IETF Logo Mail Archive

Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)

Damien Miller <djm@mindrot.org> Wed, 27 January 2016 23:09 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64FAC1B3196 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Wed, 27 Jan 2016 15:09:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QuGJa7d8Brr0 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Wed, 27 Jan 2016 15:09:24 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACB471B3197 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Wed, 27 Jan 2016 15:09:24 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id 3B44785EE4; Wed, 27 Jan 2016 23:09:24 +0000 (UTC)
Delivered-To: ietf-ssh@NetBSD.org
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id E131A85EDE for <ietf-ssh@NetBSD.org>; Wed, 27 Jan 2016 23:09:21 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id Z1FhDpH6dJ_q for <ietf-ssh@netbsd.org>; Wed, 27 Jan 2016 23:09:21 +0000 (UTC)
Received: from newmailhub.uq.edu.au (mailhub1.soe.uq.edu.au [130.102.132.208]) by mail.netbsd.org (Postfix) with ESMTP id CC9DD85EA4 for <ietf-ssh@NetBSD.org>; Wed, 27 Jan 2016 23:09:17 +0000 (UTC)
Received: from smtp1.soe.uq.edu.au (smtp1.soe.uq.edu.au [10.138.113.40]) by newmailhub.uq.edu.au (8.14.5/8.14.5) with ESMTP id u0RN8jVj040886; Thu, 28 Jan 2016 09:08:46 +1000
Received: from mailhub.eait.uq.edu.au (hazel.eait.uq.edu.au [130.102.60.17]) by smtp1.soe.uq.edu.au (8.14.5/8.14.5) with ESMTP id u0RN8jrN054626 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 28 Jan 2016 09:08:45 +1000
Received: from natsu.mindrot.org (natsu.mindrot.org [130.102.96.2]) by mailhub.eait.uq.edu.au (8.15.1/8.15.1) with ESMTP id u0RN8eQB010844; Thu, 28 Jan 2016 09:08:41 +1000 (AEST)
Received: by natsu.mindrot.org (Postfix, from userid 1000) id 879C2A4F2F; Thu, 28 Jan 2016 10:08:40 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1]) by natsu.mindrot.org (Postfix) with ESMTP id 83617A4F2E; Thu, 28 Jan 2016 10:08:40 +1100 (AEDT)
Date: Thu, 28 Jan 2016 10:08:40 +1100
From: Damien Miller <djm@mindrot.org>
To: "Mark D. Baushke" <mdb@juniper.net>
cc: ietf-ssh@NetBSD.org, Niels Möller <nisse@lysator.liu.se>, Peter Gutmann <pgut001@cs.auckland.ac.nz>, denis bider <ietf-ssh3@denisbider.com>, Jeffrey Hutzelman <jhutz@cmu.edu>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Jon Bright <jon@siliconcircus.com>, Simon Tatham <anakin@pobox.com>
Subject: Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)
In-Reply-To: <96437.1453915164@eng-mail01.juniper.net>
Message-ID: <alpine.BSO.2.20.1601281001560.1003@natsu.mindrot.org>
References: <95389.1452676866@eng-mail01.juniper.net> <96437.1453915164@eng-mail01.juniper.net>
User-Agent: Alpine 2.20 (BSO 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
X-Scanned-By: MIMEDefang 2.73 on UQ Mailhub
X-Scanned-By: MIMEDefang 2.75 on 130.102.60.17
X-UQ-FilterTime: 1453936130
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list

On Wed, 27 Jan 2016, Mark D. Baushke wrote:

> Hi Folks,
> 
> > URL: https://datatracker.ietf.org/doc/draft-baushke-ssh-dh-group-sha2
> 
> I just noticed that the Information Assurance Directorate at the NSA has
> a new article on 'CNSA Suite and Quantum Computing FAQ' ... their URL is
> 
> https://www.iad.gov/iad/library/ia-guidance/ia-solutions-for-classified/algorithm-guidance/cnsa-suite-and-quantum-computing-faq.cfm
> 
> Reading the document, they are mandating that NSS no longer use
> Diffie-Hellman with 2048-bit keys instead they are suggesting
> IETF RFC 3526 (Groups 15-18).
> 
> They are also no longer interested in using SHA-256 wanting SHA-384.
> 
> For folks interested in compliance with the CNSA Suite, does it make
> sense for the baushke-ssh-dh-gorup-sha2 ID to be updated to specify
> either SHA-384 (or possibly SHA-512)?

I'd skip SHA-384 entirely in favour of SHA-512. Vendors who implement
Ed25519 will have a SHA512 implementation around anyway, whereas
~nobody uses SHA-384.

Also, I think it makes sense to reduce the number of groups offered.
OpenSSH is only offering 14 and 16 now, but might do 18 in the future.
We don't see any need for incremental steps between.

So my recommendation would be:

diffie-hellman-group1-sha1        NOT RECOMMENDED
diffie-hellman-group14-sha256     RECOMMENDED
diffie-hellman-group16-sha512     RECOMMENDED
diffie-hellman-group18-sha512     OPTIONAL

(but 16+256 & 18+512 would be fine too)

-d

v2.23.0 | Report a Bug | By Email