Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)

[denis bider <ietf-ssh3%denisbider.com@localhost>]

Because we have customers opposite of what you describe. Some of ours are large institutions that come to us with a list of algorithms they deem acceptable, and it's stricter than what we implement. Some are government organizations that have to follow what NIST says. If NSA announces yesterday that the minimum secure is now SHA-384, it's not unlikely that within a few years, we'll have people coming to us, asking how to disable lesser algorithms.

With regard to NOT RECOMMENDED, that sounds to me equally as heavy as SHOULD NOT. I can't fathom that people would read "NOT RECOMMENDED", and interpret as if it said "sure, what the heck". It seems to me a stern disrecommendation.

That being said, SHOULD NOT is also in RFC 2119, and is a synonym. If you think "SHOULD NOT be used" would work better, I'm not opposed.


----- Original Message -----
From: Peter Gutmann
Sent: Friday, February 12, 2016 07:52
To: denis bider ; Mark D. Baushke
Cc: ietf-ssh%NetBSD.org@localhost
Subject: RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)

denis bider <ietf-ssh3%denisbider.com@localhost> writes:

>If we settle on SHA-256, we run the risk of having to introduce SHA-512
>versions a year or two later.

Why would we need to do that?

Peter.