Jeffrey Hutzelman <jhutz%cmu.edu@localhost> writes:
Note that, for historical reasons, the name
"diffie-hellman-group1-sha1" is used for a key exchange method using
an Oakley group as defined in [RFC2412]. Subsequently, the Working
Group attempted to follow the numbering scheme of group numbers from
[RFC3526] with diffie-hellman-group14-sha1 for the name of the second
defined name. This is considered an aberration and should not be
repeated.
The text above implies that we chose to follow the existing numbering
scheme and use "group14", but that also that we consider _that_ an
"aberration" and something to be avoided in the future. That just
doesn't make any sense to me -- if we decided we should use our own
naming scheme, why use "group14" at all. And if we decided not to use
our own naming scheme, why does the document essentially say that was
a bad decision?
I agree the text is a little confusing. Given that there was no
consensus on the preferred naming style, and that both the current
choices were motivated by compatibility by the deployed
implementations, I don't think it's appropriate to say that either
name is an "aberration". We might need to comment the inconsistent
naming, though.
Any future specifications of Diffie-Hellman key exchange
using Oakley groups defined in [RFC2412] or its successors should be
performed with care and a bit of research.
Also, while I don't disagree with the last sentence in principle, it
seems to be implying that the current work was not "performed with
care and a bit of research".
I think the important message here is that adopting new Oakley groups
is not a mere formality; one shouldn't expect that oakley group 17 is
automatically given the name diffie-hellman-group17-sha1 and be
supported in the ssh protocol.