IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?



Hi Folks,

I have updated a new revision of draft-ietf-curdle-ssh-kex-sha2-11 for
your review which gives a survey of the Key Exchange Algorithms for
Secure Shell.

The current revision does NOT have any 'MUST' implement algorithms, but
does provide 'SHOULD NOT' for most of the algorithms using sha1.

As I understand it, the following are candidates for MUST:

  * diffie-hellman-group14-sha256
    [It is not clear to me how much longer 2048-bits will be considered
     strong enough.]

  * curve25519-sha256

  * ecdh-sha2-nistp256
    [Some folks are not happy with the current ECDH curves.]

I would look for discussion on the list about which Key Exchange
Algorithms are Mandatory to Implement going forward.

Fwiw: I will be attending the IETF 108 virtual conference, I believe
there will not be an IETF Curdle meeting.

	Be safe, stay healthy,
	-- Mark



Home | Main Index | Thread Index | Old Index