<?xml version="1.0" encoding="ISO-8859-1"?>
<!-- This template is for creating an Internet Draft using xml2rfc,
    which is available here: http://xml.resource.org. -->
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!-- One method to get references from the online citation libraries.
    There has to be one entity for each item to be referenced. 
    An alternate method (rfc include) is described in the references. -->

<!ENTITY RFC2119 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml">
<!ENTITY RFC4419 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4419.xml">
]>
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<!-- used by XSLT processors -->
<!-- For a complete list and description of processing instructions (PIs), 
    please see http://xml.resource.org/authoring/README.html. -->
<!-- Below are generally applicable Processing Instructions (PIs) that most I-Ds might want to use.
    (Here they are set differently than their defaults in xml2rfc v1.32) -->
<?rfc strict="yes" ?>
<!-- give errors regarding ID-nits and DTD validation -->
<!-- control the table of contents (ToC) -->
<?rfc toc="yes"?>
<!-- generate a ToC -->
<?rfc tocdepth="4"?>
<!-- the number of levels of subsections in ToC. default: 3 -->
<!-- control references -->
<?rfc symrefs="yes"?>
<!-- use symbolic references tags, i.e, [RFC2119] instead of [1] -->
<?rfc sortrefs="yes" ?>
<!-- sort the reference entries alphabetically -->
<!-- control vertical white space 
    (using these PIs as follows is recommended by the RFC Editor) -->
<?rfc compact="yes" ?>
<!-- do not start each main section on a new page -->
<?rfc subcompact="no" ?>
<!-- keep one blank line between list items -->
<!-- end of list of popular I-D processing instructions -->
<rfc category="std" docName="draft-lvelvindron-curdle-dh-group-exchange-00" ipr="trust200902">
 <!-- category values: std, bcp, info, exp, and historic
    ipr values: trust200902, noModificationTrust200902, noDerivativesTrust200902,
       or pre5378Trust200902
    you can add the attributes updates="NNNN" and obsoletes="NNNN" 
    they will automatically be output with "(if approved)" -->

 <!-- ***** FRONT MATTER ***** -->

 <front>
   <!-- The abbreviated title is used in the page header - it is only necessary if the 
        full title is longer than 39 characters -->

   <title abbrev="Recommended minimum modulus size">Increase minimum recommended modulus size to 2048 bits</title>

   <!-- add 'role="editor"' below for the editors if appropriate -->

   <!-- Another author who claims to be an editor -->

   <author fullname="Loganaden Velvindron" initials="L.V." role="editor"
           surname="Velvindron">
     <organization>Hackers.mu </organization>

     <address>
       <postal>
         <street>88, Avenue De Plevitz</street>

         <!-- Reorder these if your country does things differently -->

         <city>Roches Brunes</city>

         <region></region>

         <code></code>

         <country>MU</country>
       </postal>

       <phone>+230 59762817</phone>

       <email>logan@hackers.mu</email>

       <!-- uri and facsimile elements may also be added -->
     </address>
   </author>

   <date year="2017" />

   <!-- If the month and year are both specified and are the current ones, xml2rfc will fill 
        in the current day for you. If only the current year is specified, xml2rfc will fill 
	 in the current day and month for you. If the year is not the current one, it is 
	 necessary to specify at least a month (xml2rfc assumes day="1" if not specified for the 
	 purpose of calculating the expiry date).  With drafts it is normally sufficient to 
	 specify just the year. -->

   <!-- Meta-data Declarations -->

   <area>General</area>

   <workgroup>Internet Engineering Task Force</workgroup>

   <!-- WG name at the upperleft corner of the doc,
        IETF is fine for individual submissions.  
	 If this element is not present, the default is "Network Working Group",
        which is used by the RFC Editor as a nod to the history of the IETF. -->

   <keyword>draft</keyword>

   <!-- Keywords will be incorporated into HTML output
        files in a meta tag but they have no effect on text or nroff
        output. If you submit your draft to the RFC Editor, the
        keywords will be used for the search engine. -->

   <abstract>
     <t> The Diffie-Hellman (DH) Group Exchange for the Secure Shell (SSH) Transport layer Protocol specifies that servers and clients should support groups with a modulus length of k bits, where the recommended minumum value is 1024 bits. Recent security research has shown that a minimum value of 1024 bits is insufficient against state-sponsored actors. As such, this document formally updates <xref target="RFC4419">RFC 4419</xref> such that the minimum recommended value for k is 2048 bits and the group size is 2048 bits at minimum. </t>
   </abstract>
 </front>

 <middle>
   <section title="Introduction">
       <t><xref target="RFC4419">RFC4419</xref> specifies a recommended minimum size of 1024 bits for k, which is the modulus length of the DH Group. It also suggests that in all cases, the size of the group needs be at least 1024 bits. This document updates <xref target="RFC4419"> RFC 4419 </xref> so that the minimum recommended size be 2048 bits.</t>

     <section title="Requirements Language">
       <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
       "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
       document are to be interpreted as described in <xref
       target="RFC2119">RFC 2119</xref>.</t>
     </section>
   </section>

   <section title="2048 bits DH Group">
       <t>
           Recent research <xref target="LOGJAM"/> strongly suggests that DH groups that are 1024 bits can be broken by state actors, and possibly an organization with enough computing resources. The authors show how they are able to break 768 bits DH group and extrapolate the attack to 1024 bits DH groups. In their analysis, they show that breaking 1024 bits can be done with enough computing resources. This document updates section 3 Paragraph 9 : Servers and clients SHOULD support groups with a modulus length of k bits where 2048 &lt;&#61; k &lt;&#61; 8192. The recommended minimum values for min and max are 2048 and 8192, respectively. This document also updates Section 3 Paragraph 11: In all cases, ths size of the group SHOULD be at least 2048 bits.</t>
   </section>
   <!-- Possibly a 'Contributors' section ... -->

   <section anchor="Security" title="Security Considerations">
     <t> This document discusses security issues of DH groups that are 1024 bits in size, and formally updates the minimum size of DH groups to be 2048 bits.</t>
   </section>
 </middle>

 <!--  *****BACK MATTER ***** -->

 <back>
   <!-- References split into informative and normative -->

   <!-- There are 2 ways to insert reference entries from the citation libraries:
    1. define an ENTITY at the top, and use "ampersand character"RFC2629; here (as shown)
    2. simply use a PI "less than character"?rfc include="reference.RFC.2119.xml"?> here
       (for I-Ds: include="reference.I-D.narten-iana-considerations-rfc2434bis.xml")

    Both are cited textually in the same manner: by using xref elements.
    If you use the PI option, xml2rfc will, by default, try to find included files in the same
    directory as the including file. You can also define the XML_LIBRARY environment variable
    with a value containing a set of directories to search.  These can be either in the local
    filing system or remote ones accessed by http (http://domain/dir/... ).-->

   <references title="Normative References">
     <!--?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml"?-->
     &RFC2119;
     <!-- &LOGJAM; -->
<reference anchor="LOGJAM"
           target="https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf">
  <front>
    <title>
      Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice
    </title>
    <author surname="Adrian" initials="D." fullname="David Adrian">
      <organization>Univeristy of Michigan</organization>
    </author>
    <author surname="Bhargavan" initials="K." fullname="Karthikeyan Bhargavan">
      <organization>INRIA Paris-Rocquencourt</organization>
    </author>
    <author surname="Durumeric" initials="Z." fullname="Zakir Durumeric">
      <organization>Univeristy of Michigan</organization>
    </author>
    <author surname="Gaudry" initials="P." fullname="Pierrick Gaudry">
      <organization>INRIA Nancy-Grand Est, CNRS, and Université de Lorraine
      </organization>
    </author>
    <author surname="Green" initials="M." fullname="Matthew Green">
      <organization>Johns Hopkins</organization>
    </author>
    <author surname="Halderman" initials="J. A." fullname="J. Alex Halderman">
      <organization>Univeristy of Michigan</organization>
    </author>
    <author surname="Heninger" initials="N." fullname="Nadia Heninger">
      <organization> University of Pennsylvania</organization>
    </author>
    <author surname="Springall" initials="D." fullname="Drew Springall">
      <organization>Univeristy of Michigan</organization>
    </author>
    <author surname="Thomé" initials="E." fullname="Emmanuel Thomé">
      <organization>INRIA Nancy-Grand Est, CNRS, and Université de Lorraine
      </organization>
    </author>
    <author surname="Valenta" initials="L." fullname="Luke Valenta">
      <organization> University of Pennsylvania</organization>
    </author>
    <author surname="VanderSloot" initials="B."
            fullname="Benjamin VanderSloot">
      <organization>Univeristy of Michigan</organization>
    </author>
    <author surname="Wustrow" initials="E." fullname="Eric Wustrow">
      <organization>Univeristy of Michigan</organization>
    </author>
    <author surname="Zanella-Béguelin" initials="S."
            fullname="Santiago Zanella-Béguelin">
      <organization>Microsoft Research</organization>
    </author>
    <author surname="Zimmermann" initials="P."
            fullname="Paul Zimmermann">
      <organization>Univeristy of Michigan</organization>
    </author>
    <date year="2015"/>
  </front>
  <seriesInfo
      name="ACM Conference on Computer and Communications Security (CCS)"
      value="2015" />
</reference>

   </references>

   <references title="Informative References">
     <!-- Here we use entities that we defined at the beginning. -->
     
     &RFC4419;

     <!-- A reference written by by an organization not a person. -->


   </references>


   <!-- Change Log

v00 2006-03-15  EBD   Initial version

v01 2006-04-03  EBD   Moved PI location back to position 1 -
                     v3.1 of XMLmind is better with them at this location.
v02 2007-03-07  AH    removed extraneous nested_list attribute,
                     other minor corrections
v03 2007-03-09  EBD   Added comments on null IANA sections and fixed heading capitalization.
                     Modified comments around figure to reflect non-implementation of
                     figure indent control.  Put in reference using anchor="DOMINATION".
                     Fixed up the date specification comments to reflect current truth.
v04 2007-03-09 AH     Major changes: shortened discussion of PIs,
                     added discussion of rfc include.
v05 2007-03-10 EBD    Added preamble to C program example to tell about ABNF and alternative 
                     images. Removed meta-characters from comments (causes problems).

v06 2010-04-01 TT     Changed ipr attribute values to latest ones. Changed date to
                     year only, to be consistent with the comments. Updated the 
                     IANA guidelines reference from the I-D to the finished RFC.  -->
 </back>
</rfc>
