IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?
On Jul 13, 2020, at 11:52 AM, Mark D. Baushke <mdb%juniper.net@localhost> wrote:
> As I understand it, the following are candidates for MUST:
>
> * diffie-hellman-group14-sha256
> [It is not clear to me how much longer 2048-bits will be considered
> strong enough.]
>
> * curve25519-sha256
>
> * ecdh-sha2-nistp256
> [Some folks are not happy with the current ECDH curves.]
>
> I would look for discussion on the list about which Key Exchange
> Algorithms are Mandatory to Implement going forward.
Given the concerns about the NIST EC curves, I’d lean toward the current NIST ecdh-sha2-nist* curves being only SHOULD and not MUST.
I’m torn about curve25519 in this regard. I think it’s a good option, but I don’t know if we want to go as far as saying all compliant implementations must support it. For historical reasons, I’d lean toward doing that only with DH algorithms with an appropriate amount of strength, since it should be easier for existing implementations that support only DH today to move to those stronger key sizes & hashes.
--
Ron Frederick
ronf%timeheart.net@localhost
Home |
Main Index |
Thread Index |
Old Index