Increase the Secure Shell Minimum Recommended Diffie-Hellman Modulus Size to 2048 Bits
draft-ietf-curdle-ssh-dh-group-exchange-06
Yes
(Adam Roach)
(Alexey Melnikov)
(Eric Rescorla)
No Objection
(Alia Atlas)
(Alvaro Retana)
(Deborah Brungard)
(Terry Manderson)
Note: This ballot was opened for revision 05 and is now closed.
Warren Kumari
Yes
Comment
(2017-09-11 for -05)
Unknown
Minor nit: Section 2. 2048 bits DH Group "It also suggests that in all cases, the size of the group needs be at least 1024 bits.This document updates [RFC4419] as described below:" s/bits.This/bits. This/ (missing space).
Adam Roach Former IESG member
Yes
Yes
(for -05)
Unknown
Alexey Melnikov Former IESG member
Yes
Yes
(for -05)
Unknown
Ben Campbell Former IESG member
Yes
Yes
(2017-09-13 for -05)
Unknown
I share the questions about "SHOULD" vs "MUST". - abstract: "insufficient against state-sponsored actors, and possibly an organization with enough computing resources" Should "an" be "any"? (Same question for section 2).
Eric Rescorla Former IESG member
Yes
Yes
(for -05)
Unknown
Kathleen Moriarty Former IESG member
Yes
Yes
(2017-09-13 for -05)
Unknown
I do agree with Spencer, the text that is non-normative reads as if this is fully deprecating any recommendation below 2048, but then the normative text just says SHOULD. Is there a reason this is not MUST? I know deprecating things takes a long time.
Mirja Kühlewind Former IESG member
Yes
Yes
(2017-09-04 for -05)
Unknown
1) Can you explain why the pre-5378 boilerplate is used? 2) I guess RFC4419 should be a normative reference!
Alia Atlas Former IESG member
No Objection
No Objection
(for -05)
Unknown
Alvaro Retana Former IESG member
No Objection
No Objection
(for -05)
Unknown
Benoît Claise Former IESG member
No Objection
No Objection
(2017-09-13 for -05)
Unknown
Sue, in her OPS DIR review, brought up a good point. This document does not indicate whether it is wise for the operations system to log a report if it receives a less than 2048 bits. Would this enhance security or provide DoS attack surface. If logging creates a DoS surface, it would be good to include this as operational advice.
Deborah Brungard Former IESG member
No Objection
No Objection
(for -05)
Unknown
Spencer Dawkins Former IESG member
No Objection
No Objection
(2017-09-12 for -05)
Unknown
So, I see that the recommendations are mostly SHOULDs. Is this, perhaps, for backward compatibility with SSH implementations that don't implement this specification? This isn't remotely something I'm smart about, but I do wonder about bid-down attacks to, say, 1024. Is that possible?
Suresh Krishnan Former IESG member
No Objection
No Objection
(2017-09-13 for -05)
Unknown
RFC4419 specifies an example in Appendix A that uses a 1024 bit safe prime. Shouldn't this Appendix be updated by the draft as well?
Terry Manderson Former IESG member
No Objection
No Objection
(for -05)
Unknown