RE: [Curdle] Group 15 needed in draft-baushke-ssh-dh-group-sha2

[Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>]

denis bider (Bitvise) <ietf-ssh3%denisbider.com@localhost> writes:

>this comment is with respect to the following draft specifying new Diffie-
>Hellman groups for SSH key exchange:

A further comment on the draft:

   The United States Information Assurance Directorate (IAD) at the
   National Security Agency (NSA) has published a FAQ
   [MFQ-U-OO-815099-15] suggesting that the use of Elliptic Curve
   Diffie-Hellman (ECDH) using the nistp256 curve and SHA-2 based hashes
   less than SHA2-384 are no longer sufficient for transport of Top
   Secret information.  It is for this reason that this draft moves
   ecdh-sha2-nistp256 from a REQUIRED to OPTIONAL as a key exchange
   method. 

So you've got an arbitrary ruling by some random US govt. agency that's
dictating how the entire world's SSH implementations have to function (sigh).
We know from global TLS scans that pretty much the entire planet uses SHA-256,
with SHA-384 and SHA-512 essentially lost in the noise.  However, this spec is
making the universal worldwide standard a MAY and the least-used form of the
entire SHA-2 family a MUST.  If the NSA's IAD wants to use whatever weird
config they decide on they can create their own spec (Suite B, anyone?), but a
global standard should go with whatever the world as a whole has decided on,
and that's overwhelmingly SHA-256.

Peter.