Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?

To: IETF curdle <curdle%ietf.org@localhost>, IETF ssh <ietf-ssh%netbsd.org@localhost>
Subject: Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?
From: "Mark D. Baushke" <mdb%juniper.net@localhost>
Date: Mon, 13 Jul 2020 11:52:01 -0700

Hi Folks,

I have updated a new revision of draft-ietf-curdle-ssh-kex-sha2-11 for
your review which gives a survey of the Key Exchange Algorithms for
Secure Shell.

The current revision does NOT have any 'MUST' implement algorithms, but
does provide 'SHOULD NOT' for most of the algorithms using sha1.

As I understand it, the following are candidates for MUST:

  * diffie-hellman-group14-sha256
    [It is not clear to me how much longer 2048-bits will be considered
     strong enough.]

  * curve25519-sha256

  * ecdh-sha2-nistp256
    [Some folks are not happy with the current ECDH curves.]

I would look for discussion on the list about which Key Exchange
Algorithms are Mandatory to Implement going forward.

Fwiw: I will be attending the IETF 108 virtual conference, I believe
there will not be an IETF Curdle meeting.

	Be safe, stay healthy,
	-- Mark

Follow-Ups:
- Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?
  - From: Ron Frederick
- Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?
  - From: Mouse
- Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?
  - From: Salz, Rich

Prev by Date: Re: SSH performance [was Re: [Curdle] SSH/QUIC draft]
Next by Date: Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?
Previous by Thread: SSH/QUIC draft
Next by Thread: Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?
Indexes:

Home | Main Index | Thread Index | Old Index