IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: DH KEX names an "aberration"?



In article <1108055458.11303.10.camel@thunk> you write:
>here's a revision which documents the past rather than constraining the future:
>
>   Additional methods may be defined as specified in [SSH-NUMBERS]. The
>   name "diffie-hellman-group1-sha1" is used for a key exchange method
>   using an Oakley group as defined in [RFC2412].  SSH maintains its own
>   group identifier space which is logically distinct from Oakley and IKE;
>   however, for one additional group, the Working Group adopted the number
>   assigned by [RFC3526], using diffie-hellman-group14-sha1 for the name of 
>   the second defined group.  Implementations should treat these names as 
>   opaque identifiers and should not assume any relationship between the groups
>   used by SSH and the groups defined in 2412 and its successors.

That seems good to me.  Having looked at the relevant RFCs and the IANA
IPsec registry, it looks like the official reference for IPsec group 2 is
RFC 2409 rather than RFC 2412, and RFC 3526 is only vaguely a successor to
either.  Perhaps "in 2412 and its successors" should read "for IKE".

-- 
Ben Harris




Home | Main Index | Thread Index | Old Index