Re: [psg.com #460] IESG - Transport - Oakley

[Jeffrey Hutzelman <jhutz%cmu.edu@localhost>]

On Tuesday, June 15, 2004 11:21:31 -0500 Nicolas Williams 
<Nicolas.Williams%sun.com@localhost> wrote:


> Yes, but, I'd like the namespace reservation to be a bit more than just
> "in our minds" -- though we can't bind subsequent changes to SSHv2 to
> a group naming policy, we can certainly recommend one in the spec.

[TRANSPORT]

8.1 diffie-hellman-group1-sha1
  The "diffie-hellman-group1-sha1" method specifies Diffie-Hellman key
  exchange with SHA-1 as HASH, and Oakley Group 2 [RFC2409] (1024bit
  MODP Group).  This method MUST be supported for interoperability as all
  of the known implementations currently support it.  Note that, for
  historical reasons, this method is named using the phrase "group1"
  even though it specifies the use of Oakley Group 2.

8.2 diffie-hellman-group14-sha1

  The "diffie-hellman-group14-sha1" method specifies Diffie-Hellman key
  exchange with SHA-1 as HASH, and Oakley Group 14 [RFC3526] (2048bit
  MODP Group), and it MUST also be supported.


[NUMBERS]

4.3  Key Exchange Method Names

  ...

  Note that, for historical reasons, the name "diffie-hellman-group1-sha1"
  is used for a key exchange method using Oakley Group 2.  This is
  considered an aberration and should not be repeated.  Any future
  specifications of Diffie Hellman key exchange using Oakley groups
  defined in [RFC2412] or its successors should be named using the
  group numbers assigned by IANA, and names of the form
  "diffie-hellman-groupN-sha1" should be reserved for this purpose.