IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [psg.com #460] IESG - Transport - Oakley



Jon Bright <jon%siliconcircus.com@localhost> writes:

> Nonetheless, providing a hint to possibly-ill-informed implementors
> about what should come first by default wouldn't be a bad thing?

Adding such a recommendation would not be the end of the world as we
know it, but it would be a useless bloat of the spec, imho. The
protocol specification should explain the details needed for
implementing the protocol, it's not the place for random advice on how
to best use and implement the protocol. For example we don't include a
long discussion on the pros and cons of aes vs des3, and I think it's
good that we don't do that.

I think it should be fairly obvious that group14 is harder to crack
than group1, and that using group14 will consume more cpu cycles. If
there's anybody who doesn't agree it's obvious, and who is willing to
write a *concise* and correct piece of text that says that group14 is
believed to be more secure than group1, then I won't strongly oppose
that such text is added to the spec. But I still think it's
unnecessary, and I certainly don't want to have to wait for such text
to materialize.

Defining the group and referring to RFC 3526 should be enough (it's a
little unfortunate that RFC 3526 doesn't include group two for
comparison).

BTW, about naming. The proposed naming is a little confusing:

  SSH name                      "Well known" name
  
  diffie-hellman-group1-sha1    Well known group 2     (RFC 2412)
                      ^                          ^
  diffie-hellman-group14-sha1   Well known group 14    (RFC 3516)
                      ^^                         ^^

On one hand, it would be a little more consistent to use
"diffie-hellman-group2-sha1" for oakley group 14 (meaning simply the
second fixed group defined for the ssh protocol). On the other hand,
it would be nice to be able to generalize

  diffie-hellman-groupXX-sha1   Well known group XX    (RFC 3516)

but then diffie-hellman-group1-sha1 would be a kind-of ugly exception.
I don't feel very strongly about this, though.

Regards,
/Niels



Home | Main Index | Thread Index | Old Index