Re: DH group exchange (Re: SSH key algorithm updates)
"Mark D. Baushke" <mdb@juniper.net> Mon, 09 November 2015 05:28 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE1691B650A for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sun, 8 Nov 2015 21:28:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PlzMObObETtq for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sun, 8 Nov 2015 21:28:28 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:4f8:3:7::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A7AB1B651E for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Sun, 8 Nov 2015 21:28:21 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id 5462414A247; Mon, 9 Nov 2015 05:28:19 +0000 (UTC)
Delivered-To: ietf-ssh@NetBSD.org
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 24DE914A23B for <ietf-ssh@NetBSD.org>; Mon, 9 Nov 2015 05:28:13 +0000 (UTC)
X-Virus-Scanned: amavisd-new at NetBSD.org
Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id OnTyh--BpvpO for <ietf-ssh@NetBSD.org>; Mon, 9 Nov 2015 05:28:12 +0000 (UTC)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0797.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc0c::797]) by mail.netbsd.org (Postfix) with ESMTP id D2FCF14A223 for <ietf-ssh@NetBSD.org>; Mon, 9 Nov 2015 05:28:11 +0000 (UTC)
Received: from BLUPR05CA0051.namprd05.prod.outlook.com (10.141.20.21) by BLUPR05MB053.namprd05.prod.outlook.com (10.255.210.139) with Microsoft SMTP Server (TLS) id 15.1.312.18; Mon, 9 Nov 2015 05:28:08 +0000
Received: from BL2FFO11FD008.protection.gbl (2a01:111:f400:7c09::119) by BLUPR05CA0051.outlook.office365.com (2a01:111:e400:855::21) with Microsoft SMTP Server (TLS) id 15.1.318.15 via Frontend Transport; Mon, 9 Nov 2015 05:28:08 +0000
Authentication-Results: spf=softfail (sender IP is 66.129.239.17) smtp.mailfrom=juniper.net; cs.tcd.ie; dkim=none (message not signed) header.d=none;cs.tcd.ie; dmarc=none action=none header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.17 as permitted sender)
Received: from p-emfe01a-sac.jnpr.net (66.129.239.17) by BL2FFO11FD008.mail.protection.outlook.com (10.173.161.4) with Microsoft SMTP Server (TLS) id 15.1.325.5 via Frontend Transport; Mon, 9 Nov 2015 05:28:07 +0000
Received: from magenta.juniper.net (172.17.27.123) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Sun, 8 Nov 2015 21:28:03 -0800
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by magenta.juniper.net (8.11.3/8.11.3) with ESMTP id tA95S1D17686; Sun, 8 Nov 2015 21:28:01 -0800 (PST) (envelope-from mdb@juniper.net)
Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id 4586C11494; Sun, 8 Nov 2015 21:28:01 -0800 (PST)
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
CC: denis bider <ietf-ssh3@denisbider.com>, Jeffrey Hutzelman <jhutz@cmu.edu>, Niels Möller <nisse@lysator.liu.se>, "ietf-ssh@NetBSD.org" <ietf-ssh@NetBSD.org>, "stephen.farrell@cs.tcd.ie" <stephen.farrell@cs.tcd.ie>, "jon@siliconcircus.com" <jon@siliconcircus.com>
Subject: Re: DH group exchange (Re: SSH key algorithm updates)
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4B5A9BC@uxcn10-5.UoA.auckland.ac.nz>
References: <9A043F3CF02CD34C8E74AC1594475C73F4B5993D@uxcn10-5.UoA.auckland.ac.nz>, <2096379125-720@skroderider.denisbider.com> <9A043F3CF02CD34C8E74AC1594475C73F4B599ED@uxcn10-5.UoA.auckland.ac.nz>, <55190.1447001241@eng-mail01.juniper.net> <9A043F3CF02CD34C8E74AC1594475C73F4B5A9BC@uxcn10-5.UoA.auckland.ac.nz>
Comments: In-reply-to: Peter Gutmann <pgut001@cs.auckland.ac.nz> message dated "Mon, 09 Nov 2015 00:46:54 +0000."
From: "Mark D. Baushke" <mdb@juniper.net>
X-Phone: +1 408 745-2952 (Office)
X-Mailer: MH-E 8.5; nmh 1.2; GNU Emacs 24.3.1
X-Face: #8D_6URD2G%vC.hzU<dI&#Y9szHj$'mGtUq&d=rXy^L$-=G_-LmZ^5!Fszk:yXZp$k\nTF? 8Up0!v/%1Q[(d?ES0mQW8dRCXi18gK)luJu)loHk, }4{Vi`yX?p?crF5o:LL{6#eiO:(E:YMxLXULB k|'a*EjN.B&L+[J!PhJ*aX0n:5/
Date: Sun, 08 Nov 2015 21:28:01 -0800
Message-ID: <35800.1447046881@eng-mail01.juniper.net>
MIME-Version: 1.0
Content-Type: text/plain
X-EOPAttributedMessage: 0
X-Microsoft-Exchange-Diagnostics: 1; BL2FFO11FD008; 1:2tc0+yBadwVshcasxCrBZtOGiuD7OuYrmac5UhuPLRWj6roigNMxf6cAPGbeL/MZM5vE12O76NQyYTImHVANMfn28u0p6KINdSueB98QeL5748ZFPuRpl+8FxpCB/oodXsdjW8UP+a0J2ca9hWhcsBv4B9dB15gd7buZ7ydLk9fM4mp1RcszNUy90fY6YkKBqCZ+LrEBL+i2ge4hOOJm5iAtjloN+rZncGBdUjjyzE2+CWe3vWU1COP/H4zPqApyGNtvxrqV9/lWjIJrTK+8hdimlHSiCciel8LHkPyQqtWP9rVgG6o0aPIU1OX9OkxC933obB2Maf0/ttRKBgNHePe7iConnyblggtfHoYT3FdWhbKbqi3dWlqmreDIno1QDx6+glwLm0aoK6R0vYuHjg==
X-Forefront-Antispam-Report: CIP:66.129.239.17; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(979002)(6009001)(2980300002)(199003)(189002)(87936001)(106466001)(76176999)(50986999)(77096005)(47776003)(5001960100002)(2950100001)(110136002)(53416004)(92566002)(189998001)(117636001)(76506005)(48376002)(5001920100001)(97736004)(5007970100001)(19580395003)(69596002)(93886004)(50466002)(81156007)(5003600100002)(6806005)(105596002)(5003940100001)(11100500001)(86362001)(19580405001)(50226001)(42262002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:BLUPR05MB053; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; BLUPR05MB053; 2:MEDE/t+/CcyKYmgq7bWCpw0hhgW2Xw2jLGSASNVdvss6hGgQWVCE9yQZepuTdz0/S92zIeHCRczCPr0JToE4IlPAegG3ter/GvHAgMJthTCWedauUZjxuTVxKiUQqBi6Grueq1LWqvQ2HJchBWNxXDcVIoz18b4OUvxmZDksUKI=; 3:SYNC+luq7jS+2nfjGi8SPWJ/geqrLBgOY1ewSgVWq61z48qC1kBFkj5NxWtB33dMr/c3O6YSojDyB/RLJRZ+HaSpuPCjKy8MRAfRLWQUZWdxjmtPiIFcmJyrl5zF22DRufCs9kbAxF9Jwg8avtJm/PPCjIz0fnKVXdSa0jQHvnNewhDhCsb2XY1l5FQXsgdwsgnIhczG85OBH461GuVaSLBQ0AWMss0tEX0nEZNlImA=; 25:LhHf60kxUUHS4TGJtyLWHWOAhg60qDuWYLnxdBbd1UlMm67MDJDurYD4kSurx4pGqY69vlG4col6MS0LOQYgOrkLLPH1+hxzZgCtiRPN6AGj6Xy5Z63jwq6RPd70w/l8ytibsCAXp/HEa+mCA/bonYdN+OrgDvsGqz3sPXtualcKT3rfZIwRatPuVmlupVLIpbouD5Z0shF8dOnbhU8CFiBq4Z3I6PYiFLs/91wsOwVWqeIj/Vz1km0Fr8Gwyb+i8c7n2uFSkDaTJnHylYIwQA==
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR05MB053;
X-Microsoft-Exchange-Diagnostics: 1; BLUPR05MB053; 20:/UsuzRlSUANRwgPb0pHYvCrFYiFLX3YlhDRIPgiWlrarqV4pivqkdw/CFJmBgD+3TX+MdvoR0hTgnZ9tCWZcAkQfIbwmxB8c5Vq2REDxubNuFnzBbg7vuz3WpMynO7r7MwQ+EGcZ+vZQtWIm9OKhN3wTREbFk2yD2ic1krdnYdVqdbMuIjN6X0tpHKgZiXRE8y7r0KnJJ9popTYgmvY+b4DG0McSfgHh1rGy9nBPMCuTMFyovejbryUS/mAWqhObgkfOfOrIRNSnTMYmjTLfcWkW3cLyuByF0Fa1jYU1QMb7CmODnxpyJpZpY4WOYc/ev6fK2Vhl2D3A/Uwy4GwVlqji/G9KLDXOlLV/fzdoswBWR5lvcR+IjB/dDDLVEeTXfzXA+UmO7U7IgCKCrbrl38t5HN5DXeTUiRKVsLK5CFlOv/66Jevs/JCucyjPqtYDiQX3xQ+CQBVFKAVdnQ8Xm+8TLl+bUkT8IzTRk20VJPc4DLE0C9rN1kiba+thqpWC; 4:KEq55rN05swr8oZ362GJUeKxTiu172UsuAXpFD/TjPSyQdM0D3AWgsAKAkmxKqx+2JjcU+9eGfw8OPNOSYm8CsMwgODOtji7oB58Jg3ECzIQfBAlYcGZ/il5rXTsG5A5oyZW+0QyX6w64j0U16NsCE3UN7F761KPRGmNmhXI6Rep30xFAqGGajXtwNhfX5izyQT1rzFQxA7WfOOGO6Zx20itptzsrXhAFWtThpApEY1hWaR1pntFEbHOzbw1hVkcgjGQO383rt9ndRaFGvyJPZYO7XIoopkThwIXqEXWdwHkMqTweiz/Wyy+MRUVwV5bd6I9xMiCJl2CAO1wtqCgxLsGkgUneWS20c7Yir0wfJVs9RFLqvAo/Ajmh7vpHlrg
X-Microsoft-Antispam-PRVS: <BLUPR05MB0535A974159C18D8DB34ABCBF150@BLUPR05MB053.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(138986009662008);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401047)(5005006)(520078)(8121501046)(10201501046)(3002001); SRVR:BLUPR05MB053; BCL:0; PCL:0; RULEID:; SRVR:BLUPR05MB053;
X-Forefront-PRVS: 0755F54DD9
X-Microsoft-Exchange-Diagnostics: 1; BLUPR05MB053; 23:vQR8E7A4Fo4Tn7loPWD4XYVkwLO4clrQwDbiCKp+Lmx7u+rUux0Q7+/zD1DLWtlKWCURqSi6s7AppCukeAFT8tuG2Lzl0vxn0V/qI0CnXXWHJoFHz6avZFUk9jB9P/9/tD54NhzM3kMF8VIMrgSm44KOpxLDzUEYBaI68HONAdMjhVeiwQD7s2DF1OTtmUg4Iu5COmW8obhRofB/VlZZSnxSrQYEEDtTKx25M8rkXIVLMAOEh1r1TGfV5rGwZQk0sHCShpg6R8wWKxDj2lhcTymu6lZUAOSYSkDNXEQAkOhZsmqWVTdld+drJxXr+7eBpk//A50Xdsmt89LjINVbBQqhtv67s1fyTChqdmzuWC9V7+1V6jQE9UVnfngRdKZZ6DvWkw/9jaxkT3EJAd1xaPE7Fp0oM9JgQmQkRD2+L5jA0WgUaxgi+IslfTD7uhd/hiDvnJ+z4vmKJWXKPLzdF89/9loiV6cFgh45YPIzrOBD7bqLPxXKZu5emVbMMa5CmJHlw2wnbjBl9YaNA8EpEEuvbZI130Wnq7tJDnnNNLaQKD3gcFHa/E1YPmnymesDc9Fr3aIUwXMZIb6GV/VV/QPsXLZ3XOH0rSvf0yLWYHW15vGf2fIQNE7XQrFcXalIIK0fk+8mi/mACF+9Jb2v4UgVCUonCL9lkoW9HyS22w7PQ3gf0mwIkgaGhOSB7R6t6MOSUzOXX2UdjmhOVj52UD7mVN+IyVqUCMu8OmpeKQJiSiTtP03Wd4mANAyE1+of1fUTc5DLI40jFsYAoR+s/IyQ+Izg/VYkfMWOGwUwSctrayuWOXjG2AbXvP0wc0VL2wqkyHyxPwyh07ZYvQR27VCOSnKv1obJHq9a+KiAt7VEWXBdZtEyW8+9DQClrmQRXuaBnqF++5aaGfx+SO/eAEoDkOWdavyvKoA0hqfnh4ywASlAyVjFK79lBAd3x9G9pJstI0QTWUm7h/uP/XtN8xuAnTr7C1wui/bzAnY01lRFTXYYYHPeIilrseAC7ES27s8GJgNwtA+eCGhdRanTb7VhpzK3Yn9JQ4tlSr6qqKsDBuDzZhEBZaMp2e4DjYQBjnFjOt4Fr1aVN1OXkAzjTQ==
X-Microsoft-Exchange-Diagnostics: 1; BLUPR05MB053; 5:MHn0hvvYsrlNWDi0RDMayVus3h9115JLmqtPelnNyonRG6Zn/wyzqpvHXb9ciUTvCZt84AAKaU3AqNgQYJFSlpsiloSuFkTqAFe+//CPEpCXGZB09XLQvcMo1SI1JZ8Ast+q6p8prmrBHAB4OTcVNw==; 24:dJO/E6l5267PYX5I5nciLnJSzJ/sZpZMy62odqj3G9NBBib0T4EowtP0UgsmM7H+EUrTK1jiR9EbXbbdsfLVFf93Mzpm5ojsJFfmyoG/w8A=; 20:QqisJ9/0hK0Q7KKutpvQYrpSXW1E+eeX59xR7nzYjC9zOD/Kv5yi0nXgm0Jt93/mQwK0gMOjhNIrILYPm7wvPw==
SpamDiagnosticOutput: 1:23
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Nov 2015 05:28:07.5680 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.17]; Helo=[p-emfe01a-sac.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR05MB053
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
Hi Peter, Peter Gutmann <pgut001@cs.auckland.ac.nz> writes: > mdb@juniper.net <mdb@juniper.net> writes: > > >That said, I do not find any FIPS or NIST documents talking about > >Lim-Lee primes for use in FIPS certified systems. > > Sure, because it post-dates the original NIST docs that specified the > keygen. I am under the impression that Lim-Lee published their paper in 1997 "A key recovery attack on discrete log-based schemes using a prime order subgroup" FIPS 186 was published in 1994. FIPS 186-1 was published in December 1998. FIPS 186-2 was published in January 2000. FIPS 186-3 was published in June 2009. FIPS 186-4 was published in July 2013. so, for the last four editions of FIPS 186, no mention of the Lim and Lee algorithm has been mentioned... I would have thought they might mention generation of q in subsequent publications, but I only really ever had to deal with FIPS 186-2, FIPS 186-3 and FIPS 186-4 myself. > The idea is that if you need FIPS validation you use the NIST > generation method, if you don't, you use any method that works, one > obvious example being Lim-Lee (same result but much quicker because > you're generating lots of small primes, particularly useful if you > want to generate a new DH parameter set on each handshake). Yup, a FIPS compliant system needs to generate new FCC Domain Parameters for Diffie-Hellman using the method described in FIPS 186-4. A non-FIPS compliant system would be free to sue Lim-Lee if they desired. It is possible to generate the values outside of the crypto boundary in which case only validation needs to be performed, but that does not really live up to the expectations of RFC 4419 which wants to be generating new DH parameters for each connection, or at least be able to randomly selection a set of parameters that have been calculated in the short term rather than the long term. > Since the verification process for both 186 and Lim-Lee generated > values is identical, you can verify the keys either way. So the spec > would cover both NIST and non-NIST options at the same time, depending > on implementer preference. So, the RFC 4419bis would include both parameter generation techniques as well as coming up with a better generator g that would always pass for a non-FIPS compliant application talking to a FIPS compliant application? That seems reasonable to me. -- Mark
- Re: DH group exchange (Re: SSH key algorithm upda… Jeffrey Hutzelman
- DH group exchange (Re: SSH key algorithm updates) denis bider
- Re: DH group exchange (Re: SSH key algorithm upda… denis bider
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… denis bider
- RE: DH group exchange (Re: SSH key algorithm upda… Peter Gutmann
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- RE: DH group exchange (Re: SSH key algorithm upda… Peter Gutmann
- RE: DH group exchange (Re: SSH key algorithm upda… Peter Gutmann
- Re: DH group exchange (Re: SSH key algorithm upda… denis bider
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- RE: DH group exchange (Re: SSH key algorithm upda… Peter Gutmann
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- RE: DH group exchange (Re: SSH key algorithm upda… Peter Gutmann
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- Re: DH group exchange (Re: SSH key algorithm upda… Damien Miller
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… denis bider
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… Mark D. Baushke
- Re: DH group exchange (Re: SSH key algorithm upda… Darren Tucker
- Re: DH group exchange (Re: SSH key algorithm upda… Matt Johnston
- Re: DH group exchange (Re: SSH key algorithm upda… Niels Möller
- RE: DH group exchange (Re: SSH key algorithm upda… Peter Gutmann
- Re: DH group exchange (Re: SSH key algorithm upda… Darren Tucker