Increase the Secure Shell Minimum Recommended Diffie-Hellman Modulus Size to 2048 Bits
RFC 8270

Approval announcement
Draft of message to be sent after approval:

From: The IESG <>
To: IETF-Announce <>
Cc: The IESG <>,,, Daniel Migault <>,,,,
Subject: Protocol Action: 'Increase SSH minimum recommended DH modulus size to 2048 bits' to Proposed Standard (draft-ietf-curdle-ssh-dh-group-exchange-06.txt)

The IESG has approved the following document:
- 'Increase SSH minimum recommended DH modulus size to 2048 bits'
  (draft-ietf-curdle-ssh-dh-group-exchange-06.txt) as Proposed Standard

This document is the product of the CURves, Deprecating and a Little more
Encryption Working Group.

The IESG contact persons are Kathleen Moriarty and Eric Rescorla.

A URL of this Internet Draft is:

Technical Summary

  The Diffie-Hellman (DH) Group Exchange for the Secure Shell (SSH)
Transport layer Protocol specifies that servers and clients should
support groups with a modulus length of k bits, where the recommended
minumum value is 1024 bits.  Recent security research has shown that
a minimum value of 1024 bits is insufficient against state-sponsored
actors.  As such, this document formally updates the specification
such that the minimum recommended value for k is 2048 bits and the
group size is 2048 bits at minimum.  This RFC updates RFC4419 which
allowed for DH moduli less than 2048 bits.

The update of RFC 4419 is mentioned in the header, the abstract and the introduction. 

Working Group Summary

 No controversy were noted

Document Quality

At least one Open Source implementation has implemented this:


   Daniel Migault is the document shepherd, Eric Rescorla is the AD.