Re: draft-rsa-dsa-sha2-256 posted
Damien Miller <djm@mindrot.org> Tue, 03 November 2015 05:06 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B87A1B2E2D for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Mon, 2 Nov 2015 21:06:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ef4IRx9WNs-d for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Mon, 2 Nov 2015 21:06:49 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:4f8:3:7::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 641D21B2E04 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Mon, 2 Nov 2015 21:06:49 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id 8C9D514A301; Tue, 3 Nov 2015 05:06:48 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: by mail.netbsd.org (Postfix, from userid 1347) id 26CDF14A2F9; Tue, 3 Nov 2015 05:06:48 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 07F2E14A2FC for <ietf-ssh@netbsd.org>; Tue, 3 Nov 2015 00:08:01 +0000 (UTC)
X-Virus-Scanned: amavisd-new at NetBSD.org
Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id crx4vof0B3K5 for <ietf-ssh@netbsd.org>; Tue, 3 Nov 2015 00:08:00 +0000 (UTC)
Received: from newmailhub.uq.edu.au (mailhub1.soe.uq.edu.au [130.102.132.208]) by mail.netbsd.org (Postfix) with ESMTP id F162614A2E7 for <ietf-ssh@netbsd.org>; Tue, 3 Nov 2015 00:07:57 +0000 (UTC)
Received: from smtp2.soe.uq.edu.au (smtp2.soe.uq.edu.au [10.138.113.41]) by newmailhub.uq.edu.au (8.14.5/8.14.5) with ESMTP id tA2N59C0019454; Tue, 3 Nov 2015 09:05:10 +1000
Received: from mailhub.eait.uq.edu.au (holly.eait.uq.edu.au [130.102.79.58]) by smtp2.soe.uq.edu.au (8.14.5/8.14.5) with ESMTP id tA2N59nZ004950 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 3 Nov 2015 09:05:09 +1000
Received: from natsu.mindrot.org (natsu.mindrot.org [130.102.96.2]) by mailhub.eait.uq.edu.au (8.15.1/8.15.1) with ESMTP id tA2N4v22017740; Tue, 3 Nov 2015 09:04:58 +1000 (AEST)
Received: by natsu.mindrot.org (Postfix, from userid 1000) id 341E4A4F2F; Tue, 3 Nov 2015 10:05:06 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1]) by natsu.mindrot.org (Postfix) with ESMTP id 2F4EFA4F2E; Tue, 3 Nov 2015 10:05:06 +1100 (AEDT)
Date: Tue, 03 Nov 2015 10:05:06 +1100
From: Damien Miller <djm@mindrot.org>
To: denis bider <ietf-ssh3@denisbider.com>
cc: ietf-ssh@netbsd.org, jhutz@cmu.edu, nisse@lysator.liu.se, stephen.farrell@cs.tcd.ie, mdb@juniper.net, jon@siliconcircus.com
Subject: Re: draft-rsa-dsa-sha2-256 posted
In-Reply-To: <1565779757-2044@skroderider.denisbider.com>
Message-ID: <alpine.BSO.2.20.1511030957150.9984@natsu.mindrot.org>
References: <1565779757-2044@skroderider.denisbider.com>
User-Agent: Alpine 2.20 (BSO 67 2015-01-07)
MIME-Version: 1.0
Content-Type: multipart/mixed; BOUNDARY="27350351740928-879605546-1446505506=:9984"
X-Scanned-By: MIMEDefang 2.73 on UQ Mailhub
X-Scanned-By: MIMEDefang 2.75 on 130.102.79.58
X-UQ-FilterTime: 1446505513
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
Hi, Thanks for starting this discussion. I'm against further use of DSA. Its weaknesses are well documented and IMO we should deprecate it rather than attempting to renovate it. The bit in your draft about deterministic k is nice, but it's not a MUST and many developers will just do the expedient thing and use whatever their crypto library provides. You might want to specify rsa-sha512 too. -d On Mon, 2 Nov 2015, denis bider wrote: > I have posted the draft at IETF. Info here: > > > ----- Original Message ----- > > A new version of I-D, draft-rsa-dsa-sha2-256-00.txt > has been successfully submitted by Denis Bider and posted to the > IETF repository. > > Name: draft-rsa-dsa-sha2-256 > Revision: 00 > Title: Use of RSA and DSA Keys with SHA-2 256 in Secure Shell (SSH) > Document date: 2015-11-01 > Group: Individual Submission > Pages: 6 > URL: > https://www.ietf.org/internet-drafts/draft-rsa-dsa-sha2-256-00.txt > Status: https://datatracker.ietf.org/doc/draft-rsa-dsa-sha2-256/ > Htmlized: https://tools.ietf.org/html/draft-rsa-dsa-sha2-256-00 > > Abstract: > This memo defines algorithm names, public key formats, and signature > formats for use of RSA and DSA keys with SHA-2 256 for server and > client authentication in SSH connections. > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > >
- draft-rsa-dsa-sha2-256 posted denis bider
- Re: draft-rsa-dsa-sha2-256 posted Damien Miller