Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?

To: "Mark D. Baushke" <mdb%juniper.net@localhost>
Subject: Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?
From: Ron Frederick <ronf%timeheart.net@localhost>
Date: Mon, 13 Jul 2020 13:28:04 -0700

On Jul 13, 2020, at 11:52 AM, Mark D. Baushke <mdb%juniper.net@localhost> wrote:
> As I understand it, the following are candidates for MUST:
> 
>  * diffie-hellman-group14-sha256
>    [It is not clear to me how much longer 2048-bits will be considered
>     strong enough.]
> 
>  * curve25519-sha256
> 
>  * ecdh-sha2-nistp256
>    [Some folks are not happy with the current ECDH curves.]
> 
> I would look for discussion on the list about which Key Exchange
> Algorithms are Mandatory to Implement going forward.


Given the concerns about the NIST EC curves, I’d lean toward the current NIST ecdh-sha2-nist* curves being only SHOULD and not MUST.

I’m torn about curve25519 in this regard. I think it’s a good option, but I don’t know if we want to go as far as saying all compliant implementations must support it. For historical reasons, I’d lean toward doing that only with DH algorithms with an appropriate amount of strength, since it should be easier for existing implementations that support only DH today to move to those stronger key sizes & hashes.
-- 
Ron Frederick
ronf%timeheart.net@localhost

Follow-Ups:
- Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?
  - From: Mouse

References:
- Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?
  - From: Mark D. Baushke

Prev by Date: Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?
Next by Date: Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?
Previous by Thread: Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?
Next by Thread: Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?
Indexes:

Home | Main Index | Thread Index | Old Index