IETF Logo Mail Archive

Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)

denis bider <ietf-ssh3@denisbider.com> Fri, 29 January 2016 06:57 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E44D91A00F6 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Thu, 28 Jan 2016 22:57:22 -0800 (PST)
X-Quarantine-ID: <AsDI7upCMl53>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BAD HEADER SECTION, MIME error: error: part did not end with expected boundary; ; error: unexpected end of parts before epilogue
X-Spam-Flag: NO
X-Spam-Score: -1.601
X-Spam-Level:
X-Spam-Status: No, score=-1.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RP_MATCHES_RCVD=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AsDI7upCMl53 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Thu, 28 Jan 2016 22:57:21 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:470:a085:999::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E45FC1A00F4 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Thu, 28 Jan 2016 22:57:21 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id AD24D85EC2; Fri, 29 Jan 2016 06:57:20 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: by mail.netbsd.org (Postfix, from userid 1347) id 685B185E7C; Fri, 29 Jan 2016 06:57:20 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 3A1B885F1C for <ietf-ssh@NetBSD.org>; Wed, 27 Jan 2016 18:43:10 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id 0hWMfGGy-hmu for <ietf-ssh@netbsd.org>; Wed, 27 Jan 2016 18:43:09 +0000 (UTC)
Received: from skroderider.denisbider.com (skroderider.denisbider.com [50.18.172.175]) (using TLSv1.1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id 8CE3085DFD for <ietf-ssh@NetBSD.org>; Wed, 27 Jan 2016 18:43:09 +0000 (UTC)
X-Footer: ZGVuaXNiaWRlci5jb20=
Received: from localhost ([127.0.0.1]) by skroderider.denisbider.com for ietf-ssh@NetBSD.org; Wed, 27 Jan 2016 18:43:08 +0000
Date: Wed, 27 Jan 2016 18:43:08 +0000
Subject: Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)
X-User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
Message-ID: <1176559322-1224@skroderider.denisbider.com>
X-Priority: 3
Importance: Normal
MIME-Version: 1.0
From: denis bider <ietf-ssh3@denisbider.com>
To: ietf-ssh@NetBSD.org, NielsMöller <nisse@lysator.liu.se>, Damien Miller <djm@mindrot.org>, Peter Gutmann <pgut001@cs.auckland.ac.nz>, Jeffrey Hutzelman <jhutz@cmu.edu>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Jon Bright <jon@siliconcircus.com>, Simon Tatham <anakin@pobox.com>, "Mark D. Baushke" <mdb@juniper.net>
Content-Type: multipart/alternative; boundary="=-YdbOiWEqCZTV6KA6ls19"
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list

Hello Mark,

appreciated, and agreed.

Given these recommendations, we should consider what to do about hmac-sha2-384.

In RFC 6668, we mentioned it, but did not actually define it.

It seems that there is now a need to define hmac-sha2-384 formally. It has the advantage of 16 fewer bytes being used for MAC.

On the other hand, I'm not sure that there's a need for rsa-sha2-384. I don't see advantages compared to rsa-sha2-512, which the current draft defines

v2.23.0 | Report a Bug | By Email