Re: [psg.com #460] IESG - Transport - Oakley - new proposal (fwd)

[Chris Lonvick <clonvick%cisco.com@localhost>]

Hi,

I was hoping that this was a closed issue but I believe that Tero knows
something about this subject.  Can we have some discussion on this?  I'd
like to try to come to some consensus around one of the following:

- Tero knows of what he is saying and we need to adjust our wording.
<Extra points will be awarded for a wording proposal.>

- Tero knows of what he is saying but what we now have is good enough for
our purposes.

- "And now for something entirely different..."

Thanks,
Chris

---------- Forwarded message ----------
Date: Wed, 4 Aug 2004 01:28:35 +0300 (EEST)
From: Tero Kivinen
To: Chris Lonvick <clonvick%cisco.com@localhost>
Subject: Re: [psg.com #460] IESG - Transport - Oakley - new proposal

[I am not normally following secsh list, I am just reading last few
hundred emails, because I am bored in the PMTUD meeting, and I am
going through all ietf mailing list, so I do not send this directly to
the list (probably wouldn't go through because of spam filters), you
can forward this to the list if you feel like so. I will not be
reading the list again in near future, so I will not see any replies
to my email in few months...]


Chris Lonvick <clonvick%cisco.com@localhost> writes:
>      diffie-hellman-group1-sha1       REQUIRED
>      diffie-hellman-group14-sha1      REQUIRED

I think the group14 is very misleading. The number 14 is from the IANA
number allocated for the IKE to the "2048-bit MODP group" of the RFC
3526. (http://www.iana.org/assignments/ipsec-registry). The next
revision of the RFC 3526 might not have the numbers at all, or the
numbers might be different. Also IPsec WG might decide to change the
numbers if they want to do it.

It would be same as renaming the 3des-cbc with cipher5 etc...

>    Additional methods may be defined as specified in [SSH-NUMBERS].
>    Note that, for historical reasons, the name
>    "diffie-hellman-group1-sha1" is used for a key exchange method
>    using
>    Oakley Group 2. This is considered an aberration and should not
>    be

It happens to use the same group that is also used in the IPsec and
there it has been allocated number 2 from the IANA... There is no
reason why secsh should use the IPsec IANA registry for the numbers.

>    repeated. Any future specifications of Diffie Hellman key
>    exchange
>    using Oakley groups defined in [RFC2412] or its successors should
>    be
>    named using the group numbers assigned by IANA, and names of the
>    form
>    "diffie-hellman-groupN-sha1" should be reserved for this purpose.

Note, that group 14 is NOT oakley group. It is not defined in the
RFC2412, and the RFC 3526 does not use name oakley group anywhere. The
IANA registry for IKE (ipsec-registry) allocates the numbers for those
groups.

> 8.2 diffie-hellman-group14-sha1
>
>    The "diffie-hellman-group14-sha1" method specifies Diffie-Hellman
>    key
>    exchange with SHA-1 as HASH, and Oakley Group 14 [RFC3526]
>    (2048bit
>    MODP Group), and it MUST also be supported.

Oakley group 14 is very misleading and plainly wrong. Any groups
defined in the RFC3526 are not oakley groups. They do not have
anything to do with the oakley document.

The "2048-bit MODP group" group defined in the RFC3526 has been
allocated number 14 in the IPsec/IKE registry, but secsh should be
using their own registries, not to share the IKE registry. Note, that
IKEv2 will have its own registry for the groups, and that registry
might not be kept sync with the IKEv1 registry of groups.

> Please send back your comments to this proposal.

--