IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
RE: [Curdle] Group 15 needed in draft-baushke-ssh-dh-group-sha2
denis bider (Bitvise) <ietf-ssh3%denisbider.com@localhost> writes:
>this comment is with respect to the following draft specifying new Diffie-
>Hellman groups for SSH key exchange:
A further comment on the draft:
The United States Information Assurance Directorate (IAD) at the
National Security Agency (NSA) has published a FAQ
[MFQ-U-OO-815099-15] suggesting that the use of Elliptic Curve
Diffie-Hellman (ECDH) using the nistp256 curve and SHA-2 based hashes
less than SHA2-384 are no longer sufficient for transport of Top
Secret information. It is for this reason that this draft moves
ecdh-sha2-nistp256 from a REQUIRED to OPTIONAL as a key exchange
method.
So you've got an arbitrary ruling by some random US govt. agency that's
dictating how the entire world's SSH implementations have to function (sigh).
We know from global TLS scans that pretty much the entire planet uses SHA-256,
with SHA-384 and SHA-512 essentially lost in the noise. However, this spec is
making the universal worldwide standard a MAY and the least-used form of the
entire SHA-2 family a MUST. If the NSA's IAD wants to use whatever weird
config they decide on they can create their own spec (Suite B, anyone?), but a
global standard should go with whatever the world as a whole has decided on,
and that's overwhelmingly SHA-256.
Peter.
Home |
Main Index |
Thread Index |
Old Index