Re: [Curdle] Group 15 needed in draft-baushke-ssh-dh-group-sha2

[Damien Miller <djm%mindrot.org@localhost>]

On Mon, 5 Sep 2016, Mark D. Baushke wrote:

> Hi,
> 
> The current draft-ietf-curdle-ssh-kex-sha2-03 draft expires in about a
> week, so I will be publishing a new draft before this Friday. Note: I
> will not be able to attend the IETF (November 13-18) in South Korea.
> 
> Here is my current sugestions for the DH entries in the table:
> 
> Key Exchange Method Name              Reference     Note
> diffie-hellman-group14-sha256         This Draft    SHOULD
> diffie-hellman-group15-sha512         This Draft    MAY
> diffie-hellman-group16-sha512         This Draft    SHOULD
> diffie-hellman-group17-sha512         This Draft    MAY
> diffie-hellman-group18-sha512         This Draft    MAY
> 
> I do not see any problems with letting these kex method names be defined
> and used by folks that want them.
> 
> The remaining questions are: 
> 
>   1) which DH groups are best noted as SHOULD and which ones as MAY
>      (Peter wants diffie-hellman-group14-*, denis wants
>      diffie-hellman-group15-*, and the OpenSSH 7.3 release will
>      negotiate diffie-hellman-group16-sha512 and
>      diffie-hellman-group18-sha512),
> 
>   and
> 
>   2) is the use of sha512 vs sha256 vs allowing either of the sha2
>      functions to be negotiated best to use for the new DH groups?
> 
> As you can see, I am currently tending toward not having any of the new
> DH groups be labled as MUST.
> 
> The -04 draft would therefore list curve25519-sha256 as the only MUST
> kex method.
> 
> Are there any strong objections to this direction?

Sounds good to me

-d