IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [psg.com #460] IESG - Transport - Oakley



On Monday, June 14, 2004 13:22:18 +0200 Niels Möller <nisse%lysator.liu.se@localhost> wrote:

Jon Bright <jon%siliconcircus.com@localhost> writes:

Nonetheless, providing a hint to possibly-ill-informed implementors
about what should come first by default wouldn't be a bad thing?

Adding such a recommendation would not be the end of the world as we
know it, but it would be a useless bloat of the spec, imho. The
protocol specification should explain the details needed for
implementing the protocol, it's not the place for random advice on how
to best use and implement the protocol.

Actually, the protocol specification is a perfectly reasonable place for advice to implementors.

I think it should be fairly obvious that group14 is harder to crack
than group1, and that using group14 will consume more cpu cycles.

Well, that's the expectation I would have. But I don't agree it will be obvious to everyone.


In any case, I don't have any particular attachment to adding such a recommendation; I just tossed it out there as an idea.




BTW, about naming. The proposed naming is a little confusing:

  SSH name                      "Well known" name

  diffie-hellman-group1-sha1    Well known group 2     (RFC 2412)
                      ^                          ^
  diffie-hellman-group14-sha1   Well known group 14    (RFC 3516)

Yup.  I blame the people who named diffie-hellman-group1-sha1.



On the other hand,
it would be nice to be able to generalize

  diffie-hellman-groupXX-sha1   Well known group XX    (RFC 3516)

I was assuming it was pretty much agreed that this would be the appropriate solution. It does mean there's no name for the method which uses group 1, but somehow I suspect we don't care very much...


Oh, and for those reading who are confused...
- Groups 1-4 are defined in RFC2409 (IKE) and RFC2412 (Oakley).
 Groups 1 and 2 are MODP groups of size 768 and 1024 bits, and
 are defined identically in both places.
 Groups 3 and 4 are EC2N groups; they are _not_ defined identically
 in both places -- one of the two documents is in error, but I'm not
 awake enough to tell which.
- Groups 5 and 14-18 are defined in RFC3526 (not RFC2516).  They
 are MODP groups of increasing size, from 1536 to 8192 bits.

-- Jeffrey T. Hutzelman (N3NHS) <jhutz+%cmu.edu@localhost>
  Sr. Research Systems Programmer
  School of Computer Science - Research Computing Facility
  Carnegie Mellon University - Pittsburgh, PA




Home | Main Index | Thread Index | Old Index