Re: [Curdle] Group 15 needed in draft-baushke-ssh-dh-group-sha2

["Mark D. Baushke" <mdb%juniper.net@localhost>]

Hi,

The current draft-ietf-curdle-ssh-kex-sha2-03 draft expires in about a
week, so I will be publishing a new draft before this Friday. Note: I
will not be able to attend the IETF (November 13-18) in South Korea.

Here is my current sugestions for the DH entries in the table:

Key Exchange Method Name              Reference     Note
diffie-hellman-group14-sha256         This Draft    SHOULD
diffie-hellman-group15-sha512         This Draft    MAY
diffie-hellman-group16-sha512         This Draft    SHOULD
diffie-hellman-group17-sha512         This Draft    MAY
diffie-hellman-group18-sha512         This Draft    MAY

I do not see any problems with letting these kex method names be defined
and used by folks that want them.

The remaining questions are: 

  1) which DH groups are best noted as SHOULD and which ones as MAY
     (Peter wants diffie-hellman-group14-*, denis wants
     diffie-hellman-group15-*, and the OpenSSH 7.3 release will
     negotiate diffie-hellman-group16-sha512 and
     diffie-hellman-group18-sha512),

  and

  2) is the use of sha512 vs sha256 vs allowing either of the sha2
     functions to be negotiated best to use for the new DH groups?

As you can see, I am currently tending toward not having any of the new
DH groups be labled as MUST.

The -04 draft would therefore list curve25519-sha256 as the only MUST
kex method.

Are there any strong objections to this direction?

	Thanks,
	-- Mark