Note: This ballot was opened for revision 05 and is now closed.
I share the questions about "SHOULD" vs "MUST". - abstract: "insufficient against state-sponsored actors, and possibly an organization with enough computing resources" Should "an" be "any"? (Same question for section 2).
Minor nit: Section 2. 2048 bits DH Group "It also suggests that in all cases, the size of the group needs be at least 1024 bits.This document updates [RFC4419] as described below:" s/bits.This/bits. This/ (missing space).
1) Can you explain why the pre-5378 boilerplate is used? 2) I guess RFC4419 should be a normative reference!
I do agree with Spencer, the text that is non-normative reads as if this is fully deprecating any recommendation below 2048, but then the normative text just says SHOULD. Is there a reason this is not MUST? I know deprecating things takes a long time.
Sue, in her OPS DIR review, brought up a good point. This document does not indicate whether it is wise for the operations system to log a report if it receives a less than 2048 bits. Would this enhance security or provide DoS attack surface. If logging creates a DoS surface, it would be good to include this as operational advice.
So, I see that the recommendations are mostly SHOULDs. Is this, perhaps, for backward compatibility with SSH implementations that don't implement this specification? This isn't remotely something I'm smart about, but I do wonder about bid-down attacks to, say, 1024. Is that possible?
RFC4419 specifies an example in Appendix A that uses a 1024 bit safe prime. Shouldn't this Appendix be updated by the draft as well?