Re: DH KEX names an "aberration"?

To: ietf-ssh%NetBSD.org@localhost
Subject: Re: DH KEX names an "aberration"?
From: Chris Lonvick <clonvick%cisco.com@localhost>
Date: Mon, 14 Feb 2005 07:32:02 -0800 (PST)

Hi,

On Fri, 11 Feb 2005, Ben Harris wrote:

> In article <1108055458.11303.10.camel@thunk> you write:
> >here's a revision which documents the past rather than constraining the future:
> >
> >   Additional methods may be defined as specified in [SSH-NUMBERS]. The
> >   name "diffie-hellman-group1-sha1" is used for a key exchange method
> >   using an Oakley group as defined in [RFC2412].  SSH maintains its own
> >   group identifier space which is logically distinct from Oakley and IKE;
> >   however, for one additional group, the Working Group adopted the number
> >   assigned by [RFC3526], using diffie-hellman-group14-sha1 for the name of
> >   the second defined group.  Implementations should treat these names as
> >   opaque identifiers and should not assume any relationship between the groups
> >   used by SSH and the groups defined in 2412 and its successors.
>
> That seems good to me.  Having looked at the relevant RFCs and the IANA
> IPsec registry, it looks like the official reference for IPsec group 2 is
> RFC 2409 rather than RFC 2412, and RFC 3526 is only vaguely a successor to
> either.  Perhaps "in 2412 and its successors" should read "for IKE".

Ben points out something important.  2412 is INFORMATIONAL.  2409 and 3526
are STANDARDS TRACK.  Since the proposed text appears to have general
consensus, I'll modify the referents as follows:

   Additional methods may be defined as specified in [SSH-NUMBERS]. The
   name "diffie-hellman-group1-sha1" is used for a key exchange method
   using an Oakley group as defined in [RFC2409].  SSH maintains its own
   group identifier space which is logically distinct from Oakley
   [RFC2412] and IKE; however, for one additional group, the Working Group
   adopted the number assigned by [RFC3526], using
   diffie-hellman-group14-sha1 for the name of the second defined group.
   Implementations should treat these names as opaque identifiers and
   should not assume any relationship between the groups used by SSH and
   the groups defined for IKE.

2409 and 3526 will be normative references and 2412 will be informational.

Thanks,
Chris

References:
- RE: DH KEX names an "aberration"?
  - From: denis bider
- RE: DH KEX names an "aberration"?
  - From: Chris Lonvick
- RE: DH KEX names an "aberration"?
  - From: Bill Sommerfeld
- Re: DH KEX names an "aberration"?
  - From: Ben Harris

Prev by Date: Re: DH KEX names an "aberration"?
Next by Date: Re: tcpip-forward requests and bind addresses
Previous by Thread: Re: DH KEX names an "aberration"?
Next by Thread: Re: DH KEX names an "aberration"?
Indexes:

Home | Main Index | Thread Index | Old Index