idnits 2.17.1 

draft-lvelvindron-dh-group-exchange-00.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The document seems to lack an IANA Considerations section.  (See Section
     2.2 of https://www.ietf.org/id-info/checklist for how to handle the case
     when there are no actions for IANA.)

  ** The abstract seems to contain references ([RFC4419]), which it
     shouldn't.  Please replace those with straight textual mentions of the
     documents in question.

  -- The abstract seems to indicate that this document updates RFC4419, but
     the header doesn't have an 'Updates:' line to match this.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document date (March 10, 2017) is 2603 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  == Missing Reference: 'LOGJAM' is mentioned on line 81, but not defined

  -- Looks like a reference, but probably isn't: '1' on line 117


     Summary: 2 errors (**), 0 flaws (~~), 2 warnings (==), 3 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	Internet Engineering Task Force                       L. Velvindron, Ed.
3	Internet-Draft                                         Hackers Mauritius
4	Intended status: Standards Track                          March 10, 2017
5	Expires: September 11, 2017

7	         Increase minimum recommended modulus size to 2048 bits
8	                 draft-lvelvindron-dh-group-exchange-00

10	Abstract

12	   The Diffie-Hellman Group Exchange for the Secure Shell (SSH)
13	   Transport layer Protocol specifies that servers and clients should
14	   support groups with a modulus length of k bits, where the recommended
15	   minumum value is 1024 bits.  Recent security research has shown that
16	   a minimum value of 1024 bits is insufficient against state-sponsored
17	   actors.  As such, this document formally updates RFC 4419 [RFC4419]
18	   such that the minimum recommended value for k is 2048 bits and the
19	   group size is 2048 bits at minimum.

21	Status of This Memo

23	   This Internet-Draft is submitted in full conformance with the
24	   provisions of BCP 78 and BCP 79.

26	   Internet-Drafts are working documents of the Internet Engineering
27	   Task Force (IETF).  Note that other groups may also distribute
28	   working documents as Internet-Drafts.  The list of current Internet-
29	   Drafts is at http://datatracker.ietf.org/drafts/current/.

31	   Internet-Drafts are draft documents valid for a maximum of six months
32	   and may be updated, replaced, or obsoleted by other documents at any
33	   time.  It is inappropriate to use Internet-Drafts as reference
34	   material or to cite them other than as "work in progress."

36	   This Internet-Draft will expire on September 11, 2017.

38	Copyright Notice

40	   Copyright (c) 2017 IETF Trust and the persons identified as the
41	   document authors.  All rights reserved.

43	   This document is subject to BCP 78 and the IETF Trust's Legal
44	   Provisions Relating to IETF Documents
45	   (http://trustee.ietf.org/license-info) in effect on the date of
46	   publication of this document.  Please review these documents
47	   carefully, as they describe your rights and restrictions with respect
48	   to this document.  Code Components extracted from this document must
49	   include Simplified BSD License text as described in Section 4.e of
50	   the Trust Legal Provisions and are provided without warranty as
51	   described in the Simplified BSD License.

53	Table of Contents

55	   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
56	     1.1.  Requirements Language . . . . . . . . . . . . . . . . . .   2
57	   2.  2048 bits Diffie-Hellman Group  . . . . . . . . . . . . . . .   2
58	   3.  Security Considerations . . . . . . . . . . . . . . . . . . .   3
59	   4.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   3
60	     4.1.  Normative References  . . . . . . . . . . . . . . . . . .   3
61	     4.2.  Informative References  . . . . . . . . . . . . . . . . .   3
62	     4.3.  URIs  . . . . . . . . . . . . . . . . . . . . . . . . . .   3
63	   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   3

65	1.  Introduction

67	   RFC4419 [RFC4419] specifies a recommended minimum size of 1024 for k,
68	   which is the modulus length of the Diffie-Hellman Group.  It also
69	   suggests that in all cases, the size of the group needs be at least
70	   1024 bits.  This document updates RFC 4419 [RFC4419] so that the
71	   minimum recommended size be 2048 bits

73	1.1.  Requirements Language

75	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
76	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
77	   document are to be interpreted as described in RFC 2119 [RFC2119].

79	2.  2048 bits Diffie-Hellman Group

81	   Recent research [LOGJAM]  [1] strongly suggests that DH groups that
82	   are 1024 bits can be broken by state actors, and possibly an
83	   organization with enough computing resources.  The authors show how
84	   they are able to break 768 bits DH group and extrapolate the attack
85	   to 1024 bits DH groups.  In their analysis, they show that breaking
86	   1024 bits can be done with enough computing resources.  This document
87	   updates section 3 Paragraph 9 : Servers and clients SHOULD support
88	   groups with a modulus length of k bits where 2048 <= k <= 8192.  The
89	   recommended minimum values for min and max are 2048 and 8192,
90	   respectively.  This document also updates Section 3 Paragraph 11: In
91	   all cases, ths size of the group SHOULD be at least 2048 bits.

93	3.  Security Considerations

95	   This document discusses security issues of DH groups that are 1024
96	   bits in size, and formally updates the minimum size of DH groups to
97	   be 2048 bits.

99	4.  References

101	4.1.  Normative References

103	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
104	              Requirement Levels", BCP 14, RFC 2119,
105	              DOI 10.17487/RFC2119, March 1997,
106	              <http://www.rfc-editor.org/info/rfc2119>.

108	4.2.  Informative References

110	   [RFC4419]  Friedl, M., Provos, N., and W. Simpson, "Diffie-Hellman
111	              Group Exchange for the Secure Shell (SSH) Transport Layer
112	              Protocol", RFC 4419, DOI 10.17487/RFC4419, March 2006,
113	              <http://www.rfc-editor.org/info/rfc4419>.

115	4.3.  URIs

117	   [1] https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf

119	Author's Address

121	   Loganaden Velvindron (editor)
122	   Hackers Mauritius
123	   88, Avenue De Plevitz
124	   Roches Brunes
125	   MU

127	   Phone: +230 59762817
128	   Email: logan@hackers.mu