Date: Sun, 26 Nov 2000 18:57:16 -0400 From: "Jeroen C. van Gelderen" <jeroen@vangelderen.org> To: Niels Provos <provos@citi.umich.edu> Cc: Kris Kennaway <kris@FreeBSD.ORG>, "Brian F. Feldman" <green@FreeBSD.ORG>, security@FreeBSD.ORG Subject: Re: OpenSSH 2.3.0 pre-upgrade Message-ID: <3A21954C.F9E9D25F@vangelderen.org> References: <20001126215625.21D89207C1@citi.umich.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Niels,
Niels Provos wrote:
>
> Hi,
>
> Jeroen C. van Gelderen wrote:
> >You happen to know who came up with the non-standard
> >extension to the SSH2 protocol that allows these primes
> >to be used??
> The key exchange is documented in
>
> Diffie-Hellman Group Exchange for the SSH Transport Layer Protocol
> draft-provos-secsh-dh-group-exchange-00.txt
>
> All rationale is contained within.
Ah! Thanks for the reference. You might want to publish
a refence to it (and the other I-D/RFCs) on openssh.com.
I do like the idea behind this new SSH2 key exchange but
I have a question: how does the client detect cooked primes?
Or at a more basic level: Are cooked primes a problem in
this setting?[1] If not, you want to mention this as a
non-issue in the "Security Considerations" section. If
cooked primes are indeed a problem the protocol needs to
be enhanced to counter them. Either way, the draft needs
a couple of extra words IMHO.
Anyway, my assumption that dh-group-exchange is non-standard
still holds as far as I can see so I'd still recommend not
enabling this feature by default for now.
What steps have to taken to have this standardized? Is this
proposal being considered by the IETF secsh working group?
Cheers,
Jeroen
[1] My gut feeling says that cooked primes could cause
privacy and repudation problems; I may very well be
wrong.
--
Jeroen C. van Gelderen - jeroen@vangelderen.org
"It is not utopian to work for a society without taxation;
it is utopian to think that the power to tax won't be abused
once it is granted." -- Murray N. Rothbard (1926-1995)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A21954C.F9E9D25F>