Re: [psg.com #460] IESG - Transport - Oakley - new proposal

To: ietf-ssh%NetBSD.org@localhost
Subject: Re: [psg.com #460] IESG - Transport - Oakley - new proposal
From: Chris Lonvick <clonvick%cisco.com@localhost>
Date: Thu, 24 Jun 2004 08:16:22 -0700 (PDT)

Hi,

On Tue, 22 Jun 2004, [iso-8859-1] Niels Möller wrote:

> Chris Lonvick <clonvick%cisco.com@localhost> writes:
>
> > The proposed new section in [ARCH] will say:
> >
> >    As stated in Section 7.1 of [TRANS], each device will send a list of
> >    preferred methods for key exchange.  The most-preferred method is the
> >    first in the list.  Implementations are free to determine their default
> >    preferences based upon relative cryptographic security, performance
> >    or other criteria.  If only the two methods defined in Section 8 of
> >    [TRANS] are are implemented, it is RECOMMENDED that
> >    diffie-hellman-group14-sha1 be listed before
> >    diffie-hellman-group1-sha1 in the kex list.
>
> I can accept this writing, but I would still prefer that it either be
> deleted, or be generalized to something like "if an implementation
> doesn't have any other reason to preferring one algorithm over the
> other, it's recommended to sort the algorithms by cryptographic
> strength, strongest first", which applies to all algorithm lists, not
> just the key exchange method.

also

On Tue, 22 Jun 2004, Jeffrey Hutzelman writes:

> I guess that text looks OK to me. I've sort of become indifferent on
> this; I won't object strongly if people don't want to add this sort of
> text.

So, it doesn't look like everyone is ready for a group hug on this one.
I'll make this alternate proposal for this section:

   As stated in Section 7.1 of [TRANS], each device will send a list of
   preferred methods for key exchange.  The most-preferred method is the
   first in the list.  Implementators are free to determine their default
   preferences.  If an implementation doesn't have any other reason to
   preferring one algorithm over the other, it is RECOMMENDED to sort the
   algorithms by cryptographic strength, strongest first.  Some additional
   guidance for this is given in BCP 86 [RFC 3766].
ftp://ftp.rfc-editor.org/in-notes/rfc3766.txt

I'll also find a spot to globalize that for all proposal lists.

I need to get some consensus on this so please vote for one of the
following:

A - Use this wording in a new section.
B - Use the old wording in a new section.
C - Delete the proposed new section.
D - [write-in your new proposal]

The default is "A".  If I don't hear from anyone, or if the votes received
don't give clear consensus, I'll go with that.

Thanks,
Chris

Follow-Ups:
- Re: [psg.com #460] IESG - Transport - Oakley - new proposal
  - From: Damien Miller

References:
- [psg.com #460] IESG - Transport - Oakley - new proposal
  - From: Chris Lonvick
- Re: [psg.com #460] IESG - Transport - Oakley - new proposal
  - From: Niels Möller

Prev by Date: Re: [psg.com #460] IESG - Transport - Oakley - new proposal
Next by Date: Re: [psg.com #460] IESG - Transport - Oakley - new proposal
Previous by Thread: Re: [psg.com #460] IESG - Transport - Oakley - new proposal
Next by Thread: Re: [psg.com #460] IESG - Transport - Oakley - new proposal
Indexes:

Home | Main Index | Thread Index | Old Index