IETF Logo Mail Archive

Re: DH group exchange (Re: SSH key algorithm updates)

"Mark D. Baushke" <mdb@juniper.net> Thu, 10 December 2015 15:43 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE3221A00CD for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Thu, 10 Dec 2015 07:43:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.61
X-Spam-Level:
X-Spam-Status: No, score=-1.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dgZrMtn6iQMU for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Thu, 10 Dec 2015 07:43:11 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:470:a085:999::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BAE4C1A00CA for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Thu, 10 Dec 2015 07:43:11 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id A227585EE2; Thu, 10 Dec 2015 15:43:10 +0000 (UTC)
Delivered-To: ietf-ssh@NetBSD.org
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 86E0485E5E for <ietf-ssh@NetBSD.org>; Thu, 10 Dec 2015 15:43:08 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id mbPQNbhR1INb for <ietf-ssh@netbsd.org>; Thu, 10 Dec 2015 15:43:07 +0000 (UTC)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0702.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc09::702]) by mail.netbsd.org (Postfix) with ESMTP id A0EF285E4A for <ietf-ssh@NetBSD.org>; Thu, 10 Dec 2015 15:43:01 +0000 (UTC)
Received: from BLUPR05CA0064.namprd05.prod.outlook.com (10.141.20.34) by BN3PR0501MB1377.namprd05.prod.outlook.com (10.160.117.11) with Microsoft SMTP Server (TLS) id 15.1.337.19; Thu, 10 Dec 2015 15:42:58 +0000
Received: from BL2FFO11FD028.protection.gbl (2a01:111:f400:7c09::183) by BLUPR05CA0064.outlook.office365.com (2a01:111:e400:855::34) with Microsoft SMTP Server (TLS) id 15.1.355.16 via Frontend Transport; Thu, 10 Dec 2015 15:42:58 +0000
Authentication-Results: spf=softfail (sender IP is 66.129.239.19) smtp.mailfrom=juniper.net; cs.tcd.ie; dkim=none (message not signed) header.d=none;cs.tcd.ie; dmarc=none action=none header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.19 as permitted sender)
Received: from p-emfe01b-sac.jnpr.net (66.129.239.19) by BL2FFO11FD028.mail.protection.outlook.com (10.173.161.107) with Microsoft SMTP Server (TLS) id 15.1.346.13 via Frontend Transport; Thu, 10 Dec 2015 15:42:58 +0000
Received: from magenta.juniper.net (172.17.27.123) by p-emfe01b-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Thu, 10 Dec 2015 07:42:25 -0800
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by magenta.juniper.net (8.11.3/8.11.3) with ESMTP id tBAFgND00740; Thu, 10 Dec 2015 07:42:23 -0800 (PST) (envelope-from mdb@juniper.net)
Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id 6425C1144F; Thu, 10 Dec 2015 07:42:23 -0800 (PST)
To: Niels Möller <nisse@lysator.liu.se>
CC: Damien Miller <djm@mindrot.org>, Peter Gutmann <pgut001@cs.auckland.ac.nz>, denis bider <ietf-ssh3@denisbider.com>, Jeffrey Hutzelman <jhutz@cmu.edu>, "ietf-ssh@NetBSD.org" <ietf-ssh@NetBSD.org>, "stephen.farrell@cs.tcd.ie" <stephen.farrell@cs.tcd.ie>, "jon@siliconcircus.com" <jon@siliconcircus.com>
Subject: Re: DH group exchange (Re: SSH key algorithm updates)
In-Reply-To: <nn37vamk6e.fsf@armitage.lysator.liu.se>
References: <9A043F3CF02CD34C8E74AC1594475C73F4B5993D@uxcn10-5.UoA.auckland.ac.nz> <2096379125-720@skroderider.denisbider.com> <9A043F3CF02CD34C8E74AC1594475C73F4B599ED@uxcn10-5.UoA.auckland.ac.nz> <55190.1447001241@eng-mail01.juniper.net> <9A043F3CF02CD34C8E74AC1594475C73F4B5A9BC@uxcn10-5.UoA.auckland.ac.nz> <nnziyn2ft7.fsf@armitage.lysator.liu.se> <65113.1447107876@eng-mail01.juniper.net> <nn37we320r.fsf@armitage.lysator.liu.se> <alpine.BSO.2.20.1511101829460.8324@natsu.mindrot.org> <90378.1447145301@eng-mail01.juniper.net> <nnbnb11utb.fsf@armitage.lysator.liu.se> <41119.1447226323@eng-mail01.juniper.net> <nnfv0az4dl.fsf@armitage.lysator.liu.se> <67048.1447534953@eng-mail01.juniper.net> <nnpozbybp8.fsf@armitage.lysator.liu.se> <26466.1447573713@eng-mail01.juniper.net> <nnlh9zy912.fsf@armitage.lysator.liu.se> <29562.1449755093@eng-mail01.juniper.net> <nn37vamk6e.fsf@armitage.lysator.liu.se>
Comments: In-reply-to: Niels Möller <nisse@lysator.liu.se> message dated "Thu, 10 Dec 2015 15:51:05 +0100."
From: "Mark D. Baushke" <mdb@juniper.net>
X-Phone: +1 408 745-2952 (Office)
X-Mailer: MH-E 8.5; nmh 1.2; GNU Emacs 24.3.1
X-Face: #8D_6URD2G%vC.hzU<dI&#Y9szHj$'mGtUq&d=rXy^L$-=G_-LmZ^5!Fszk:yXZp$k\nTF? 8Up0!v/%1Q[(d?ES0mQW8dRCXi18gK)luJu)loHk, }4{Vi`yX?p?crF5o:LL{6#eiO:(E:YMxLXULB k|'a*EjN.B&L+[J!PhJ*aX0n:5/
Date: Thu, 10 Dec 2015 07:42:23 -0800
Message-ID: <83020.1449762143@eng-mail01.juniper.net>
MIME-Version: 1.0
Content-Type: text/plain
X-EOPAttributedMessage: 0
X-Microsoft-Exchange-Diagnostics: 1; BL2FFO11FD028; 1:j/6QWizE0uBdpPb5fAAvZKWwoIIPTuBLJNNwKI/MLKwSD73dkSUUV0qpOC5RjDU+wkxy1qghIbNWPD4IKBZWjS+5juzpLhdEroqdRVfROF8V5UC2f/HAFf7qWZjFpU49nc/C2blZzY2RZs019dTk520W6zD1YcIQQJb8UqBJrpa89wAD6CnRxyOWmKUfBQ0r59x0LpXlze6uIGSV0Rw2nIo9d59WDPZqI+QnSwYSxusIS8cMS18EycTtvv9SZ70VjfkGX4TLCC613mHkAOOLUNRnwHq3/tZRNV5CS3Ykr8CPi21c6eZYwWcQRGRWwhfgl5rbbsPIY8hwXVXGV29t2vUqqfgiJyv3o6LE9k7TF4LkjMXi4QCJQwJdMtxDLIUGg2wuc5koltNXqVHCC8oFOx0s0bptEQM0ZZ1VVAjQVM4=
X-Forefront-Antispam-Report: CIP:66.129.239.19; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(2980300002)(189002)(199003)(81156007)(50466002)(93886004)(586003)(19580395003)(5001960100002)(47776003)(11100500001)(110136002)(1220700001)(5003940100001)(87936001)(189998001)(105596002)(97736004)(1096002)(5003600100002)(69596002)(48376002)(6806005)(92566002)(15975445007)(86362001)(77096005)(117636001)(76176999)(50226001)(76506005)(2950100001)(53416004)(106466001)(50986999)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0501MB1377; H:p-emfe01b-sac.jnpr.net; FPR:; SPF:SoftFail; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; BN3PR0501MB1377; 2:ZNL4Ehzuyar69uxcC29mUnS5+2mmb4GII3cIb/3unteJleCB59qFCOWaNNOwKAP6PILI0xb0TBDu2GLnuC6o0ljPqlu5DC/F4+ySyicMRCICNAnOFFVKrbGHk3vmNCJjQtvBIMKBIqmgqDgbGCni9A==; 3:2Y/9+Ng6c4qeZpJSvM+DA4UCIFyCpT/UI8kS/GoCShbNu1FFC8RKPNcnAIcgRLbfep4CHRIuUJR/MHR3XHTql3ZqckkPoLzikcM4Ge0PVtu9od1ZFiDXCVGkLt+PbtZWhrRWCa1nhfvmn4VtpO4OqJnPCvvvAsWbKT+4hN3s7lP+bStD7+3dc2huS5prKIHxXy5UKgyG1b7t2s0eQl6lg88sxHdK3LMiSH0vJT6HlQ4=; 25:jc8i85uKYUIuqYShPnWx26yHmXQNsfqpDaJNIDZ5CLh0spG+7UYBGzQw8QrnwExHVlINoi0KV0Llqy0hrFTyhGzcQv19B7FLnhpgzALhoWkTGi/OIT4pp6mLeXKy3IabI7jUvw/vWTRlNCYAN6ZUVkPiXU2TFmzoKvscbi5jMhuLWR7yQwV05Hh6+p70Z7U4earT3NpOLdVHMP/OaxnszDzGWTHkrJPs9gSaBJkG5s+4cL5CpEeMuKICzPeq9mAmBLFdal+ZwsG213jZimdTGQ==
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN3PR0501MB1377;
X-Microsoft-Exchange-Diagnostics: 1; BN3PR0501MB1377; 20:tHVgBcXeUDOljU1EMjE5EZxJv5cwXjTnPbFyvr//1n0KK5TebND+CNSOFPOt9FiO/c3sHH1gsan5onBseM3uJWErGKI+pPNfQjI53NGcvCfImBUyhGAi1qsuwiuarS2EjNc3ObJIltjeKcsRrMetEcWLaBGqdySKjLXVcKYGlIhtwTNdAJeRtpJTj11q6J/hdH7axMyGk/8hCdAQyDYVVy+nnIGBtC8yXGhPYMngSEu4GC1VZpvOog9MvAsMDGF8cziMfCr2WzKbXeA10psFtE9PJaqHsaAfDkD0Z6iMTOq18149kr22Bb6codOmegUXzcjLTMWCZjhigqPE97qX5MJaI1X2jJmof8OAL0MGpXxAYhW9otZg43jiykFeO0oN7zzAJ9el3QkAJUsskD3XhN1soOMcDPjl5VuZGiiH//KkG6Yce/TFd0VztqN5Htv8x+C7RmlrUd7rpVcyiphsIW5iIHSGkkESfTz9Srhnj+vZ970nMs7ECzDuKR9TK61v; 4:59OkJ5+jT6MVG8BaVVkHbOe9wWcGy25i/JFhpKRFM+2s2GuvT76uG28Jp266qeui7k1JLJkUZ2g4ypaO4iIJECXwpfQSt3bNSaeL/cI/VANt0KeCkiLRHWJwq7WKv5OEpHMpWTvL1Vz+dXqvDo6S19/ZyX8k/vMxEy9i2AZZ5WCMDxfzzznvsrBaokTy23NOd06opJeS3x9qz0dN3Bz7eF7l1066EgLBS2NzsvmlfeyZMg+ASm2Xrt17GBcgJHIFhPdwhLs6JbdJP/f8zPIJdUlu6O7mp66RVpaltwO56ThMdUdmL8xF0edwaU9pl5CESH9HcYZkVh5De8nYStCBAIeIoFfUFb9AhGbBYqqhlzl7rsWKYNhqAmgynstSHY9p
X-Microsoft-Antispam-PRVS: <BN3PR0501MB137780AC7F71342BB998348ABFE90@BN3PR0501MB1377.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401047)(520078)(8121501046)(5005006)(10201501046)(3002001); SRVR:BN3PR0501MB1377; BCL:0; PCL:0; RULEID:; SRVR:BN3PR0501MB1377;
X-Forefront-PRVS: 078693968A
X-Microsoft-Exchange-Diagnostics: 1; BN3PR0501MB1377; 23:+1jAYMX0wAVd4FsbRS0rQ5HYkNh4whJn51SWFfP0uCtDmsHPlOnNdEks9W4vZS53/85GxPSFvyAqv2Exqb5VUTfdWCOn1fVPunNWm8foBDxV7CJW3ZF+aGMwiP7n4BoHUYsRGK3C5qWB2hqMJuORQocr5VNQ+KNwlon0E3FKqiWKBkhqdrcM1+0qGFdARhXCD3CWkvAZAA+wjAhOYgT3jOHl6fu8VfS/b30+IwfG4K2OF0ysixc421PNLaEUWYpjtJuYNZPL13+3BYDTSqERmuo1CtLpX9OvxrGKXoNFZ0Px1joJkFgGhtYfvxP6eLpH9Oz3U1niHl2oH6+nD5Nj4rD9dc6ctTViuVa1YIRpzQ8I+kNzjHZUAdVD75IS7blr/XZgsVU4qj0plRLbJT1d8CPy5vqWf1n5yMqGCxTWPk47DJf9BfRd4U7RS6bytRb/jrI7oU0o1+TEpMu+Pz7Bo1rnn2kFzTF5Ya9479+gzte62UkR9Gcv8vVSqesAf1L/IUBwSJF4qe0J5kjB35Xd0afxJJaWi7WJPx/wPGNuiZ7JhKfDRnqV+WGPlQI9Qu+HxCVMZxZDvl/9IO36uuzDV/6wJ3322KbbcL648o4SOFTjSay0FcJhadPEjuyZ3jWeXeWyGdgK7S0Eob9uA7qy9UotfrJAoNndS4PJ/jbpf0RrR3X64fi4HZ06ASOwX59zv6QP5lmDbO1bC4xcYFaPKu8q19/4AJqAHBuUJRaW1wyBmEQaabv4YKjArqRxcm6iwj7wL5Lthk4AXL+txByO9+2gVlGDZgQ6Kv0mydKcz89AuTBpKf5o8jGJY9h34taR3rG2LXCHHpgOFW9/TAVUgagXGGOhtjMM+YaDm02fWNA5nPAtZBidC7xZ5U6/w5nuDpo7S960rHWioD50Trlg1AGOMWwviSAakOUYLVJb5c1W6IGO1TZ68wYi2HZQ4PHLfDdXtK2RoQdHbOg1rJsLVNA46nqVsXmYcfBd2Bv2N+AufQFJd/ruLmF2hnZgEaBM
X-Microsoft-Exchange-Diagnostics: 1; BN3PR0501MB1377; 5:yKYyurMPBAV1T5zHpv7MXGzy76Zq9MRXB3pQ9Y9hQa3ZFxCUKuwdEN19N7I4rdnCIAFPb/6pyEeXnfastCnHz6bnooD6kRmxJyVLF/mz1Yc211fZrt1poJcNca9x1gHHwKnVaqpl+rjDwo5EU36BuA==; 24:N7DGwHrmkpPcdqrF6xvc27WUro9wiSQORY1q5itkv/QQjPXgANQmr9QL/AjgnSBLWRSq20dblL86LrRsGtz0tz2RiNWOMPuYoU0SvljS+3c=
SpamDiagnosticOutput: 1:23
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2015 15:42:58.0179 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.19]; Helo=[p-emfe01b-sac.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0501MB1377
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list

I have posted draft-baushke-ssh-dh-group-sha2-00

URL:

  https://datatracker.ietf.org/doc/draft-baushke-ssh-dh-group-sha2/

to handle starting to remove diffie-hellman-group1-sha1 from the
REQUIRED list and adding group14, group15 and group16 using sha256 to
the RECOMMENDED, RECOMMENDED, OPTIONAL lists.

	-- Mark

v2.23.0 | Report a Bug | By Email