IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: SSH key algorithm updates



At the risk of thread-jacking a little, I was working a few months ago on adding SASL support to the SSH protocol; this work is currently parked, but if I can find time to work on this again, would this be a good juncture to get that on the standards track? I'm assuming the audience for adding a new auth mechanism is the same one involved in deprecation.

Best wishes,

Phil Lello

On Fri, Oct 30, 2015 at 9:49 PM, Stephen Farrell <stephen.farrell%cs.tcd.ie@localhost> wrote:


On 30/10/15 21:43, Jeffrey Hutzelman wrote:
> On Fri, 2015-10-30 at 21:36 +0000, Stephen Farrell wrote:
>>
>> On 30/10/15 18:12, Jeffrey Hutzelman wrote:
>>> Agreed.  In fact, we probably should undertake a general updating of
>>> recommended and required crypto algorithms across the protocol.
>>
>> If there's general support for this, then I'd be happy to
>> try shift any annoying IETF bureaucracy out of the way. That
>> could mean forming a short-lived wg or me AD sponsoring a
>> single document if that's all that's needed. I'm happy to
>> help with either approach.
>
>
> I imagine that we could do it with an AD-sponsored document and an
> extended IETF last call.  No need to spin up a WG, I hope.

Yeah, if it's just algo updates, that seems right. I guess we
should see if folks have another list of things they'd like to
do though - if there were then that might justify a wg, but if
not, then AD sponsored is much quicker/simpler.

>
> I admit I haven't been paying attention; what's the plan for SHA3?

Not sure there's a general plan. There does seem to be a general
disinterest;-)

> Should we be thinking about a set of documents to define SHA3-based key
> exchange, public key, and MAC algorithms for SSH?

Personally, I'm not that keen on defining stuff that might not
get widespread use, but that kind of opinion seems to vary from
protocol to protocol, and from one set of folks to another. So
I'm not sure what folks here think.

Deprecating old stuff to the extent we can OTOH, I'm quite keen
on that:-)

Cheers,
S.


S.

>
>



Home | Main Index | Thread Index | Old Index