Re: [psg.com #460] IESG - Transport - Oakley

[Bill Sommerfeld <sommerfeld%sun.com@localhost>]

This message got caught in a filter at netbsd due to a false positive
keyword hit.  sorry for the delay in forwarding this..

Date: Wed, 9 Jun 2004 09:57:30 -0700 (PDT)
From: Chris Lonvick <clonvick%cisco.com@localhost>
To: ietf-ssh%NetBSD.org@localhost
cc: rt+secsh%rt.psg.com@localhost
Subject: Re: [psg.com #460] IESG - Transport - Oakley
In-Reply-To: <rt-3.0.9-460-1960.11.5934861296625%psg.com@localhost>
Message-ID: <Pine.HPX.4.58.0406090946300.12405%edison.cisco.com@localhost>
References: <rt-3.0.9-460-1960.11.5934861296625%psg.com@localhost>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

Hi Folks,

This is the issue we were discussing a few weeks ago about the Oakley
groups.  The recommendation at the time was to
- reference the proper RFC for Oakley Group 2
- delete the actual value of the prime from the document
- state that other works will be forthcoming for better Groups.

I made an effort to capture it this way:


8.1  diffie-hellman-group1-sha1

   The "diffie-hellman-group1-sha1" method specifies Diffie-Hellman key
   exchange with SHA-1 as HASH, and Oakley Group 2 [RFC2409] (1024bit
   MODP Group).  At the time of this writing, this method MUST be
   supported for interoperability as all of the known implementations
   support it.  The Working Group RECOMMENDS that implementations also
   support the Oakley Group 14 [RFC3526] (2048bit MODP Group) method.
   However, at the time of this writing, those methods have not been
   defined.  It is expected that this Working Group will produce a
   document that defines this method for use in this protocol, so
   readers should look carefully at documents produced by this Working
   Group to see if other methods are required.


You can see the difference (htmlwdiff) from the prior version here:
  http://www.employees.org/~lonvick/secsh-wg/june02/transport-17-18.html

Can I get some feedback on this?

Thanks,
Chris