IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: [Curdle] Group 15 needed in draft-baushke-ssh-dh-group-sha2
Mark D. Baushke writes:
> The current draft-ietf-curdle-ssh-kex-sha2-03 draft expires in about a
> week, so I will be publishing a new draft before this Friday. Note: I
> will not be able to attend the IETF (November 13-18) in South Korea.
>
> Here is my current sugestions for the DH entries in the table:
>
> Key Exchange Method Name Reference Note
> diffie-hellman-group14-sha256 This Draft SHOULD
> diffie-hellman-group15-sha512 This Draft MAY
> diffie-hellman-group16-sha512 This Draft SHOULD
> diffie-hellman-group17-sha512 This Draft MAY
> diffie-hellman-group18-sha512 This Draft MAY
>
> I do not see any problems with letting these kex method names be defined
> and used by folks that want them.
I think it is bad idea to define too many KEX methods. I think there
should only be two, one with sha256 one with sha512, i.e.,
diffie-hellman-group14-sha256 and diffie-hellman-group16-sha512.
The reason is that these key exchange methods are negotiated in text.
We already have key exchange list in openssh saying something like:
curve25519-sha256%libssh.org@localhost,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
(150 octets), and now when we add to this list new methods:
,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512
(another 150 octets), it gets to 300 octets, just to negotiate the key
exchange methods. And this string is sent in both directions during
the negotiation.
Also I do not really expect most of them to be used ever...
At least if we define all of them, how about making strings bit
shorter, something like dh-g14-sha256 instead of
diffie-hellman-group14-sha256?
When you have multiple algorithms tied together (here key exchange
method, group, and hash) it is better to avoid full combinatory
expansion, and only define those which are known to be used.
Especially if we are saying curve25519-sha256 is going to be MUST, I
see no reason to define that many MAYs.
--
kivinen%iki.fi@localhost
Home |
Main Index |
Thread Index |
Old Index