RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)

To: denis bider <ietf-ssh3%denisbider.com@localhost>, "Mark D. Baushke" <mdb%juniper.net@localhost>
Subject: RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)
From: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Date: Sun, 14 Feb 2016 08:21:01 +0000

denis bider <ietf-ssh3%denisbider.com@localhost> writes:

>With regard to NOT RECOMMENDED, that sounds to me equally as heavy as SHOULD
>NOT. I can't fathom that people would read "NOT RECOMMENDED", and interpret
>as if it said "sure, what the heck". It seems to me a stern disrecommendation.

These are people looking for any reason they can to not do anything (they're
still AFAIK using MD5 and DES in places because the spec doesn't say you
can't).  The stronger the wording, the easier it will be to persuade them that
they need to do something.

>That being said, SHOULD NOT is also in RFC 2119, and is a synonym. If you
>think "SHOULD NOT be used" would work better, I'm not opposed.

I think it would help.

Peter.

References:
- Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)
  - From: denis bider

Prev by Date: Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)
Next by Date: RE: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)
Previous by Thread: Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)
Next by Thread: Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)
Indexes:

Home | Main Index | Thread Index | Old Index