Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

Increase the Secure Shell Minimum Recommended Diffie-Hellman Modulus Size to 2048 Bits
draft-ietf-curdle-ssh-dh-group-exchange-06

Yes

Warren Kumari

(Adam Roach)

(Alexey Melnikov)

(Ben Campbell)

(Eric Rescorla)

(Kathleen Moriarty)

(Mirja Kühlewind)

No Objection

(Alia Atlas)

(Alvaro Retana)

(Benoît Claise)

(Deborah Brungard)

(Spencer Dawkins)

(Suresh Krishnan)

(Terry Manderson)

Note: This ballot was opened for revision 05 and is now closed.

Warren Kumari

Yes

Comment (2017-09-11 for -05) Unknown

Minor nit:

Section 2.  2048 bits DH Group
"It also suggests that in all cases, the size of the group needs be at least 1024 bits.This document updates [RFC4419] as described below:"
s/bits.This/bits. This/ (missing space).

Adam Roach Former IESG member

Yes

Yes (for -05) Unknown

Alexey Melnikov Former IESG member

Yes

Yes (for -05) Unknown

Ben Campbell Former IESG member

Yes

Yes (2017-09-13 for -05) Unknown

I share the questions about "SHOULD" vs "MUST".

- abstract: "insufficient against state-sponsored
   actors, and possibly an organization with enough computing resources"

Should "an" be "any"?  (Same question for section 2).

Eric Rescorla Former IESG member

Yes

Yes (for -05) Unknown

Kathleen Moriarty Former IESG member

Yes

Yes (2017-09-13 for -05) Unknown

I do agree with Spencer, the text that is non-normative reads as if this is fully deprecating any recommendation below 2048, but then the normative text just says SHOULD.  Is there a reason this is not MUST?  I know deprecating things takes a long time.

Mirja Kühlewind Former IESG member

Yes

Yes (2017-09-04 for -05) Unknown

1) Can you explain why the pre-5378 boilerplate is used? 

2) I guess RFC4419 should be a normative reference!

Alia Atlas Former IESG member

No Objection

No Objection (for -05) Unknown

Alvaro Retana Former IESG member

No Objection

No Objection (for -05) Unknown

Benoît Claise Former IESG member

No Objection

No Objection (2017-09-13 for -05) Unknown

Sue, in her OPS DIR review, brought up a good point.
This document does not indicate whether it is wise for the operations system to log a report if it receives a less than 2048 bits.  
Would this enhance security or provide DoS attack surface.   If logging creates a DoS surface, it would be good to include this as operational advice.

Deborah Brungard Former IESG member

No Objection

No Objection (for -05) Unknown

Spencer Dawkins Former IESG member

No Objection

No Objection (2017-09-12 for -05) Unknown

So, I see that the recommendations are mostly SHOULDs. 

Is this, perhaps, for backward compatibility with SSH implementations that don't implement this specification?

This isn't remotely something I'm smart about, but I do wonder about bid-down attacks to, say, 1024. Is that possible?

Suresh Krishnan Former IESG member

No Objection

No Objection (2017-09-13 for -05) Unknown

RFC4419 specifies an example in Appendix A that uses a 1024 bit safe prime. Shouldn't this Appendix be updated by the draft as well?

Terry Manderson Former IESG member

No Objection

No Objection (for -05) Unknown

Increase the Secure Shell Minimum Recommended Diffie-Hellman Modulus Size to 2048 Bits draft-ietf-curdle-ssh-dh-group-exchange-06

Increase the Secure Shell Minimum Recommended Diffie-Hellman Modulus Size to 2048 Bits
draft-ietf-curdle-ssh-dh-group-exchange-06