IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
RE: [Curdle] Call for Adoption
Hi,
Thanks for the suggestion. I think it falls into the scope of the WG.
The question I would have is whether it would make sense to extend the
document to the crypto suites others than DH - i.e. encryption mac.
This would result in a document providing cryptographic
recommendations for SSH and have this document regularly updated as
crypto evolves. Any opinion ?
BR,
Daniel
-----Original Message-----
From: mdb%juniper.net@localhost [mailto:mdb%juniper.net@localhost]
Sent: Wednesday, January 13, 2016 10:40 AM
To: Curdle Chairs
Cc: Curdle; ietf-ssh%NetBSD.org@localhost
Subject: Re: [Curdle] Call for Adoption
Hi,
Over on the ietf-ssh%NetBSD.org@localhost list, Stephen Farrell suggested that I see if I could add
https://datatracker.ietf.org/doc/draft-baushke-ssh-dh-group-sha2
under the curdle charter.
The draft deprecates a Secure Shell (SSH) key exchange algorithm (Diffie-Hellman group1 - a 768-bit MODP group) and recommends replacement with stronger Diffie-Hellman MODP groups (groups 14, 15, 16).
The draft does have two interoperable implementations that have implemented it.
Does it fit well enough into the curdle charter to be added here?
Thank you,
-- Mark
------- forwarded message -------
From: Stephen Farrell <stephen.farrell%cs.tcd.ie@localhost>
Date: Wed, 13 Jan 2016 10:34:05 +0000
Subject: Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)
Hiya,
On 13/01/16 09:21, Mark D. Baushke wrote:
> Hi,
>
> URL: https://datatracker.ietf.org/doc/draft-baushke-ssh-dh-group-sha2
>
> I believe that OpenSSH and Dropbear SSH have both implemented
> interoperable versions using the current 01 version at this point in time.
>
> I would be interested in hearing if any other implementations have
> adopted these new DH groups.
>
> Are there any additional comments or changes needed for the draft
> before we can move to the next step in the process?
>
> Hmmm... What is next? Getting 'AD is watching' or is it getting a
> document shepherd?
There's no active SSH WG, but there is the curdle WG. Its charter [1] however is limited in terms of what it's allowed to add to protocols. OTOH, this is not defining any new groups, just updating codepoints, including deprecating one (to NOT RECOMMENDED). So the draft could fit there on that basis I guess. So I'd say send a mail to the curdle list and suggest this be adopted there.
If that doesn't work I can look at AD sponsoring it, but since one of the reasons to setup curdle was to avoid too many of these being AD sponsored, please try there first.
Cheers,
S.
[1] https://tools.ietf.org/wg/curdle
>
> Thank you,
> -- Mark
Home |
Main Index |
Thread Index |
Old Index