IETF Logo Mail Archive

Re: [Curdle] new AD review comments on draft-ietf-curdle-ssh-ed25519-ed448-08

Daniel Migault <daniel.migault@ericsson.com> Thu, 06 June 2019 14:56 UTC

Return-Path: <daniel.migault@ericsson.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 133C012012C; Thu, 6 Jun 2019 07:56:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.425
X-Spam-Level:
X-Spam-Status: No, score=-2.425 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.415, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EG2PwHbmQRk0; Thu, 6 Jun 2019 07:56:50 -0700 (PDT)
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-eopbgr820078.outbound.protection.outlook.com [40.107.82.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 383071200F9; Thu, 6 Jun 2019 07:56:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=w7f6SJIgRt+z0VcdC9rg/ajh7D6ep+usjS0M2/DjdgQ=; b=NMsphKJSE6f3+P9w+jLH71aDDb45WpoSJD4r023k/WYDFgztXdAjPoD8nYh46mvC/6OUxEfLh80+2J+xoR3N2KTHsW1sd+x/NlNdplMM7UbSUi/OibTWWkLwCnsdeiIr0gbT/wkv9c++KrjFSIC/AFAcVqgWP6Vb5xWRPPMgljU=
Received: from DM6PR15MB3531.namprd15.prod.outlook.com (10.141.164.29) by DM6PR15MB2729.namprd15.prod.outlook.com (20.179.162.222) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1965.12; Thu, 6 Jun 2019 14:56:46 +0000
Received: from DM6PR15MB3531.namprd15.prod.outlook.com ([fe80::15f0:ad13:112d:529d]) by DM6PR15MB3531.namprd15.prod.outlook.com ([fe80::15f0:ad13:112d:529d%7]) with mapi id 15.20.1965.011; Thu, 6 Jun 2019 14:56:46 +0000
From: Daniel Migault <daniel.migault@ericsson.com>
To: Loganaden Velvindron <loganaden@gmail.com>
CC: Benjamin Kaduk <kaduk@mit.edu>, "draft-ietf-curdle-ssh-ed25519-ed448.all@ietf.org" <draft-ietf-curdle-ssh-ed25519-ed448.all@ietf.org>, "curdle@ietf.org" <curdle@ietf.org>
Thread-Topic: new AD review comments on draft-ietf-curdle-ssh-ed25519-ed448-08
Thread-Index: AQHVGvyouXNq2Av80UGqN7hXUNGiHaaNFNsAgAEgvYCAAIACcA==
Date: Thu, 06 Jun 2019 14:56:46 +0000
Message-ID: <DM6PR15MB3531792B7CB48B7E08D67E2CE3170@DM6PR15MB3531.namprd15.prod.outlook.com>
References: <20190604174029.GC8678@prolepsis.kaduk.org> <DM6PR15MB3531AACEA6B575BBACAFD413E3160@DM6PR15MB3531.namprd15.prod.outlook.com> <CAOp4FwTKAW+vkEbsYTPUVUSB6ve2=uTGiTKwQUB0trZ981MTWw@mail.gmail.com>
In-Reply-To: <CAOp4FwTKAW+vkEbsYTPUVUSB6ve2=uTGiTKwQUB0trZ981MTWw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=daniel.migault@ericsson.com;
x-originating-ip: [192.75.88.130]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: bc75e95e-d0b0-4653-621e-08d6ea8f328c
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:DM6PR15MB2729;
x-ms-traffictypediagnostic: DM6PR15MB2729:
x-ms-exchange-purlcount: 4
x-microsoft-antispam-prvs: <DM6PR15MB2729685AF764ED51003430F6E3170@DM6PR15MB2729.namprd15.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 00603B7EEF
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(39860400002)(366004)(346002)(376002)(136003)(199004)(189003)(53754006)(13464003)(44832011)(316002)(71200400001)(71190400001)(8936002)(2906002)(99286004)(53936002)(6116002)(790700001)(3846002)(6246003)(486006)(4326008)(66574012)(66476007)(73956011)(64756008)(606006)(14454004)(25786009)(66556008)(66446008)(478600001)(74316002)(66946007)(476003)(66066001)(5660300002)(7736002)(11346002)(54906003)(446003)(229853002)(966005)(81156014)(81166006)(76116006)(33656002)(68736007)(52536014)(14444005)(86362001)(7696005)(6916009)(256004)(9686003)(6306002)(186003)(54896002)(55016002)(26005)(53546011)(102836004)(236005)(6436002)(8676002)(76176011)(1411001)(6506007); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR15MB2729; H:DM6PR15MB3531.namprd15.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: HaCChUgjzrRMGTgUxmOwcZZfANGbKakz1kZ3lWcXteZwcGkVbkRoykvgdUjRT77G47fhryLwkvJiDsWYHQuy6g5NYXyQ0gE0sHMq3gu0c0rnLyG2UCa+0jJ56hTxdnrNkGZCGyY+v0boSLNdxVs2w89+speODYOUMC4irb+b2NUAivBMhpz93WitiyrFy1GG3aCank2ChMNPCkz2G7hTfPSKTVSLH9p1wJNCrvU5mQWSpayfRAUzzK6JyMBPfW8WzB8qxggZOVQOn3Y9dpxDaCB3hkUp/+3rN0zpnPFCYCQSAtotnR+s4j+0jdiWEJgZ4dShXfe8J9qnzzbhlkd7qHTY4GEBR3vXqv8EBTdFv4cg7nXhT/OH8IxKmJb8lEUPM2ulrMvbyJz/gHZ0NH18AKCJJ7XYA8+8s5Hdl2aIH2g=
Content-Type: multipart/alternative; boundary="_000_DM6PR15MB3531792B7CB48B7E08D67E2CE3170DM6PR15MB3531namp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bc75e95e-d0b0-4653-621e-08d6ea8f328c
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Jun 2019 14:56:46.7748 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: daniel.migault@ericsson.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR15MB2729
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/EWppNIv9IODZL3SqM6qvfBMS-24>
Subject: Re: [Curdle] new AD review comments on draft-ietf-curdle-ssh-ed25519-ed448-08
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Jun 2019 14:56:54 -0000

This is correct, for some reasons I reviewed version 07. So version 08 is solving the opsdir issue. I will close the thread on the mailing list.

The SSHF Record includes the algorithm used for the public key, the type of the fingerprint. The current draft only adds a registry for the algorithm. I believe the confusion might be that the current text  seems to indicate some additional changes for example in the generation of the finger print.  Maybe the text below around the following lines clarifies the purpose of the changes.

If so, the only remaining point is the IPR declaration.

OLD:
The generation of SSHFP resource records for "ssh-ed25519" keys is
   described in [RFC7479].

   The generation of SSHFP resource records for "ssh-ed448" keys is
   described as follows.

   the SSHFP Resource Record for the Ed448 public key with SHA-256
   fingerprint would be example be:

   example.com.  IN SSHFP TBD 2 ( a87f1b687ac0e57d2a081a2f2826723
   34d90ed316d2b818ca9580ea384d924 01 )

   The 2 here indicates SHA-256 [RFC6594].

NEW:

The generation of SSHFP resource records for "ssh-ed25519" keys is
   described in [RFC7479].

The SSHFP resource records for "ssh-ed448" keys is generated similarly,
with the algorithm field indicating a Ed448 public key.

The SSHFP Resource Record for the Ed448 public key with SHA-256
fingerprint would be example be:

example.com.  IN SSHFP TBD 2 ( a87f1b687ac0e57d2a081a2f2826723
34d90ed316d2b818ca9580ea384d924 01 )

The 2 here indicates SHA-256 [RFC6594].

From: Loganaden Velvindron <loganaden@gmail.com>
Sent: Thursday, June 06, 2019 3:02 AM
To: Daniel Migault <daniel.migault@ericsson.com>
Cc: Benjamin Kaduk <kaduk@mit.edu>; draft-ietf-curdle-ssh-ed25519-ed448.all@ietf.org; curdle@ietf.org
Subject: Re: new AD review comments on draft-ietf-curdle-ssh-ed25519-ed448-08

I already published rev08 to address those issues:
https://tools.ietf.org/rfcdiff?difftype=--hwdiff&url2=draft-ietf-curdle-ssh-ed25519-ed448-08.txt

On Wed, Jun 5, 2019 at 5:52 PM Daniel Migault <daniel.migault@ericsson.com<mailto:daniel.migault@ericsson.com>> wrote:
Thanks Ben for the follow-up, please see my responses inline for (2) and (4). I believe a version 08 is needed to address (1) and (2).
Yours,
Daniel

-----Original Message-----
From: Benjamin Kaduk <kaduk@mit.edu<mailto:kaduk@mit.edu>>
Sent: Tuesday, June 04, 2019 1:41 PM
To: draft-ietf-curdle-ssh-ed25519-ed448.all@ietf.org<mailto:draft-ietf-curdle-ssh-ed25519-ed448.all@ietf.org>
Cc: curdle@ietf.org<mailto:curdle@ietf.org>
Subject: new AD review comments on draft-ietf-curdle-ssh-ed25519-ed448-08

Hi all,

I'm just about ready to send this to the IESG, but there seems to be a few things to fix, first:

(1) In Section 8 we say "The generation of SSHFP resource records for "ssh-ed448" keys is described as follows." but then give only an example and not a description of what to do.  We need to say more about this procedure

(2) I'm not sure if the chain on the opsdir review got fully resolved; see https://mailarchive.ietf.org/arch/msg/curdle/DZc2Sr19zJ71nnC3pSIF0uPhaCk
<mglt>
The current version has not accordingly been updated.
</mglt>

(3) The shepherd writeup says that Ben did not confirm IPR (non)disclosure per BCPs 78 and 79 -- Ben, can you please do so now?

(4) Daniel, can you please update the shepherd writeup to reflect the discussions with the directorate reviewers about document status?  I'm sure that some IESG members will ask "why not Informational?" if we don't forestall them.

<mglt>
I have update the shepherd as follows:

(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)?  Why
is this the proper type of RFC?  Is this type of RFC indicated in the
title page header?

The requested status is Standard Track. This is necessary for
inter-operability  and as such the Standard Track seems the
most appropriated status.

The OPS Directorate wondered why version 07 was a Standard Track
document and not an informational document as no normative 2119 words.

The reason for being a standard track is that we expect the implementation
that implement SSH to follow these recommendations. The consensus was
to explicitly mention it in the document around the lines:

"Standard implementations of SSH SHOULD implement these signature algorithms."
</mglt>
Thanks,

Ben

v2.23.0 | Report a Bug | By Email