IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [psg.com #460] IESG - Transport - Oakley



Hi,

I'd argue for text more like this:

-----
As stated in Section 7.1 of [TRANS], each device will send a list of
methods for key exchange.  The most-preferred method is the first
in the list.  Implementations are free to determine their default
preferences based upon relative cryptographic security, performance
or other criteria. If only the two methods defined in Section 8.1 of [TRANS] are are implemented, it is RECOMMENDED that diffie-hellman-group14-sha1 be listed before
diffie-hellman-group1-sha1 in the kex list.
----

Where this text belongs is a different question - [ARCH] is probably wrong, in my opinion. This seems more like an issue for the Security Considerations section of [TRANS]. The text above would obviously need reformatting if it were moved there.

--
Jon Bright
Silicon Circus Ltd.
http://www.siliconcircus.com



Home | Main Index | Thread Index | Old Index