Increase the Secure Shell Minimum Recommended Diffie-Hellman Modulus Size to 2048 Bits
draft-ietf-curdle-ssh-dh-group-exchange-06
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2017-12-05
|
06 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2017-10-31
|
06 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2017-10-31
|
06 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2017-09-25
|
06 | (System) | RFC Editor state changed to EDIT |
2017-09-25
|
06 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2017-09-25
|
06 | (System) | Announcement was received by RFC Editor |
2017-09-25
|
06 | (System) | IANA Action state changed to No IC from In Progress |
2017-09-25
|
06 | (System) | IANA Action state changed to In Progress |
2017-09-25
|
06 | Cindy Morgan | IESG state changed to Approved-announcement sent from Approved-announcement to be sent |
2017-09-25
|
06 | Cindy Morgan | IESG has approved the document |
2017-09-25
|
06 | Cindy Morgan | Closed "Approve" ballot |
2017-09-25
|
06 | Cindy Morgan | Ballot approval text was generated |
2017-09-25
|
06 | Cindy Morgan | Ballot writeup was changed |
2017-09-23
|
06 | Eric Rescorla | IESG state changed to Approved-announcement to be sent from Approved-announcement to be sent::Point Raised - writeup needed |
2017-09-22
|
06 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
2017-09-22
|
06 | Loganaden Velvindron | New version available: draft-ietf-curdle-ssh-dh-group-exchange-06.txt |
2017-09-22
|
06 | (System) | New version approved |
2017-09-22
|
06 | (System) | Request for posting confirmation emailed to previous authors: Loganaden Velvindron , Mark Baushke |
2017-09-22
|
06 | Loganaden Velvindron | Uploaded new revision |
2017-09-20
|
05 | Tero Kivinen | Closed request for Last Call review by SECDIR with state 'No Response' |
2017-09-14
|
05 | Cindy Morgan | IESG state changed to Approved-announcement to be sent::Point Raised - writeup needed from IESG Evaluation |
2017-09-13
|
05 | Terry Manderson | [Ballot Position Update] New position, No Objection, has been recorded for Terry Manderson |
2017-09-13
|
05 | Suresh Krishnan | [Ballot comment] RFC4419 specifies an example in Appendix A that uses a 1024 bit safe prime. Shouldn't this Appendix be updated by the draft as … [Ballot comment] RFC4419 specifies an example in Appendix A that uses a 1024 bit safe prime. Shouldn't this Appendix be updated by the draft as well? |
2017-09-13
|
05 | Suresh Krishnan | [Ballot Position Update] New position, No Objection, has been recorded for Suresh Krishnan |
2017-09-13
|
05 | Benoît Claise | [Ballot comment] Sue, in her OPS DIR review, brought up a good point. This document does not indicate whether it is wise for the operations … [Ballot comment] Sue, in her OPS DIR review, brought up a good point. This document does not indicate whether it is wise for the operations system to log a report if it receives a less than 2048 bits. Would this enhance security or provide DoS attack surface. If logging creates a DoS surface, it would be good to include this as operational advice. |
2017-09-13
|
05 | Benoît Claise | [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise |
2017-09-13
|
05 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
2017-09-13
|
05 | Ben Campbell | [Ballot comment] I share the questions about "SHOULD" vs "MUST". - abstract: "insufficient against state-sponsored actors, and possibly an organization with enough computing resources" … [Ballot comment] I share the questions about "SHOULD" vs "MUST". - abstract: "insufficient against state-sponsored actors, and possibly an organization with enough computing resources" Should "an" be "any"? (Same question for section 2). |
2017-09-13
|
05 | Ben Campbell | [Ballot Position Update] New position, Yes, has been recorded for Ben Campbell |
2017-09-13
|
05 | Kathleen Moriarty | [Ballot comment] I do agree with Spencer, the text that is non-normative reads as if this is fully deprecating any recommendation below 2048, but then … [Ballot comment] I do agree with Spencer, the text that is non-normative reads as if this is fully deprecating any recommendation below 2048, but then the normative text just says SHOULD. Is there a reason this is not MUST? I know deprecating things takes a long time. |
2017-09-13
|
05 | Kathleen Moriarty | [Ballot Position Update] New position, Yes, has been recorded for Kathleen Moriarty |
2017-09-13
|
05 | Susan Hares | Request for Last Call review by OPSDIR Completed: Has Nits. Reviewer: Susan Hares. Sent review to list. |
2017-09-12
|
05 | Deborah Brungard | [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard |
2017-09-12
|
05 | Alia Atlas | [Ballot Position Update] New position, No Objection, has been recorded for Alia Atlas |
2017-09-12
|
05 | Adam Roach | [Ballot Position Update] New position, Yes, has been recorded for Adam Roach |
2017-09-12
|
05 | Spencer Dawkins | [Ballot comment] So, I see that the recommendations are mostly SHOULDs. Is this, perhaps, for backward compatibility with SSH implementations that don't implement this specification? … [Ballot comment] So, I see that the recommendations are mostly SHOULDs. Is this, perhaps, for backward compatibility with SSH implementations that don't implement this specification? This isn't remotely something I'm smart about, but I do wonder about bid-down attacks to, say, 1024. Is that possible? |
2017-09-12
|
05 | Spencer Dawkins | [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins |
2017-09-11
|
05 | Warren Kumari | [Ballot comment] Minor nit: Section 2. 2048 bits DH Group "It also suggests that in all cases, the size of the group needs be at … [Ballot comment] Minor nit: Section 2. 2048 bits DH Group "It also suggests that in all cases, the size of the group needs be at least 1024 bits.This document updates [RFC4419] as described below:" s/bits.This/bits. This/ (missing space). |
2017-09-11
|
05 | Warren Kumari | [Ballot Position Update] New position, Yes, has been recorded for Warren Kumari |
2017-09-11
|
05 | Alexey Melnikov | [Ballot Position Update] New position, Yes, has been recorded for Alexey Melnikov |
2017-09-04
|
05 | Mirja Kühlewind | [Ballot comment] 1) Can you explain why the pre-5378 boilerplate is used? 2) I guess RFC4419 should be a normative reference! |
2017-09-04
|
05 | Mirja Kühlewind | Ballot comment text updated for Mirja Kühlewind |
2017-09-04
|
05 | Mirja Kühlewind | [Ballot comment] 1) Can you explain why the pre-5378 boilerplate is used? 2) I guess RFC4419 should be normative reference! |
2017-09-04
|
05 | Mirja Kühlewind | [Ballot Position Update] New position, Yes, has been recorded for Mirja Kühlewind |
2017-08-18
|
05 | Eric Rescorla | IESG state changed to IESG Evaluation from Waiting for Writeup |
2017-08-18
|
05 | Eric Rescorla | Placed on agenda for telechat - 2017-09-14 |
2017-08-18
|
05 | Eric Rescorla | Ballot has been issued |
2017-08-18
|
05 | Eric Rescorla | [Ballot Position Update] New position, Yes, has been recorded for Eric Rescorla |
2017-08-18
|
05 | Eric Rescorla | Created "Approve" ballot |
2017-08-18
|
05 | Eric Rescorla | Ballot writeup was changed |
2017-07-30
|
05 | (System) | IESG state changed to Waiting for Writeup from In Last Call |
2017-07-26
|
05 | (System) | IANA Review state changed to IANA OK - No Actions Needed from IANA - Review Needed |
2017-07-26
|
05 | Sabrina Tanamal | (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Services Operator has reviewed draft-ietf-curdle-ssh-dh-group-exchange-04, which is currently in Last Call, and has the following comments: We … (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Services Operator has reviewed draft-ietf-curdle-ssh-dh-group-exchange-04, which is currently in Last Call, and has the following comments: We understand that this document doesn't require any registry actions. While it's often helpful for a document's IANA Considerations section to remain in place upon publication even if there are no actions, if the authors strongly prefer to remove it, we do not object. If this assessment is not accurate, please respond as soon as possible. Thank you, Sabrina Tanamal IANA Services Specialist PTI |
2017-07-25
|
05 | Pete Resnick | Request for Last Call review by GENART Completed: Ready. Reviewer: Pete Resnick. Sent review to list. |
2017-07-20
|
05 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Daniel Franke |
2017-07-20
|
05 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Daniel Franke |
2017-07-20
|
05 | Jean Mahoney | Request for Last Call review by GENART is assigned to Pete Resnick |
2017-07-20
|
05 | Jean Mahoney | Request for Last Call review by GENART is assigned to Pete Resnick |
2017-07-17
|
05 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Susan Hares |
2017-07-17
|
05 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Susan Hares |
2017-07-17
|
05 | Loganaden Velvindron | New version available: draft-ietf-curdle-ssh-dh-group-exchange-05.txt |
2017-07-17
|
05 | (System) | New version approved |
2017-07-17
|
05 | (System) | Request for posting confirmation emailed to previous authors: Loganaden Velvindron , Mark Baushke |
2017-07-17
|
05 | Loganaden Velvindron | Uploaded new revision |
2017-07-16
|
04 | Cindy Morgan | IANA Review state changed to IANA - Review Needed |
2017-07-16
|
04 | Cindy Morgan | The following Last Call announcement was sent out (ends 2017-07-30): From: The IESG To: IETF-Announce CC: ekr@rtfm.com, draft-ietf-curdle-ssh-dh-group-exchange@ietf.org, Daniel Migault , curdle-chairs@ietf.org, … The following Last Call announcement was sent out (ends 2017-07-30): From: The IESG To: IETF-Announce CC: ekr@rtfm.com, draft-ietf-curdle-ssh-dh-group-exchange@ietf.org, Daniel Migault , curdle-chairs@ietf.org, curdle@ietf.org, daniel.migault@ericsson.com Reply-To: ietf@ietf.org Sender: Subject: Last Call: (Increase SSH minimum recommended DH modulus size to 2048 bits) to Proposed Standard The IESG has received a request from the CURves, Deprecating and a Little more Encryption WG (curdle) to consider the following document: - 'Increase SSH minimum recommended DH modulus size to 2048 bits' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2017-07-30. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The Diffie-Hellman (DH) Group Exchange for the Secure Shell (SSH) Transport layer Protocol specifies that servers and clients should support groups with a modulus length of k bits, where the recommended minumum value is 1024 bits. Recent security research has shown that a minimum value of 1024 bits is insufficient against state-sponsored actors. As such, this document formally updates the specification such that the minimum recommended value for k is 2048 bits and the group size is 2048 bits at minimum. This RFC updates RFC4419 which allowed for DH moduli less than 2048 bits. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-curdle-ssh-dh-group-exchange/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-curdle-ssh-dh-group-exchange/ballot/ No IPR declarations have been submitted directly on this I-D. |
2017-07-16
|
04 | Cindy Morgan | IESG state changed to In Last Call from Last Call Requested |
2017-07-16
|
04 | Eric Rescorla | Last call was requested |
2017-07-16
|
04 | Eric Rescorla | Last call announcement was generated |
2017-07-16
|
04 | Eric Rescorla | Ballot approval text was generated |
2017-07-16
|
04 | Eric Rescorla | Ballot writeup was generated |
2017-07-16
|
04 | Eric Rescorla | IESG state changed to Last Call Requested from Publication Requested |
2017-07-11
|
04 | Daniel Migault | As required by RFC 4858, this is the current template for the Document Shepherd Write-Up. Changes are expected over time. This version is dated … As required by RFC 4858, this is the current template for the Document Shepherd Write-Up. Changes are expected over time. This version is dated 24 February 2012. (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? The intended status is "Standards Track". This is the appropriated status as the document updates RFC 4419 which is of type "Standards Track". The type is also justified as the document affects interoperability. This document formally updates the specification such that the minimum recommended value for k is 2048 bits and the group size is 2048 bits at minimum. This RFC updates RFC4419 which allowed for DH moduli less than 2048 bits. (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary Relevant content can frequently be found in the abstract and/or introduction of the document. If not, this may be an indication that there are deficiencies in the abstract or introduction. The Diffie-Hellman (DH) Group Exchange for the Secure Shell (SSH) Transport layer Protocol specifies that servers and clients should support groups with a modulus length of k bits, where the recommended minumum value is 1024 bits. Recent security research has shown that a minimum value of 1024 bits is insufficient against state-sponsored actors. As such, this document formally updates the specification such that the minimum recommended value for k is 2048 bits and the group size is 2048 bits at minimum. This RFC updates RFC4419 which allowed for DH moduli less than 2048 bits. The update of RFC 4419 is mentioned in the header, the abstract and the introduction. Working Group Summary Was there anything in WG process that is worth noting? For example, was there controversy about particular points or were there decisions where the consensus was particularly rough? No controversy were noted. Document Quality Are there existing implementations of the protocol? Have a significant number of vendors indicated their plan to implement the specification? Are there any reviewers that merit special mention as having done a thorough review, e.g., one that resulted in important changes or a conclusion that the document had no substantive issues? If there was a MIB Doctor, Media Type or other expert review, what was its course (briefly)? In the case of a Media Type review, on what date was the request posted? At least one Open Source implementation has implemented this: OpenSSH: http://freshbsd.org/commit/openbsd/2a2c1e4e7e3fcc787fa334f50347ee1d282fac45 Personnel Who is the Document Shepherd? Who is the Responsible Area Director? Daniel Migault is the document shepherd, Eric Rescola is the AD. (3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. I reviewed the document and I think it is ready. (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? No. (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. No. (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. I have no concerns. (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why. The authors conformed they are not aware of any IPR. (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. This does not apply here. (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? The WG agree with it. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) No. (11) Identify any ID nits the Document Shepherd has found in this document. (See https://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. The nits provides the following below. The disclaimer might seem necessary as the current document describes how RFC4419 is updated by the current document. -- The document seems to contain a disclaimer for pre-RFC5378 work, and may have content which was first submitted before 10 November 2008. The disclaimer is necessary when there are original authors that you have been unable to contact, or if some do not wish to grant the BCP78 rights to the IETF Trust. If you are able to get all authors (current and original) to grant those rights, you can and should remove the disclaimer; otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at http://trustee.ietf.org/license-info for more information.) (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews. (13) Have all references within this document been identified as either normative or informative? Yes. (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? No. (15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. No. (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary. This document changes the status of RFC4419. This is mentioned in the header, abstract and introduction. (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226). There is no IANA considerations. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. This does not apply here. (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc. This does not apply here. |
2017-07-11
|
04 | Daniel Migault | Responsible AD changed to Eric Rescorla |
2017-07-11
|
04 | Daniel Migault | IETF WG state changed to Submitted to IESG for Publication from In WG Last Call |
2017-07-11
|
04 | Daniel Migault | IESG state changed to Publication Requested |
2017-07-11
|
04 | Daniel Migault | IESG process started in state Publication Requested |
2017-07-11
|
04 | Daniel Migault | Changed document writeup |
2017-07-11
|
04 | Daniel Migault | Changed document writeup |
2017-06-22
|
04 | Loganaden Velvindron | New version available: draft-ietf-curdle-ssh-dh-group-exchange-04.txt |
2017-06-22
|
04 | (System) | New version approved |
2017-06-22
|
04 | (System) | Request for posting confirmation emailed to previous authors: Loganaden Velvindron , Mark Baushke |
2017-06-22
|
04 | Loganaden Velvindron | Uploaded new revision |
2017-06-21
|
03 | Loganaden Velvindron | New version available: draft-ietf-curdle-ssh-dh-group-exchange-03.txt |
2017-06-21
|
03 | (System) | New version approved |
2017-06-21
|
03 | (System) | Request for posting confirmation emailed to previous authors: Loganaden Velvindron , Mark Baushke |
2017-06-21
|
03 | Loganaden Velvindron | Uploaded new revision |
2017-06-21
|
02 | Daniel Migault | IETF WG state changed to In WG Last Call from WG Document |
2017-06-20
|
02 | Loganaden Velvindron | New version available: draft-ietf-curdle-ssh-dh-group-exchange-02.txt |
2017-06-20
|
02 | (System) | New version approved |
2017-06-20
|
02 | (System) | Request for posting confirmation emailed to previous authors: Loganaden Velvindron , Mark Baushke |
2017-06-20
|
02 | Loganaden Velvindron | Uploaded new revision |
2017-06-12
|
01 | Daniel Migault | Changed document writeup |
2017-06-12
|
01 | Daniel Migault | Changed document writeup |
2017-06-12
|
01 | Daniel Migault | Changed document writeup |
2017-06-11
|
01 | Daniel Migault | Changed document writeup |
2017-06-11
|
01 | Daniel Migault | Changed consensus to Yes from Unknown |
2017-06-11
|
01 | Daniel Migault | Intended Status changed to Proposed Standard from None |
2017-06-11
|
01 | Daniel Migault | Notification list changed to Daniel Migault <daniel.migault@ericsson.com> |
2017-06-11
|
01 | Daniel Migault | Document shepherd changed to Daniel Migault |
2017-05-18
|
01 | Loganaden Velvindron | New version available: draft-ietf-curdle-ssh-dh-group-exchange-01.txt |
2017-05-18
|
01 | (System) | New version approved |
2017-05-18
|
01 | (System) | Request for posting confirmation emailed to previous authors: Loganaden Velvindron , curdle-chairs@ietf.org, Mark Baushke |
2017-05-18
|
01 | Loganaden Velvindron | Uploaded new revision |
2017-05-16
|
00 | Loganaden Velvindron | New version available: draft-ietf-curdle-ssh-dh-group-exchange-00.txt |
2017-05-16
|
00 | (System) | WG -00 approved |
2017-05-12
|
00 | Loganaden Velvindron | Set submitter to "Loganaden Velvindron ", replaces to (none) and sent approval email to group chairs: curdle-chairs@ietf.org |
2017-05-12
|
00 | Loganaden Velvindron | Uploaded new revision |