Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?

To: Mouse <mouse%Rodents-Montreal.ORG@localhost>
Subject: Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?
From: Ron Frederick <ronf%timeheart.net@localhost>
Date: Mon, 13 Jul 2020 13:21:29 -0700

On Jul 13, 2020, at 12:52 PM, Mouse <mouse%Rodents-Montreal.ORG@localhost> wrote:
>>  * diffie-hellman-group14-sha256
>>    [It is not clear to me how much longer 2048-bits will be considered
>>     strong enough.]
> 
> Surely it wouldn't be that big a deal to generate a prime of, say, 4k
> bits, or whatever size gives people suitably warm fuzzies, to replace
> the current group-14 prime?  I'd be happy to do the crucnhing for it,
> and I can't be the only person with RNG hardware and enough spare
> cycles to invest in whatever level of primality assurance keeps people
> happy.


I’m not sure how quickly we’ll want to move to a larger key size, but I don’t think we need new primes. Isn’t that the point of groups 15-18, providing known 3k, 4k, 6k, and 8k primes? It’s just a question of making the trade-off between computational expense and security provided. When the time comes, though, I expect we’d do something similar to what we’re doing with group1 right now, making group14 into a SHOULD NOT and adjusting the larger groups to some combination of SHOULD and MUST, assuming we haven’t replaced DH with something else by then.
-- 
Ron Frederick
ronf%timeheart.net@localhost

References:
- Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?
  - From: Mark D. Baushke
- Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?
  - From: Mouse

Prev by Date: Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?
Next by Date: Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?
Previous by Thread: Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?
Next by Thread: Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?
Indexes:

Home | Main Index | Thread Index | Old Index