RE: [Curdle] Call for Adoption

To: "mdb%juniper.net@localhost" <mdb%juniper.net@localhost>, Curdle Chairs <curdle-chairs%ietf.org@localhost>
Subject: RE: [Curdle] Call for Adoption
From: Daniel Migault <daniel.migault%ericsson.com@localhost>
Date: Wed, 13 Jan 2016 16:31:39 +0000

 Hi,

 Thanks for the suggestion. I think it falls into the scope of the WG.

 The question I would have is whether it would make sense to extend the 
 document to the crypto suites others than DH - i.e. encryption mac.  
 This would result in a document providing cryptographic 
 recommendations for SSH and have this document regularly updated as 
 crypto evolves. Any opinion ?

 BR,
 Daniel

-----Original Message-----
From: mdb%juniper.net@localhost [mailto:mdb%juniper.net@localhost] 
Sent: Wednesday, January 13, 2016 10:40 AM
To: Curdle Chairs
Cc: Curdle; ietf-ssh%NetBSD.org@localhost
Subject: Re: [Curdle] Call for Adoption 

Hi,

Over on the ietf-ssh%NetBSD.org@localhost list, Stephen Farrell suggested that I see if I could add

  https://datatracker.ietf.org/doc/draft-baushke-ssh-dh-group-sha2 

under the curdle charter. 

The draft deprecates a Secure Shell (SSH) key exchange algorithm (Diffie-Hellman group1 - a 768-bit MODP group) and recommends replacement with stronger Diffie-Hellman MODP groups (groups 14, 15, 16).

The draft does have two interoperable implementations that have implemented it.

Does it fit well enough into the curdle charter to be added here?

	Thank you,
	-- Mark

 ------- forwarded message -------
From: Stephen Farrell <stephen.farrell%cs.tcd.ie@localhost>
Date: Wed, 13 Jan 2016 10:34:05 +0000
Subject: Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)

Hiya,

On 13/01/16 09:21, Mark D. Baushke wrote:
> Hi,
> 
> URL: https://datatracker.ietf.org/doc/draft-baushke-ssh-dh-group-sha2
> 
> I believe that OpenSSH and Dropbear SSH have both implemented 
> interoperable versions using the current 01 version at this point in time.
> 
> I would be interested in hearing if any other implementations have 
> adopted these new DH groups.
> 
> Are there any additional comments or changes needed for the draft 
> before we can move to the next step in the process?
> 
> Hmmm... What is next? Getting 'AD is watching' or is it getting a 
> document shepherd?

There's no active SSH WG, but there is the curdle WG. Its charter [1] however is limited in terms of what it's allowed to add to protocols. OTOH, this is not defining any new groups, just updating codepoints, including deprecating one (to NOT RECOMMENDED). So the draft could fit there on that basis I guess. So I'd say send a mail to the curdle list and suggest this be adopted there.

If that doesn't work I can look at AD sponsoring it, but since one of the reasons to setup curdle was to avoid too many of these being AD sponsored, please try there first.

Cheers,
S.

[1] https://tools.ietf.org/wg/curdle

> 
> 	Thank you,
> 	-- Mark

Follow-Ups:
- Re: [Curdle] Call for Adoption
  - From: Mark D. Baushke
- Re: [Curdle] Call for Adoption
  - From: Watson Ladd

References:
- Re: [Curdle] Call for Adoption
  - From: Mark D. Baushke

Prev by Date: Re: [Curdle] Call for Adoption
Next by Date: SSH crypto updates / Re: Call for Adoption
Previous by Thread: Re: [Curdle] Call for Adoption
Next by Thread: Re: [Curdle] Call for Adoption
Indexes:

Home | Main Index | Thread Index | Old Index