Re: [Curdle] Group 15 needed in draft-baushke-ssh-dh-group-sha2

To: "Mark D. Baushke" <mdb%juniper.net@localhost>
Subject: Re: [Curdle] Group 15 needed in draft-baushke-ssh-dh-group-sha2
From: Tero Kivinen <kivinen%iki.fi@localhost>
Date: Tue, 6 Sep 2016 16:11:48 +0300

Mark D. Baushke writes:
> The current draft-ietf-curdle-ssh-kex-sha2-03 draft expires in about a
> week, so I will be publishing a new draft before this Friday. Note: I
> will not be able to attend the IETF (November 13-18) in South Korea.
> 
> Here is my current sugestions for the DH entries in the table:
> 
> Key Exchange Method Name              Reference     Note
> diffie-hellman-group14-sha256         This Draft    SHOULD
> diffie-hellman-group15-sha512         This Draft    MAY
> diffie-hellman-group16-sha512         This Draft    SHOULD
> diffie-hellman-group17-sha512         This Draft    MAY
> diffie-hellman-group18-sha512         This Draft    MAY
> 
> I do not see any problems with letting these kex method names be defined
> and used by folks that want them.

I think it is bad idea to define too many KEX methods. I think there
should only be two, one with sha256 one with sha512, i.e.,
diffie-hellman-group14-sha256 and diffie-hellman-group16-sha512.

The reason is that these key exchange methods are negotiated in text.
We already have key exchange list in openssh saying something like:

curve25519-sha256%libssh.org@localhost,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1

(150 octets), and now when we add to this list new methods:

,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512

(another 150 octets), it gets to 300 octets, just to negotiate the key
exchange methods. And this string is sent in both directions during
the negotiation.

Also I do not really expect most of them to be used ever...

At least if we define all of them, how about making strings bit
shorter, something like dh-g14-sha256 instead of
diffie-hellman-group14-sha256?

When you have multiple algorithms tied together (here key exchange
method, group, and hash) it is better to avoid full combinatory
expansion, and only define those which are known to be used.

Especially if we are saying curve25519-sha256 is going to be MUST, I
see no reason to define that many MAYs. 
-- 
kivinen%iki.fi@localhost

Follow-Ups:
- Re: [Curdle] Group 15 needed in draft-baushke-ssh-dh-group-sha2
  - From: Mark D. Baushke
- Re: [Curdle] Group 15 needed in draft-baushke-ssh-dh-group-sha2
  - From: denis bider (Bitvise)

References:
- Group 15 needed in draft-baushke-ssh-dh-group-sha2
  - From: denis bider (Bitvise)
- RE: [Curdle] Group 15 needed in draft-baushke-ssh-dh-group-sha2
  - From: Daniel Migault
- Re: [Curdle] Group 15 needed in draft-baushke-ssh-dh-group-sha2
  - From: Watson Ladd
- RE: [Curdle] Group 15 needed in draft-baushke-ssh-dh-group-sha2
  - From: Daniel Migault
- Re: [Curdle] Group 15 needed in draft-baushke-ssh-dh-group-sha2
  - From: Mark D. Baushke
- RE: [Curdle] Group 15 needed in draft-baushke-ssh-dh-group-sha2
  - From: Peter Gutmann
- Re: [Curdle] Group 15 needed in draft-baushke-ssh-dh-group-sha2
  - From: Mark D. Baushke

Prev by Date: Re: [Curdle] Group 15 needed in draft-baushke-ssh-dh-group-sha2
Next by Date: Re: [Curdle] Group 15 needed in draft-baushke-ssh-dh-group-sha2
Previous by Thread: Re: [Curdle] Group 15 needed in draft-baushke-ssh-dh-group-sha2
Next by Thread: Re: [Curdle] Group 15 needed in draft-baushke-ssh-dh-group-sha2
Indexes:

Home | Main Index | Thread Index | Old Index