IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: New IDs
Chris Lonvick wrote:
> http://www.employees.org/~lonvick/ssh/transport-16-18.html
Section 7.1 is seriously broken by these changes. The new text reads:
> The "diffie-hellman-group1-sha1" method specifies Diffie-Hellman key
> exchange with SHA-1 as HASH, and Oakley group 14 [RFC3526] (2048-bit
> MODP Group). It is included below in hexadecimal and decimal.
"diffie-hellman-group1-sha1" isn't rfc3526 group 14, it is rfc2904
group 2. This group represented by this name can't change without
breaking compatibility with every SSH2 implementation that uses it.
Worse, the changed wording doesn't even agree with the numeric group
immediately below it, which remains rfc2904/group2.
The right way to change would be to recommend the use of DH-GEX or
adopt Peter Gutmann's "diffie-hellman-groupN-sha1" proposal to make
a "diffie-hellman-group14-sha1" (though I'd prefer a shorter name,
while we are making changes).
To retain interoperability with the current installed base, support
for the current group would have to stay a MUST regardless.
-d
Home |
Main Index |
Thread Index |
Old Index