IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [Curdle] Call for Adoption



On Wed, Jan 13, 2016 at 8:31 AM, Daniel Migault
<daniel.migault%ericsson.com@localhost> wrote:
>  Hi,
>
>  Thanks for the suggestion. I think it falls into the scope of the WG.
>
>  The question I would have is whether it would make sense to extend the
>  document to the crypto suites others than DH - i.e. encryption mac.
>  This would result in a document providing cryptographic
>  recommendations for SSH and have this document regularly updated as
>  crypto evolves. Any opinion ?

I'd prefer to prioritize the already deployed Curve25519 and Ed25519
work over crypto recommendations which other groups can develop. We
also should consider aes-gcm%openssh.com@localhost to be added as this addresses
a corner case in the spec which makes AEAD complex.

>
>  BR,
>  Daniel
>
> -----Original Message-----
> From: mdb%juniper.net@localhost [mailto:mdb%juniper.net@localhost]
> Sent: Wednesday, January 13, 2016 10:40 AM
> To: Curdle Chairs
> Cc: Curdle; ietf-ssh%NetBSD.org@localhost
> Subject: Re: [Curdle] Call for Adoption
>
> Hi,
>
> Over on the ietf-ssh%NetBSD.org@localhost list, Stephen Farrell suggested that I see if I could add
>
>   https://datatracker.ietf.org/doc/draft-baushke-ssh-dh-group-sha2
>
> under the curdle charter.
>
> The draft deprecates a Secure Shell (SSH) key exchange algorithm (Diffie-Hellman group1 - a 768-bit MODP group) and recommends replacement with stronger Diffie-Hellman MODP groups (groups 14, 15, 16).
>
> The draft does have two interoperable implementations that have implemented it.
>
> Does it fit well enough into the curdle charter to be added here?
>
>         Thank you,
>         -- Mark
>
>  ------- forwarded message -------
> From: Stephen Farrell <stephen.farrell%cs.tcd.ie@localhost>
> Date: Wed, 13 Jan 2016 10:34:05 +0000
> Subject: Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)
>
> Hiya,
>
> On 13/01/16 09:21, Mark D. Baushke wrote:
>> Hi,
>>
>> URL: https://datatracker.ietf.org/doc/draft-baushke-ssh-dh-group-sha2
>>
>> I believe that OpenSSH and Dropbear SSH have both implemented
>> interoperable versions using the current 01 version at this point in time.
>>
>> I would be interested in hearing if any other implementations have
>> adopted these new DH groups.
>>
>> Are there any additional comments or changes needed for the draft
>> before we can move to the next step in the process?
>>
>> Hmmm... What is next? Getting 'AD is watching' or is it getting a
>> document shepherd?
>
> There's no active SSH WG, but there is the curdle WG. Its charter [1] however is limited in terms of what it's allowed to add to protocols. OTOH, this is not defining any new groups, just updating codepoints, including deprecating one (to NOT RECOMMENDED). So the draft could fit there on that basis I guess. So I'd say send a mail to the curdle list and suggest this be adopted there.
>
> If that doesn't work I can look at AD sponsoring it, but since one of the reasons to setup curdle was to avoid too many of these being AD sponsored, please try there first.
>
> Cheers,
> S.
>
> [1] https://tools.ietf.org/wg/curdle
>
>>
>>       Thank you,
>>       -- Mark
>
> _______________________________________________
> Curdle mailing list
> Curdle%ietf.org@localhost
> https://www.ietf.org/mailman/listinfo/curdle



-- 
"Man is born free, but everywhere he is in chains".
--Rousseau.



Home | Main Index | Thread Index | Old Index