Re: New IDs

To: Chris Lonvick <clonvick%cisco.com@localhost>
Subject: Re: New IDs
From: Damien Miller <djm%mindrot.org@localhost>
Date: Sun, 23 May 2004 15:58:10 +1000

Chris Lonvick wrote:
> http://www.employees.org/~lonvick/ssh/transport-16-18.html

Section 7.1 is seriously broken by these changes. The new text reads:

> The "diffie-hellman-group1-sha1" method specifies Diffie-Hellman key
>    exchange with SHA-1 as HASH, and Oakley group 14 [RFC3526] (2048-bit
>    MODP Group).  It is included below in hexadecimal and decimal.

"diffie-hellman-group1-sha1" isn't rfc3526 group 14, it is rfc2904
group 2. This group represented by this name can't change without
breaking compatibility with every SSH2 implementation that uses it.

Worse, the changed wording doesn't even agree with the numeric group
immediately below it, which remains rfc2904/group2.

The right way to change would be to recommend the use of DH-GEX or
adopt Peter Gutmann's "diffie-hellman-groupN-sha1" proposal to make
a "diffie-hellman-group14-sha1" (though I'd prefer a shorter name,
while we are making changes).

To retain interoperability with the current installed base, support
for the current group would have to stay a MUST regardless.

-d

Follow-Ups:
- Re: New IDs
  - From: Jeffrey Hutzelman

References:
- I-D ACTION:draft-ietf-secsh-userauth-19.txt
  - From: Internet-Drafts
- Re: I-D ACTION:draft-ietf-secsh-userauth-19.txt
  - From: der Mouse
- New IDs
  - From: Chris Lonvick

Prev by Date: New IDs
Next by Date: Re: New IDs
Previous by Thread: New IDs
Next by Thread: Re: New IDs
Indexes:

Home | Main Index | Thread Index | Old Index