Re: [psg.com #460] IESG - Transport - Oakley - new proposal (fwd)

[Chris Lonvick <clonvick%cisco.com@localhost>]

Hi,

It appears that there is some consensus about going back to our own
namespce  " diffie-hellman-groupN-sha1 "

We have defined N=1 and N=2 so we could propose to the IANA that new ones
- be created via the consensus method
- N monotonically increases
- once assigned, N must not be reused
- future assignments not using DH and/or SHA1 may have entirely different
  formats.

This will remove the proposal for the use of  diffie-hellman-group14-sha1 .

Is there any significant dissent?

Thanks,
Chris


On Sun, 22 Aug 2004, Timo J. Rinne wrote:

> Niels Möller wrote:
> > To me, it seems cleaner and less confusing to stick to the original
> > intentions of Tero and others and use a small ssh-specific name space,
> > and naming scheme A above. Then diffie-hellman-group1-sha1 means "well
> > known group 2" from one RFC. diffie-hellman-group2-sha1 means a
> > 2028-bit group from a different RFC. diffie-hellman-group3-sha1 will
> > mean whatever we choose it to mean at the time we decide we need yet
> > another fixed group.
>
> I fully agree with Niels here.  This way we would get it clear once and
> for all.  Should we borrow group numbering from ike, we should then
> include all of them instead of arbitrary subset.  Anyways, it is much
> simpler and straightforward to use independent numbering in SecSh.
>
> --
> Timo J. Rinne <tri%ssh.com@localhost>     -+-+-+-     http://www.ssh.com
>