IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [Curdle] sntrup761x25519-sha512



I think it is problematic that the registration procedure for "Key Exchange Method Names" is "IETF Review". Most of the registries are strings so there is no limit to the number of code points. It would have been good if draft-josefsson-ntruprime-ssh could have made the registration.

 

- I don't think IETF should reopen CURDLE for registering NTRU Prime.

- I do think IETF should reopen CURDLE for registering the standardized NIST algorithms.

- I think IETF should change the registration policies for the SSH registries.

 

>It doesn't work -- sntrup761 is used widely on the Internet today and

>will continue to be used.  What decision could NIST make that would

>affect anything for sntrup761x25519-sha512?  The algorithm has been

>stable since 2017.  Deferring publication of protocol specifications

>until some external organization has made some unrelated decision is an

>active decision that is harmful to Internet security, in my opinion.

>Organization will continue to harvest data that will be decrypted in the

>future, and this is contrary to the goals of the IETF.  It is similar to

>say that we shouldn't have published Curve25519 because it wasn't

>published by NIST.  Or ChaCha20.  Or TLS 1.3.  Or OpenPGP.  Or just

>about anything that the IETF has ever published.

 

I think SSH in the future should move to the final NIST standards. This is not similar to Curve25519 and ChaCha20. They were both published by CFRG. There is a huge difference between an academic paper describing a new algorithms and interoperable specifications like the ones produced by CFRG.

 

Cheers,

John

 

From: Curdle <curdle-bounces%ietf.org@localhost> on behalf of Niels Möller <nisse%lysator.liu.se@localhost>
Date: Tuesday, 16 May 2023 at 11:33
To: Simon Josefsson <simon%josefsson.org@localhost>
Cc: Salz, Rich <rsalz=40akamai.com%dmarc.ietf.org@localhost>, Mark Baushke (ietf) <mbaushke%gmail.com@localhost>, Simo Sorce <simo%redhat.com@localhost>, curdle%ietf.org@localhost <curdle%ietf.org@localhost>, ietf-ssh%netbsd.org@localhost <ietf-ssh%netbsd.org@localhost>
Subject: Re: [Curdle] sntrup761x25519-sha512

Simon Josefsson <simon%josefsson.org@localhost> writes:

> "Salz, Rich" <rsalz=40akamai.com%dmarc.ietf.org@localhost> writes:
>
>> Nice to hear from you Mark!
>>
>>> I personally believe that using the @openssh.com extension is
>> sufficient until final NIST candidate parameters are published.
>>
>> Okay, if that works, then that makes sense :)
>
> It doesn't work -- sntrup761 is used widely on the Internet today and
> will continue to be used.

I'm not sure who's quoting who here.

But to me, documenting the way it's currently used in openssh (and
possible other implementations) seems like a great thing.

Then if the algorithm id for it is in the @openssh.org namespace, or
@josefsson.org, or an alias is defined in the iana namespace (no @...
suffix) is a detail of a lot less importance. I'd expect the currently
deployed stuff use an @openssh.org name?

Regards,
/Niels

--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.

_______________________________________________
Curdle mailing list
Curdle%ietf.org@localhost
https://www.ietf.org/mailman/listinfo/curdle



Home | Main Index | Thread Index | Old Index