Re: [Curdle] draft-ietf-curdle-ssh-modp-dh-sha2 & draft-ietf-curdle-ssh-kex-sha2

["Mark D. Baushke" <mdb%juniper.net@localhost>]

Tero Kivinen <kivinen%iki.fi@localhost> writes:

> Mark D. Baushke writes:
> > > Also, is there need to update other algorithms, i.e. encryption
> > > algorithms, MAC algorithms, Public key names, comperssion algorithms
> > > etc? Are the implementation requirements for them up to date (I do not
> > > know, as I have no idea which of them are now mandatory to implement,
> > > and which are not).
> > 
> > Good question. I am not sure if they are all being managed by the Curdle
> > Group or not....
> 
> Curdle charter says:
> 
> CURDLE - CURves, Deprecating and a Little more Encryption
> 
...elided...
> so it seems to fit well to curdle charter, if we deprecate and collect
> mandatory to implement ciphers to one document. 

I agree.

> > I am not sure that they all belong in one document or not. It seems
> > like it might be better for each section to have its own document
> > specifying the MUST/SHOULD/MAY/SHOULD NOT advise...
>
> I would suggest we collect all "Algorithm Implementation Requirements
> and Usage Guidance for ssh" in one document here too.

Are we going to adopt all of the SSH changes at one IETF?

Right now, I am the author of two related drafts:

  draft-ietf-curdle-ssh-kex-sha2
  draft-ietf-curdle-ssh-modp-dh-sha2

they deal with updates to Key Exchange Algorithm Methods.

Of the current CURDLE documents
https://datatracker.ietf.org/wg/curdle/documents/

the only SSH drafts are:

  draft-ietf-curdle-rsa-sha2-02 
  draft-ietf-curdle-ssh-ed25519-00
  draft-ietf-curdle-ssh-ext-info-01
  draft-ietf-curdle-ssh-kex-sha2
  draft-ietf-curdle-ssh-modp-dh-sha2

and the rest are:

  draft-ietf-curdle-cms-chacha20-poly1305-01 
  draft-ietf-curdle-cms-ecdh-new-curves-01 
  draft-ietf-curdle-cms-eddsa-signatures-00
  draft-ietf-curdle-dnskey-eddsa-00 
  draft-ietf-curdle-pkix-01

I just realized that the

  draft-ietf-curdle-ssh-curves-00

draft has expired on September 9, 2016 and not been resubmitted, so
there is no ed25519-sha256 or curve448-sha512 KEX currently in an active
draft.

To the best of my understanding, no draft to add chacha20-poly1305 to
SSH similar to what has been added to OpenSSH has been written.

To the best of my understanding, no draft to fix the AEAD_AES_128_GCM
and AEAD_AES_256_GCM to negotiate in a way similar to OpenSSH have been
written.

Given the current drafts, they appear to impact only:

Key Exchange Method Names:
http://www.iana.org/assignments/ssh-parameters/
ssh-parameters.xhtml#ssh-parameters-16

Public Key Algorithm Names:
http://www.iana.org/assignments/ssh-parameters/
ssh-parameters.xhtml#ssh-parameters-19

Are there any other documents I have missed?

> In draft-ietf-ipsecme-rfc4307bis-12 for IKEv2 we even specified the
> mandatory to implement authentication methods, and recommended key
> lengths (see section 4.1.1). We also provide little bit of background
> reasoning for the MUST/SHOULD/MUST NOT/SHOULD NOT algorithms.

Okay.

	-- Mark