Re: Curve25519/448 key agreement for SSH

To: denis bider <ietf-ssh3%denisbider.com@localhost>
Subject: Re: Curve25519/448 key agreement for SSH
From: "Mark D. Baushke" <mdb%juniper.net@localhost>
Date: Sat, 14 Nov 2015 12:00:54 -0800

denis wrote:
> Folks who use older versions are typically people who don't care about
> CBC until it comes up in a security scan... At which point they
> grudgingly consider upgrading their 10 year old version. :)

I believe that more than just ancient editions of SSH implementations
are going to need to have AES CBC mode for at least a few more years...

In the Common Criteria world, there is the
collaborative Protection Profile for Network Devices Version 1.0
https://www.niap-ccevs.org/pp/pp.cfm?id=CPP_ND_V1.0

    FCS_SSHC_EXT.1.1 The TSF shall implement the SSH protocol that
    complies with RFCs 4251, 4252, 4253, 4254, and [selection: 5647,
    5656, 6187, 6668, no other RFCs].

    ...elided...

    FCS_SSHC_EXT.1.4 The TSF shall ensure that the SSH transport
    implementation uses the following encryption algorithms and rejects
    all other encryption algorithms: aes128-cbc, aes256-cbc, [selection:
    AEAD_AES_128_GCM, AEAD_AES_256_GCM, no other algorithms].

The AEAD_AES_128_GCM and AEAD_AES_256_GCM as specified in RFC 5647 is
not implemented exactly by a number of SSH implementations, so that
tends to leave aes128-cbc and aes256-cbc for those trying to obtain
a Common Criteria CPP_ND_V1.0 certification.

While it may be possible to change this going forward, it probably means
that one or more folks from the technical community need to participate
in the Technical Communities by asking tc-ssh-staff%niap-ccevs.org@localhost ...

| Call for Participants in Technical Communities (26 August 2015)
| 
| The National Information Assurance Partnership/Common Criteria
| Evaluation and Validation Scheme (NIAP/CCEVS) is inviting industry,
| government, end users, academic institutions, and labs with relevant
| technology expertise and research focus to participate in the
| following Technical Communities (TCs). If you are interested in
| joining a technical community and participating in the development
| of Protection Profiles for these technologies, please contact
| NIAP/CCEVS at:
| 
|     Secure Shell (SSH)    tc-ssh-staff%niap-ccevs.org@localhost
| 
|         VPN Client    tc-vpnclient-staff%niap-ccevs.org@localhost

	-- Mark

References:
- Re: Curve25519/448 key agreement for SSH
  - From: denis bider

Prev by Date: Re: Updated RSA SHA-2 draft / New draft: SSH Extension Negotiation
Next by Date: Re: DH group exchange (Re: SSH key algorithm updates)
Previous by Thread: Re: Curve25519/448 key agreement for SSH
Next by Thread: Re: Curve25519/448 key agreement for SSH
Indexes:

Home | Main Index | Thread Index | Old Index