On Tuesday, June 15, 2004 08:34:40 +1000 Damien Miller <djm%mindrot.org@localhost> wrote:
Nicolas Williams wrote:I don't think it's a practical problem now, no. But parametrizing the SSHv2 DH kex (diffie-hellman-group<N>-<hash>) shouldn't hold up publication as long as we quickly reach consensus on the meaning of <N> and <hash>.Throughout the protocol, all of these fields are names, not parameters. Parametising one but not all may give implemntors the idea that they have the ability to pick and choose (e.g. cipher key lengths). I think we should specify diffie-hellman-group1-sha1 (MUST), diffie-hellman-group14-sha1 (RECOMMENDED or MUST), perhaps recommend DH-GEX (ideally *in* the DH-GEX document when it is advanced) and leave it at that.
I still believe that recommending DH-GEX in the core document is better than doing so only in the DH-GEX document. People can claim to implement ssh without having ever _read_ the DH-GEX document.
Other than that, I'm inclined to agree. We should adopt the groupNN convention informally, but making it a formal parameter seems to invite implementors to interpret other names the same way.
At this point I don't think we have any disagreement that - we should specify diffie-hellman-group14-sha1 - it should be at least RECOMMENDED (I prefer REQUIRED; who objects?) - we should not specify other hashes at this time