Re: [psg.com #460] IESG - Transport - Oakley - new proposal (fwd)

To: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>
Subject: Re: [psg.com #460] IESG - Transport - Oakley - new proposal (fwd)
From: nisse%lysator.liu.se@localhost (Niels Möller)
Date: 26 Aug 2004 12:41:01 +0200

Jeffrey Hutzelman <jhutz%cmu.edu@localhost> writes:

> On Wednesday, August 25, 2004 10:58:26 -0700 Chris Lonvick
> <clonvick%cisco.com@localhost> wrote:
> 
> > It appears that there is some consensus about going back to our own
> > namespce  " diffie-hellman-groupN-sha1 "

I think a lot of peple are silent. It's hard to tell if that's because
they agree, or don't care, or are all on vacation.

> > We have defined N=1 and N=2 so we could propose to the IANA that new ones
> > - be created via the consensus method
> > - N monotonically increases
> > - once assigned, N must not be reused
> > - future assignments not using DH and/or SHA1 may have entirely different
> >   formats.
> >
> > This will remove the proposal for the use of  diffie-hellman-group14-sha1
> 
> 
> (1) I don't see a need for a sub-registry.  There is a registry of key
> exchange method names; that is all that is required.  Saying "use
> these group numbers defined over here" made sense when the intent was
> to normalize our naming to reflect another existing registry.  If
> we're not going to do that, than no more needs to be said.

Agree fully. Keep it simple.

> (2) I still think it is a bad idea to continue the practice of using
> phrases like "group N" to mean completely different groups than the
> rest of the community means when they say "group N".

I don't think it's possible to fix that, given that we already have
"diffie-hellman-group1-sha1 mean "well known group 2", (and I think we
have agreed that it is far too late to change our name for that
group). I'm afraid that using both an ssh-specific numbering scheme
(for oakley group 2) and an ipsec-spcific numbering (for oakley group
14) will cause even more confusion than sticking to an ssh-specific
numbering.

> BTW, I seem to recall someone asking about how these group moduli were
> selected, and asking for a reference.  The appropriate reference is
> RFC2412, appendix E, in which the original 5 well-known Oakley groups
> are defined.

It was me asking about that some days ago. Thanks.

Regards,
/Niels

Follow-Ups:
- Re: [psg.com #460] IESG - Transport - Oakley - new proposal (fwd)
  - From: Jeffrey Hutzelman
- Re: [psg.com #460] IESG - Transport - Oakley - new proposal (fwd)
  - From: Derek Fawcus
- Re: [psg.com #460] IESG - Transport - Oakley - new proposal (fwd)
  - From: Simon Tatham
- Re: [psg.com #460] IESG - Transport - Oakley - new proposal (fwd)
  - From: Peter Gutmann

References:
- Re: [psg.com #460] IESG - Transport - Oakley - new proposal (fwd)
  - From: Bill Sommerfeld
- Re: [psg.com #460] IESG - Transport - Oakley - new proposal (fwd)
  - From: Niels Möller
- Re: [psg.com #460] IESG - Transport - Oakley - new proposal (fwd)
  - From: Timo J. Rinne
- Re: [psg.com #460] IESG - Transport - Oakley - new proposal (fwd)
  - From: Chris Lonvick
- Re: [psg.com #460] IESG - Transport - Oakley - new proposal (fwd)
  - From: Jeffrey Hutzelman

Prev by Date: Re: [psg.com #460] IESG - Transport - Oakley - new proposal (fwd)
Next by Date: Re: [psg.com #460] IESG - Transport - Oakley - new proposal (fwd)
Previous by Thread: Re: [psg.com #460] IESG - Transport - Oakley - new proposal (fwd)
Next by Thread: Re: [psg.com #460] IESG - Transport - Oakley - new proposal (fwd)
Indexes:

Home | Main Index | Thread Index | Old Index