Re: [psg.com #460] IESG - Transport - Oakley

To: Jon Bright <jon%siliconcircus.com@localhost>
Subject: Re: [psg.com #460] IESG - Transport - Oakley
From: nisse%lysator.liu.se@localhost (Niels Möller)
Date: 14 Jun 2004 13:22:18 +0200

Jon Bright <jon%siliconcircus.com@localhost> writes:

> Nonetheless, providing a hint to possibly-ill-informed implementors
> about what should come first by default wouldn't be a bad thing?

Adding such a recommendation would not be the end of the world as we
know it, but it would be a useless bloat of the spec, imho. The
protocol specification should explain the details needed for
implementing the protocol, it's not the place for random advice on how
to best use and implement the protocol. For example we don't include a
long discussion on the pros and cons of aes vs des3, and I think it's
good that we don't do that.

I think it should be fairly obvious that group14 is harder to crack
than group1, and that using group14 will consume more cpu cycles. If
there's anybody who doesn't agree it's obvious, and who is willing to
write a *concise* and correct piece of text that says that group14 is
believed to be more secure than group1, then I won't strongly oppose
that such text is added to the spec. But I still think it's
unnecessary, and I certainly don't want to have to wait for such text
to materialize.

Defining the group and referring to RFC 3526 should be enough (it's a
little unfortunate that RFC 3526 doesn't include group two for
comparison).

BTW, about naming. The proposed naming is a little confusing:

  SSH name                      "Well known" name

  diffie-hellman-group1-sha1    Well known group 2     (RFC 2412)
                      ^                          ^
  diffie-hellman-group14-sha1   Well known group 14    (RFC 3516)
                      ^^                         ^^

On one hand, it would be a little more consistent to use
"diffie-hellman-group2-sha1" for oakley group 14 (meaning simply the
second fixed group defined for the ssh protocol). On the other hand,
it would be nice to be able to generalize

  diffie-hellman-groupXX-sha1   Well known group XX    (RFC 3516)

but then diffie-hellman-group1-sha1 would be a kind-of ugly exception.
I don't feel very strongly about this, though.

Regards,
/Niels

Follow-Ups:
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Jeffrey Hutzelman

References:
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Bill Sommerfeld
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Markus Friedl
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Chris Lonvick
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Nicolas Williams
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: der Mouse
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Niels Möller
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Damien Miller
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Jeffrey Hutzelman
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Niels Möller
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Jon Bright

Prev by Date: Re: [psg.com #460] IESG - Transport - Oakley
Next by Date: Re: [psg.com #460] IESG - Transport - Oakley
Previous by Thread: Re: [psg.com #460] IESG - Transport - Oakley
Next by Thread: Re: [psg.com #460] IESG - Transport - Oakley
Indexes:

Home | Main Index | Thread Index | Old Index