Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)

"Mark D. Baushke" <mdb@juniper.net> Wed, 27 January 2016 17:19 UTC

Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.18 as permitted sender)
To: ietf-ssh@NetBSD.org, Niels Möller <nisse@lysator.liu.se>, Damien Miller <djm@mindrot.org>, Peter Gutmann <pgut001@cs.auckland.ac.nz>, denis bider <ietf-ssh3@denisbider.com>, Jeffrey Hutzelman <jhutz@cmu.edu>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Jon Bright <jon@siliconcircus.com>, Simon Tatham <anakin@pobox.com>
Subject: Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)
In-Reply-To: <95389.1452676866@eng-mail01.juniper.net>
References: <95389.1452676866@eng-mail01.juniper.net>
Comments: In-reply-to: "Mark D. Baushke" <mdb@juniper.net> message dated "Wed, 13 Jan 2016 01:21:06 -0800."
From: "Mark D. Baushke" <mdb@juniper.net>
Date: Wed, 27 Jan 2016 09:19:24 -0800
Message-ID: <96437.1453915164@eng-mail01.juniper.net>
MIME-Version: 1.0
Content-Type: text/plain
SpamDiagnosticOutput: 1:23
SpamDiagnosticMetadata: NSPM
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Jan 2016 17:19:34.2031 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.18]; Helo=[p-emfe01a-sac.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0501MB1385
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list

Hi Folks,

> URL: https://datatracker.ietf.org/doc/draft-baushke-ssh-dh-group-sha2

I just noticed that the Information Assurance Directorate at the NSA has
a new article on 'CNSA Suite and Quantum Computing FAQ' ... their URL is

https://www.iad.gov/iad/library/ia-guidance/ia-solutions-for-classified/algorithm-guidance/cnsa-suite-and-quantum-computing-faq.cfm

Reading the document, they are mandating that NSS no longer use
Diffie-Hellman with 2048-bit keys instead they are suggesting
IETF RFC 3526 (Groups 15-18).

They are also no longer interested in using SHA-256 wanting SHA-384.

For folks interested in compliance with the CNSA Suite, does it make
sense for the baushke-ssh-dh-gorup-sha2 ID to be updated to specify
either SHA-384 (or possibly SHA-512)?

That is change from this:

   Key Exchange Method Name          Note
   diffie-hellman-group1-sha1        NOT RECOMMENDED
   diffie-hellman-group14-sha256     RECOMMENDED
   diffie-hellman-group15-sha256     RECOMMENDED
   diffie-hellman-group16-sha256     OPTIONAL

to this:

   Key Exchange Method Name          Note
   diffie-hellman-group1-sha1        NOT RECOMMENDED
   diffie-hellman-group14-sha256     RECOMMENDED
   diffie-hellman-group15-sha384     RECOMMENDED
   diffie-hellman-group16-sha384     OPTIONAL
   diffie-hellman-group17-sha512     OPTIONAL
   diffie-hellman-group18-sha512     OPTIONAL

I am suggesting sha512 for group17 and group18 as a minor bit of
future-proffing and/or performance trade-off for sha512 hardware
acceleration that may exist.

Comments please?

	-- Mark

draft-baushke-ssh-dh-group-sha2-01 (was Re: DH gr… Mark D. Baushke
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Stephen Farrell
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… IWAMOTO Kouichi
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Damien Miller
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Niels Möller
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Niels Möller
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Peter Gutmann
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Damien Miller
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Damien Miller
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Damien Miller
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Niels Möller
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Mark D. Baushke
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Niels Möller
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Damien Miller
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… denis bider
Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: D… Simon Josefsson