Generic Security Service Application Program Interface (GSS-API) Key Exchange with SHA-2
draft-ietf-curdle-gss-keyex-sha2-10
Approval announcement
Draft of message to be sent after approval:
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: draft-ietf-curdle-gss-keyex-sha2@ietf.org, curdle@ietf.org, The IESG <iesg@ietf.org>, Daniel Migault <daniel.migault@ericsson.com>, curdle-chairs@ietf.org, daniel.migault@ericsson.com, kaduk@mit.edu, rfc-editor@rfc-editor.org
Subject: Protocol Action: 'GSS-API Key Exchange with SHA2' to Proposed Standard (draft-ietf-curdle-gss-keyex-sha2-10.txt)
The IESG has approved the following document:
- 'GSS-API Key Exchange with SHA2'
(draft-ietf-curdle-gss-keyex-sha2-10.txt) as Proposed Standard
This document is the product of the CURves, Deprecating and a Little more
Encryption Working Group.
The IESG contact persons are Benjamin Kaduk and Roman Danyliw.
A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-curdle-gss-keyex-sha2/
Technical Summary
This document specifies additions and amendments to SSH GSS-API
Methods [RFC4462]. It defines a new key exchange method that uses
SHA-2 for integrity and deprecates weak DH groups. The purpose of
this specification is to modernize the cryptographic primitives used
by GSS Key Exchanges.
Working Group Summary
No serious issues were raised with this document, but it received little
feedback overall.
Document Quality
The only currently know implementation are patches for OpenSSH in Fedora:
https://src.fedoraproject.org/rpms/openssh/blob/master/f/openssh-7.5p1-gssapi-kex-with-ec.patch
Personnel
Daniel Migault is the document shepherd.
Benjamin Kaduk is the responsible Area Director.
RFC Editor Note
In Section 5.1, sixth paragraph, please remove "according
to Section 4 of [RFC5656]" from the first sentence; that reference
is incorrect and RFC 7546 is (correctly) cited three paragraphs earlier.