Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol
RFC 4419

Note: This ballot was opened for revision 05 and is now closed.

(Thomas Narten) Discuss

Discuss (2004-02-05 for -)
>      Copyright (C) 2000-2003 by Markus Friedl, Niels Provos and William
>      A. Simpson.

Document needs to have proper (ISOC) copyright. 

>      The following message numbers have been defined in this document.
>        #define SSH_MSG_KEX_DH_GEX_REQUEST_OLD  30
>        #define SSH_MSG_KEX_DH_GEX_REQUEST      34
>        #define SSH_MSG_KEX_DH_GEX_GROUP        31
>        #define SSH_MSG_KEX_DH_GEX_INIT         32
>        #define SSH_MSG_KEX_DH_GEX_REPLY        33

Shouldn't there be an IANA considerations section for this? Indeed,
looking at draft-ietf-secsh-assignednumbers-05.txt, that document
could make it more clear that the 30-40 range is used for key
exchange-specific methods. In that case, the registry for this range
will have multiple values. If IANA is to record that, it would be good
to make those instructions more clear.

(Russ Housley) Yes

(Harald Alvestrand) No Objection

Comment (2004-02-04 for -)
No email
send info
Copyright is nonstandard. I assume this will be deleted by the RFC Editor.
It seems strange to me that so many DH protocols have used fixed primes without there being any good reason for not just picking your own. But I trust the security reviewers that if there was a risk here (apart from the one Steve cites), they'd know about it.

(Steven Bellovin) (was Discuss) No Objection

(Margaret Cullen) No Objection

(Bill Fenner) No Objection

(Ned Freed) No Objection

(Ted Hardie) No Objection

(David Kessens) No Objection

(Allison Mankin) No Objection

(Jon Peterson) No Objection

Comment (2004-02-04 for -)
No email
send info
Nit: Do we usually apply section numbers to the Abstract, Status of this Memo, and Copyright?

(Mark Townsley) (was Discuss) No Objection

(Bert Wijnen) (was Discuss, No Objection) No Objection

Comment (2004-02-05 for -)
No email
send info
- Hyphenation is in conflict with rfc2223bis

- No specification of what SHOULD, MUST NOT and such mean, and no
  reference to RFC2119

- I wonder if Haralds claim "RFC-Editor will remove Copyright" is
  or can be true? I thought we would not accepts stds track documents
  with these sorts of claims

- Missing IPR statement

- The normative references seem pretty out of date.

- I cannot say that it is easy to find where/how this group negotiation
  fits into the whole picture. I think it would be good if some additional
  text for that were included.

(Alex Zinin) No Objection