Re: [Curdle] I-D Action: draft-ietf-curdle-ssh-ext-info-09.txt
denis bider <denisbider.ietf@gmail.com> Tue, 13 June 2017 04:38 UTC
Return-Path: <denisbider.ietf@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A35231270A7 for <curdle@ietfa.amsl.com>; Mon, 12 Jun 2017 21:38:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KU8cYfA7DlZH for <curdle@ietfa.amsl.com>; Mon, 12 Jun 2017 21:38:04 -0700 (PDT)
Received: from mail-yb0-x233.google.com (mail-yb0-x233.google.com [IPv6:2607:f8b0:4002:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B43CB1200F1 for <curdle@ietf.org>; Mon, 12 Jun 2017 21:38:04 -0700 (PDT)
Received: by mail-yb0-x233.google.com with SMTP id f192so32321666yba.2 for <curdle@ietf.org>; Mon, 12 Jun 2017 21:38:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=IWXoRpDBTN2N+0qmJqdGcJf7ceuUmgTxuas2gePIBBw=; b=Oh9gLlVkZQT7CNOhGe5xnbmjmQ3GY1QGKSE/dgRerxTBrpdjzIwC4XbiiPX/RZ/RyH 70c4N3YNjcg92liH2TXiK2Z6xm9g2sbXkq3LvJImQnm866Q4wqL5GJKljgVdrlMtDGef wCXG0cBgQp4VsvhMZ07uBTXCL3K3UHdqhPsSXQSSCc8cYgTvIdGrsHXvJh0QkKppEBX3 CeaQBXiOcs2lO9qBEtbRmhOIkmychq/sbDcE5wuIAwKbIU3pBa9UfIWsVIF0tGnSg3OE YiGwFi/KtkJcT8U8OKimc0bTfcjwomsP/5A8UUwl1tcoL+VG8JFX+B8K/HMK3TYxxao5 O1pg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=IWXoRpDBTN2N+0qmJqdGcJf7ceuUmgTxuas2gePIBBw=; b=C0PKIzDvTmsWVC2646Kb+1f7GG21BEsmnLdt6ZcBYzji3HJ4zFfn9KZKUjh/ocJa1+ IXIs/wTriDiwPmTPZ86FPABXsxVItYPzK9GmPr7EmjeClv+99riwBIyCvsvGL6YR3ljT p/skaBwDh9F0CB+tu4uSBher1KAwYKbuEI/ACeCABVZcfpgLxQW6+XZfmLQC86FZkE2E zuVw8cT3dRVLfKDYALkPm5bEglhCz59o7fUqG/7C+7Mpp4Lv7g7LXUMfIWe8hMShBhrb 1Ir8r3UeC8SN+X/atNROLPrMtKeQQCsA1qY+dkDFCaPyLxY5yfT/b/1dKVKie7Sy2MGB LRbg==
X-Gm-Message-State: AKS2vOwQSzZcQzAGNP10CnfXZmZD5yHVvAVknGuwHBvLnCJzTwTOj+hX RKRF7mxFdhy7xXXWio+Cxwffcy3URw==
X-Received: by 10.37.125.133 with SMTP id y127mr1819436ybc.238.1497328683882; Mon, 12 Jun 2017 21:38:03 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.45.2 with HTTP; Mon, 12 Jun 2017 21:38:03 -0700 (PDT)
In-Reply-To: <149732795448.7714.6886250987278762657@ietfa.amsl.com>
References: <149732795448.7714.6886250987278762657@ietfa.amsl.com>
From: denis bider <denisbider.ietf@gmail.com>
Date: Mon, 12 Jun 2017 22:38:03 -0600
Message-ID: <CADPMZDDiLejZAftDumbwfXp2sjMK3+fSOhPkSvdPXyDSZ1aP7A@mail.gmail.com>
To: curdle <curdle@ietf.org>
Content-Type: multipart/alternative; boundary="001a114dc596509c970551d000e6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/06fbojIxhN5Ev1RUFZ13lTAPFm4>
Subject: Re: [Curdle] I-D Action: draft-ietf-curdle-ssh-ext-info-09.txt
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jun 2017 04:38:07 -0000
Hello everyone, it has come to my attention that a widely used SSH implementation that supports EXT_INFO contains an oversight (uses an incorrect string decoding function) which imposes undesirable restrictions on the content of "extension-value". Regretfully, this oversight makes it so that the "delay-compression" extension cannot be sent to current versions of this application. The application does not understand the extension, but will choke on the null bytes contained in the extension-value. I trust that this was unintentional, and that the implementers will fix the oversight. This behavior was previously already against the spec, but the language that dictated this was subtle and in a different section than the definition of "extension-value". I have made the language much more overt to help implementers avoid this problem in the future. denis On Mon, Jun 12, 2017 at 10:25 PM, <internet-drafts@ietf.org> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the CURves, Deprecating and a Little more > Encryption of the IETF. > > Title : Extension Negotiation in Secure Shell (SSH) > Author : Denis Bider > Filename : draft-ietf-curdle-ssh-ext-info-09.txt > Pages : 11 > Date : 2017-06-12 > > Abstract: > This memo updates RFC 4252, RFC 4253, and RFC 4254 to define a > mechanism for SSH clients and servers to exchange information about > supported protocol extensions confidentially after SSH key exchange. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-curdle-ssh-ext-info/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-curdle-ssh-ext-info-09 > https://datatracker.ietf.org/doc/html/draft-ietf-curdle-ssh-ext-info-09 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-curdle-ssh-ext-info-09 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > Curdle mailing list > Curdle@ietf.org > https://www.ietf.org/mailman/listinfo/curdle >
- [Curdle] I-D Action: draft-ietf-curdle-ssh-ext-in… internet-drafts
- Re: [Curdle] I-D Action: draft-ietf-curdle-ssh-ex… denis bider