Technical Summary
Relevant content can frequently be found in the abstract
and/or introduction of the document. If not, this may be
an indication that there are deficiencies in the abstract
or introduction.
This document defines added Modular Exponential (MODP) Groups for the
Secure Shell (SSH) protocol using SHA-2 hashes.
Working Group Summary
Was there anything in WG process that is worth noting? For
example, was there controversy about particular points or
were there decisions where the consensus was particularly
rough?
The document received few reviews on the mailing list. However,
discussions occur on whether:
- choosing IKE vs TLS primes
- choosing fixed primes versus random.
The consensus for this document was to restraint to the primes defined for IKE.
Are there existing implementations of the protocol? Have a
significant number of vendors indicated their plan to
implement the specification? Are there any reviewers that
merit special mention as having done a thorough review,
e.g., one that resulted in important changes or a
conclusion that the document had no substantive issues? If
there was a MIB Doctor, Media Type or other expert review,
what was its course (briefly)? In the case of a Media Type
review, on what date was the request posted?
The draft describes the following key exchange algorithms:
* diffie-hellman-group14-sha256
* diffie-hellman-group15-sha512
* diffie-hellman-group16-sha512
* diffie-hellman-group17-sha512
* diffie-hellman-group18-sha512
These suites have been at least partially implemented. [00],[2]
* OpenSSH has implemented and distributed at least diffie-hellman-group14-sha256 it already [0]
* Dropbear has preliminary support for diffie-hellman-group14-sha256 by Matt Johnston [1]
* RLogin supports dh-group{14,15,16}-sha256 since version 2.19.8 [3].
* Tera Term committed dh-group{14,15,16}-sha256 support committed to trunk, and it will be included in next release. [4]
* Poderosa [5] committed to support dh-group{14,15,16}-sha256 support where a pull request has been sent [6].
[00] http://ssh-comparison.quendi.de/comparison/kex.html
[0] https://jbeekman.nl/blog/2015/05/ssh-logjam/
[1] http://www.ietf.org/mail-archive/web/secsh/current/msg01119.html
[2] http://www.ietf.org/mail-archive/web/secsh/current/msg01139.html
[3] http://nanno.dip.jp/softlib/man/rlogin/
[4] https://en.osdn.jp/projects/ttssh2/scm/svn/commits/6263
[5] http://poderosa.sourceforge.net/ in
[6] https://github.com/poderosaproject/poderosa/pull/17