[...] This inconsistency should not be repeated. The naming
of future specifications of Diffie-Hellman key exchange using Oakley
groups defined in [RFC2412] or its successors should be performed
with forethought and care.
I don't recall the results of the coin toss, and it isn't
clear from this. So how about one of the following, depending
on which way the toss went:
Additional methods may be defined as specified in [SSH-NUMBERS].
Note that for historical reasons the name
"diffie-hellman-group1-sha1" is used for a key exchange method using
an Oakley group as defined in [RFC2412]. Subsequently, the Working
Group attempted to follow the numbering scheme of group numbers from
[RFC3526] with diffie-hellman-group14-sha1 for the name of the second
defined name. Future groups borrowed from [RFC2412] should continue
to use the same numbering scheme used by [RFC3526]. However, without
specific IETF action, no addition groups from [RFC3526] are valid in
the SSH protocol.
OR:
Additional methods may be defined as specified in [SSH-NUMBERS].
Note that for historical reasons the name
"diffie-hellman-group1-sha1" is used for a key exchange method using
an Oakley group as defined in [RFC2412]. Subsequently, the Working
Group attempted to follow the numbering scheme of group numbers from
[RFC3526] with diffie-hellman-group14-sha1 for the name of the second
defined name. Future groups borrowed from [RFC2412] should not attemp
to use the same numbering scheme used by [RFC3526], but should
use numbering unique to SSH. I.e., the next group defined for SSH
should be diffie-hellman-group2-sha1, regardless of it's source.