Re: [Curdle] I-D Action: draft-ietf-curdle-ssh-kex-sha2-17.txt

To: James Ralston <ralston%pobox.com@localhost>
Subject: Re: [Curdle] I-D Action: draft-ietf-curdle-ssh-kex-sha2-17.txt
From: mbaushke ietf <mbaushke.ietf%gmail.com@localhost>
Date: Wed, 12 May 2021 12:04:07 -0700

Hi Folks,

Other than this change in section 3.1.2 suggested by Simon Tatham

$ diff -u draft-ietf-curdle-ssh-kex-sha2-17.txt draft-ietf-curdle-ssh-kex-sha2-18.txt
--- draft-ietf-curdle-ssh-kex-sha2-17.txt	2021-04-22 12:59:36.000000000 -0700
+++ draft-ietf-curdle-ssh-kex-sha2-18.txt	2021-05-12 12:00:55.000000000 -0700
@@ -483,12 +483,12 @@

    Curve448 provides more security strength than Curve25519 at a higher
    computational and bandwidth cost.  The corresponding key exchange
-   methods use SHA2-512 (also known as SHA-512) defined in [RFC6234] for
-   integrity is a reasonable one for both the KDF and integrity for use
-   with both gss and non-gss uses of curve448 key exchange methods.
-   These key exchange methods are described in [RFC8731] and [RFC8732]
-   and are similar to the IKEv2 key agreement described in [RFC8031].
-   The curve448-sha512 key exchange method MAY be implemented.  The gss-
+   methods use SHA2-512 (also known as SHA-512) defined in [RFC6234].
+   SHA2-512 is a reasonable hash in both the KDF and integrity in both
+   gss and non-gss uses of curve448 key exchange methods.  These key
+   exchange methods are described in [RFC8731] and [RFC8732] and are
+   similar to the IKEv2 key agreement described in [RFC8031].  The
+   curve448-sha512 key exchange method MAY be implemented.  The gss-
    curve448-sha512-* key exchange method MAY also be implemented because
    it shares the same performance and security characteristics as
    curve448-sha512.

diff -u -r1.1 draft-ietf-curdle-ssh-kex-sha2-18.xml
--- draft-ietf-curdle-ssh-kex-sha2-18.xml	2021/04/22 19:48:58	1.1
+++ draft-ietf-curdle-ssh-kex-sha2-18.xml	2021/04/23 06:41:30
@@ -783,11 +783,11 @@
             The corresponding key exchange methods use SHA2-512 (also
             known as SHA-512) defined in

-            <xref target="RFC6234" format="default"/>
+            <xref target="RFC6234" format="default"/>.

-            for integrity is a reasonable one for both the KDF and
-            integrity for use with both gss and non-gss uses of
-            curve448 key exchange methods.
+            SHA2-512 is a reasonable hash in both the KDF and
+            integrity in both gss and non-gss uses of curve448 key
+            exchange methods.

             These key exchange methods are described in

Is there anything else to be addressed in this draft?

        -- Mark Baushke
        mbaushke.ietf%gmail.com@localhost

Follow-Ups:
- Re: [Curdle] I-D Action: draft-ietf-curdle-ssh-kex-sha2-17.txt
  - From: Benjamin Kaduk

References:
- Re: [Curdle] I-D Action: draft-ietf-curdle-ssh-kex-sha2-17.txt
  - From: mbaushke ietf
- Re: [Curdle] I-D Action: draft-ietf-curdle-ssh-kex-sha2-17.txt
  - From: James Ralston

Prev by Date: Re: [Curdle] I-D Action: draft-ietf-curdle-ssh-kex-sha2-17.txt
Next by Date: Re: [Curdle] I-D Action: draft-ietf-curdle-ssh-kex-sha2-17.txt
Previous by Thread: Re: [Curdle] I-D Action: draft-ietf-curdle-ssh-kex-sha2-17.txt
Next by Thread: Re: [Curdle] I-D Action: draft-ietf-curdle-ssh-kex-sha2-17.txt
Indexes:

Home | Main Index | Thread Index | Old Index