Re: [psg.com #460] IESG - Transport - Oakley

To: Markus Friedl <markus%openbsd.org@localhost>
Subject: Re: [psg.com #460] IESG - Transport - Oakley
From: Chris Lonvick <clonvick%cisco.com@localhost>
Date: Fri, 11 Jun 2004 05:34:23 -0700 (PDT)

Hi Markus,

On Fri, 11 Jun 2004, Markus Friedl wrote:

> again, why change a deployed protcol?

What I'm trying to do is to get the wording right in these documents so
that
1) the documents reflect the deployed protocol and,
2) they address the nits posted by the IESG.

As we saw in the discussion about the "@", the IESG may be incorrect in
their views.  In that case, we should make the document more clear to
minimize any confusion.  In this case, I don't see that I'm making any
changes to the protocol.  If I inadvertently do, please point it out and
I'll adjust it back.

>
> >    However, at the time of this writing, those methods have not been
> >    defined.
>
> i think it vague comments like this should not be
> in the document. just state that further groups
> might be defined in additional documents.

OK.

>
> On Thu, Jun 10, 2004 at 10:14:38PM -0400, Bill Sommerfeld wrote:
> > 8.1  diffie-hellman-group1-sha1
> >
> >    The "diffie-hellman-group1-sha1" method specifies Diffie-Hellman key
> >    exchange with SHA-1 as HASH, and Oakley Group 2 [RFC2409] (1024bit
> >    MODP Group).  At the time of this writing, this method MUST be
> >    supported for interoperability as all of the known implementations
> >    support it.  The Working Group RECOMMENDS that implementations also
> >    support the Oakley Group 14 [RFC3526] (2048bit MODP Group) method.
> >    However, at the time of this writing, those methods have not been
> >    defined.  It is expected that this Working Group will produce a
> >    document that defines this method for use in this protocol, so
> >    readers should look carefully at documents produced by this Working
> >    Group to see if other methods are required.
> >
> >
> > You can see the difference (htmlwdiff) from the prior version here:
> >   http://www.employees.org/~lonvick/secsh-wg/june02/transport-17-18.html
> >

New proposal:

   The "diffie-hellman-group1-sha1" method specifies Diffie-Hellman key
   exchange with SHA-1 as HASH, and Oakley Group 2 [RFC2409] (1024bit
   MODP Group).  At the time of this writing, this method MUST be
   supported for interoperability as all of the known implementations
   support it.  The Working Group RECOMMENDS that implementations also
   support the Oakley Group 14 [RFC3526] (2048bit MODP Group) method
   which is not defined in this document.  Other groups may be defined
   in additional documents.

Please comment on this.

Thanks,
Chris

Follow-Ups:
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Nicolas Williams

References:
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Bill Sommerfeld
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Markus Friedl

Prev by Date: Re: [psg.com #460] IESG - Transport - Oakley
Next by Date: Re: [psg.com #460] IESG - Transport - Oakley
Previous by Thread: Re: [psg.com #460] IESG - Transport - Oakley
Next by Thread: Re: [psg.com #460] IESG - Transport - Oakley
Indexes:

Home | Main Index | Thread Index | Old Index