Re: [psg.com #460] IESG - Transport - Oakley

[Bill Sommerfeld <sommerfeld%east.sun.com@localhost>]

> By parameterizing, here, are we talking about something like
> 
> 	diffie-hellman-groupN-HASH is a valid method name for any N for
> 	which $REFERENCE defines a group, and any HASH for which
> 	<blah>.

some seem to be implying this.

> or are we talking about
> 
> 	diffie-hellman-groupN-HASH is a method name; the first protocol
> 	packet contains the group number and the hash name ...

I haven't seen any indication that anyone was seriously suggesting
this; moreover, I believe this breaks group negotiation unless all
parties agree in advance to support all groups (which sort of defeats
the purpose) since you can't add parameters to the offered group..

> or are we talking about standardizing group14-sha1 and group1-sha1 and,
> in our own minds, reserving the rest of the diffie-hellman-group%d-%s
> namespace for future specification along similar lines?
> 
> My own impression has been that we've been doing the last of these, but
> now I'm not sure.

I believe consensus is congealing around this option.  Anyone who
believes otherwise should speak up ASAP.

> > we can use "group14" or "group2" now, but then after that we should
> > follow the whichever convention in adding new groups.
> 
> ...for what it's worth, I prefer group14, with the group1/group2
> confusion grandfathered.  (If it were entirely up to me, I'd define
> group2 as the official name for the old one, with group1 as a
> deprecated equivalent for the sake of interoperability.)

I'm speculating that the ssh group 1 == ike group 2 confusion arose
from a desire to have a distinct group number space for the two
protocols.  If you're going to use the same groups at each bit size,
that makes no sense to me.

						- Bill