Re: DH Group Exchange Fallback

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Do I understand correctly, that you find the security of group 14 unacceptable and yet you left it enabled?

On 9/22/17, 2:01 PM, "openssh-unix-dev on behalf of Joseph S Testa II" <openssh-unix-dev-bounces+tim.broberg=servicenow.com@xxxxxxxxxxx on behalf of jtesta@xxxxxxxxxxxxxxxxxxxx> wrote:

    On 09/22/2017 03:22 PM, Daniel Kahn Gillmor wrote:
    > On Thu 2017-09-21 18:12:44 -0400, Joseph S Testa II wrote:
    >>      I gotta say... having a fallback mechanism here seems pretty
    >> strange.  The entire point of the group exchange is to use a dynamic
    >> group and not a static one.
    > 
    > fwiw, i think dynamic groups for DHE key exchange is intrinsically
    > problematic when there is any computational expense in validating the
    > quality of the group parameters.
    
    While some may agree with this, the fact remains that the current 
    implementation isn't working as expected.  I'm interested in correcting 
    the behavior.
    
        - Joe
    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@xxxxxxxxxxx
    https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.mindrot.org_mailman_listinfo_openssh-2Dunix-2Ddev&d=DwICAg&c=Zok6nrOF6Fe0JtVEqKh3FEeUbToa1PtNBZf6G01cvEQ&r=WxtmI2HcpDF2j1UPw-tBSatMtcAHcEc-gP6FGr3XijQ&m=fMI3Ao0UH8hvwBTkGGtmUAcxESVoEIlJMnu_UFC59Ps&s=PAGa24VxwyFcJP8QGus43lSGYkGU6OpQ0k0o2TCOejs&e=
    

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux