFC5656 REQUIRED ecdh-sha2-nistp521 RFC5656 REQUIRED ecdh-sha2-* RFC5656 OPTIONAL ecmqv-sha2 RFC5656 OPTIONAL gss-gex-sha1-* RFC4462 NOT RECOMMENDED gss-group1-sha1-* RFC4462 NOT RECOMMENDED gss-group14-sha1-* RFC4462 NOT RECOMMENDED gss-* RFC4462 OPTIONAL rsa1024-sha1 RFC4432 NOT RECOMMENDED rsa2048-sha256 RFC4432 OPTIONAL diffie-hellman-group14-sha256 This Draft OPTIONAL diffie-hellman-group15-sha256 This Draft REQUIRED diffie-hellman-group16-sha512 This Draft RECOMMENDED diffie-hellman-group17-sha512 This Draft OPTIONAL diffie-hellman-group18-sha512 This Draft OPTIONAL Note: I do not know of any rsa2048-sha256 implementations from RFC4432, I suspect at least someone is using it or it would not be in RFC4432, who is using it? A similar question for gss-* and RFC4462 comes to mind as well. b) Is it desirable to specify all of group 14, 15, 16, 17, and 18 as to the hashing algorithm to be used NOW? Or, is it better to drop 15 and 17 for now? If so, is it desirable for group14-sha256 to be REQUIRED, RECOMMENDED, or OPTIONAL ? diffie-hellman-group14-sha256 This Draft RECOMMENDED diffie-hellman-group16-sha512 This Draft RECOMMENDED diffie-hellman-group18-sha512 This Draft OPTIONAL Thank you for your consideration. -- Mark
- draft-baushke-ssh-dh-group-sha2-01 (was Re: DH gr… Mark D. Baushke
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Stephen Farrell
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… IWAMOTO Kouichi
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Damien Miller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Niels Möller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
- RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
- RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Niels Möller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Damien Miller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Damien Miller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Damien Miller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Niels Möller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Niels Möller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Damien Miller
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Simon Josefsson