Re: DH KEX names an "aberration"?

[nisse%lysator.liu.se@localhost (Niels Möller)]

Jeffrey Hutzelman <jhutz%cmu.edu@localhost> writes:

>    Note that, for historical reasons, the name
>    "diffie-hellman-group1-sha1" is used for a key exchange method using
>    an Oakley group as defined in [RFC2412].  Subsequently, the Working
>    Group attempted to follow the numbering scheme of group numbers from
>    [RFC3526] with diffie-hellman-group14-sha1 for the name of the second
>    defined name.  This is considered an aberration and should not be
>    repeated.

> The text above implies that we chose to follow the existing numbering
> scheme and use "group14", but that also that we consider _that_ an
> "aberration" and something to be avoided in the future.  That just
> doesn't make any sense to me -- if we decided we should use our own
> naming scheme, why use "group14" at all.  And if we decided not to use
> our own naming scheme, why does the document essentially say that was
> a bad decision?

I agree the text is a little confusing. Given that there was no
consensus on the preferred naming style, and that both the current
choices were motivated by compatibility by the deployed
implementations, I don't think it's appropriate to say that either
name is an "aberration". We might need to comment the inconsistent
naming, though.

>    Any future specifications of Diffie-Hellman key exchange
>    using Oakley groups defined in [RFC2412] or its successors should be
>    performed with care and a bit of research.

> Also, while I don't disagree with the last sentence in principle, it
> seems to be implying that the current work was not "performed with
> care and a bit of research".

I think the important message here is that adopting new Oakley groups
is not a mere formality; one shouldn't expect that oakley group 17 is
automatically given the name diffie-hellman-group17-sha1 and be
supported in the ssh protocol.

Regards,
/Niels