Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 & draft-ietf-curdle-ssh-kex-sha2

["Mark D. Baushke" <mdb%juniper.net@localhost>]

Damien writes:

> Has anyone ever implemented this? AFAIK the motivation for this was
> MQV being included in NSA Suite B at the time, but it was subsequently
> dropped. IMO if nobody is using it then it should be recommended
> against. I.e. SHOULD NOT

Hmmm... ecmqv-sha2 is mentioned in defined in RFC 5656 and mentioned in
RFC 6187. I see a JIRA request to add it to MINA SSHD, but I am unaware of
any implementations of it. 

I have no problems moving ecmqv-sha2 to SHOULD NOT if no one has
implemented it. However, I guess I should ask that of the ietf-ssh list
first.

> > gss-group14-sha1-*                    RFC4462       SHOULD
> > gss-group14-sha256-*                  new-modp      SHOULD
> 
> IMO these two should be MAY. Most implementations don't support
> GSSAPI key exchange at all.

Perhaps I need a paragraph like this one:

     If GSS-API methods are available, then the RFC4462 REQUIRED
     gss-group14-sha1-* method SHOULD be retained for compatibility
     with older Secure Shell implementations and the
     gss-groups14-sha256-* method SHOULD be added as for "sha1".

	-- Mark