Re: [psg.com #460] IESG - Transport - Oakley

To: ietf-ssh%NetBSD.org@localhost
Subject: Re: [psg.com #460] IESG - Transport - Oakley
From: der Mouse <mouse%Rodents.Montreal.QC.CA@localhost>
Date: Mon, 14 Jun 2004 21:18:55 -0400 (EDT)

>>> But parametrizing the SSHv2 DH kex (diffie-hellman-group<N>-<hash>)
>>> shouldn't hold up publication as long as we quickly reach consensus
>>> on the meaning of <N> and <hash>.
>> Throughout the protocol, all of these fields are names, not
>> parameters.  Parametising one but not all may give implemntors the
>> idea that they have the ability to pick and choose (e.g. cipher key
>> lengths).
> They are names, but there's no reason that we can't parametrize names
> for the simple DH kex.  I see no reason why we couldn't let
> implementors pick and choose as long as there are required ones for
> interop.

By parameterizing, here, are we talking about something like

	diffie-hellman-groupN-HASH is a valid method name for any N for
	which $REFERENCE defines a group, and any HASH for which
	<blah>.

or are we talking about

	diffie-hellman-groupN-HASH is a method name; the first protocol
	packet contains the group number and the hash name ...

or are we talking about standardizing group14-sha1 and group1-sha1 and,
in our own minds, reserving the rest of the diffie-hellman-group%d-%s
namespace for future specification along similar lines?

My own impression has been that we've been doing the last of these, but
now I'm not sure.

For what it's worth, I agree with

>> I think we should specify diffie-hellman-group1-sha1 (MUST),
>> diffie-hellman-group14-sha1 (RECOMMENDED or MUST), perhaps recommend
>> DH-GEX (ideally *in* the DH-GEX document when it is advanced) and
>> leave it at that.

As for...

> we can use "group14" or "group2" now, but then after that we should
> follow the whichever convention in adding new groups.

...for what it's worth, I prefer group14, with the group1/group2
confusion grandfathered.  (If it were entirely up to me, I'd define
group2 as the official name for the old one, with group1 as a
deprecated equivalent for the sake of interoperability.)

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse%rodents.montreal.qc.ca@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Follow-Ups:
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Nicolas Williams
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Jeffrey Hutzelman
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Bill Sommerfeld

References:
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Chris Lonvick
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Nicolas Williams
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: der Mouse
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Niels Möller
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Damien Miller
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Jeffrey Hutzelman
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Nicolas Williams
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Damien Miller
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Nicolas Williams
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Damien Miller
- Re: [psg.com #460] IESG - Transport - Oakley
  - From: Nicolas Williams

Prev by Date: Re: [psg.com #460] IESG - Transport - Oakley
Next by Date: Re: [psg.com #460] IESG - Transport - Oakley
Previous by Thread: Re: [psg.com #460] IESG - Transport - Oakley
Next by Thread: Re: [psg.com #460] IESG - Transport - Oakley
Indexes:

Home | Main Index | Thread Index | Old Index