IETF Logo Mail Archive

Re: [Curdle] Alexey Melnikov's Discuss on draft-ietf-curdle-ssh-ext-info-12: (with DISCUSS and COMMENT)

denis bider <denisbider.ietf@gmail.com> Wed, 13 September 2017 12:56 UTC

Return-Path: <denisbider.ietf@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6140A1241F3; Wed, 13 Sep 2017 05:56:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bqnbEmin0yNp; Wed, 13 Sep 2017 05:56:24 -0700 (PDT)
Received: from mail-lf0-x22f.google.com (mail-lf0-x22f.google.com [IPv6:2a00:1450:4010:c07::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 264A4132A1A; Wed, 13 Sep 2017 05:56:24 -0700 (PDT)
Received: by mail-lf0-x22f.google.com with SMTP id 80so350425lfy.4; Wed, 13 Sep 2017 05:56:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=xUNb2YMWk9Gh6GnFO764rkzM/Kt8X4Yz/RfmH+roUZc=; b=GDO/xFfbcFe6DJ9Zc8an78VzkFVSnH1BycQ46Ks8worI29y0G+leSIIzt2MJBhBxud mx6JXvK0SlXogeoLkt2eP9/wX23Cs4jwscnTPAv/JMn8YO9GS88ZaYsnDV10qsaHIP5H oowLNOgw6+9cHOesvTtZsJ0ItVxuoP4MsnptgPTQP0C3vpefFK6USdKXE+MqocnHvu8w 30SOGsNHQCl5Oj9+AYoUAVehL3ut/JU3x14OFK2A8Kqp3gMan6FBPvFveKk7/VVngqAN uEaA06cZHfgazhOw9qh8fCOAx8T+dcFMSLnqbHk9Nj3bHuPIp7ST41o1tyOyGgGc3/tY 0L6A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=xUNb2YMWk9Gh6GnFO764rkzM/Kt8X4Yz/RfmH+roUZc=; b=k5Ti/HrE50jOa7ydD3Iu/0jR090S/zaMbEx1tq+DuudTRRFhxdvllPXWFsm89/Q3yn ifly/Lz9LoqdDbuPyRasVRPZugkv3w56uuB3oVrDRs8fkumHOyG3gUvaxteOgzyMFmbs To0HB4bcBH56rJwzD4cIgTsOIbdEialTp+5floJSMgFSbbhpPRsFxQHy8xGKLgxHz70v ai91Pa1NBt4C24JWon4oCOwpXbmVuOOmUpwoHg9RQXYZzfBdMi/9cdyG8JZ0oPa+ls7A of2SPQFaCoQRYeZWzkoFfj5vx0ImrjGh/a2pB4B0RLxNJaJYsl5XW+adeDYf8Y7H6nmS 8PuQ==
X-Gm-Message-State: AHPjjUhfsN5YeNU8M8HrEVzJKRYPf/Zrf/rNdWWa+E9M+g5c1wPZxgco guWHkNbcXBwCeMd7P6DbFbrYT2ohpJ/8xDO/3Gc=
X-Google-Smtp-Source: ADKCNb7kWgOMJ+1lBTMc7q4ytkrxW7fikKTMC/KuCCMzryk+21PL7kHyxSR4lVpLMgO9V3wME4HtcantmtgOcfBZE4s=
X-Received: by 10.46.20.27 with SMTP id u27mr5239698ljd.39.1505307382392; Wed, 13 Sep 2017 05:56:22 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.179.27.209 with HTTP; Wed, 13 Sep 2017 05:56:21 -0700 (PDT)
In-Reply-To: <150530402783.30467.17664468923363358742.idtracker@ietfa.amsl.com>
References: <150530402783.30467.17664468923363358742.idtracker@ietfa.amsl.com>
From: denis bider <denisbider.ietf@gmail.com>
Date: Wed, 13 Sep 2017 06:56:21 -0600
Message-ID: <CADPMZDAENLRJEhbhYv86L=Q9v9nARtsrkicyPg86yGqrjUP0mg@mail.gmail.com>
To: Alexey Melnikov <aamelnikov@fastmail.fm>
Cc: The IESG <iesg@ietf.org>, Daniel Migault <daniel.migault@ericsson.com>, curdle-chairs <curdle-chairs@ietf.org>, curdle <curdle@ietf.org>, draft-ietf-curdle-ssh-ext-info@ietf.org
Content-Type: multipart/alternative; boundary="f403045fbb90ce2c0e055911af0f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/9uXUrBPf8ga8xrrrHLb3uxPcHMk>
Subject: Re: [Curdle] Alexey Melnikov's Discuss on draft-ietf-curdle-ssh-ext-info-12: (with DISCUSS and COMMENT)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Sep 2017 12:56:27 -0000

> It is not clear for me from the formatting whether the first
> name-list is sent by the client and the second by the server,
> or both lists are always included in the value. I suspect it
> is the former, but can you please clarify?

SSH negotiates compression, integrity, and encryption algorithms separately
for each direction. Both lists are sent by both parties. Not just here, but
also in KEXINIT.

This is used rarely in practice, but this draft keeps to the same practice,
so as not to bundle a reduction of functionality (i.e. requiring same
compression for both directions) in the same package as an extension (i.e.
providing a mechanism for delayed activation of compression).

The next draft will include an example of encoding, as suggested by Adam.
This should make things clearer, even for readers unfamiliar with SSH.


> 1) Sentences like:
> Use of  Receivers MUST tolerate any sequence of bytes; including
> null bytes at any position; in an unknown extension's extension-value.

Reads fine to me. Still, I changed these to use dashes.


> Can you provide an example of why depending on order
> would be useful? This potentially makes it harder to implement.

It is the nature of an extension mechanism that it intends to be open to
unforeseen circumstances. If we could come up with examples for all
possible future uses, extensions would not be required.

For this reason, I would prefer if you can demonstrate how allowing for
this possibility makes anything harder to implement. In my implementation
experience, it doesn't.


> In several places you use EXT_INFO instead of SSH_MSG_EXT_INFO.
> It would be less confusing if you used the latter consistently everywhere.

This doesn't just go for EXT_INFO, it also goes for KEXINIT, NEWKEYS,
NEWCOMPRESS, and USERAUTH_SUCCESS.

OK, I changed this to use the SSH_MSG_ prefix always.


>   This extension is sent by the server, and contains a list of public
>   key algorithms that the server is able to process as part of a
>   "publickey" authentication request. If a client sends this extension,
>   the server MAY ignore it, and MAY disconnect.
>
> Why would the client disconnect when seeing this extension? Does it mean
it is
> broken?
>
> Also, as the client can always disconnect at any point, why mentioning
this
> here?

I believe you have misread the text in this case. It should be clear from
the above quoted snippet.


> Can you elaborate on what do you mean by "authentication penalties"
> in this context?

SSH servers commonly implement some way of locking out or throttling IP
addresses that make frequent login attempts, so as to deter brute force
password guessing, username guessing, and similar undesired behaviors.

Some servers apply such penalties to clients that attempt to use an unknown
public key algorithm (e.g. "rsa-sha2-256"). This can result in the client's
IP address being locked out.

The "server-sig-algs" extension provides a way for the client to know that
the server supports e.g. "rsa-sha2-256" before it attempts to use it, to
avoid a potential IP lockout.



On Wed, Sep 13, 2017 at 6:00 AM, Alexey Melnikov <aamelnikov@fastmail.fm>
wrote:

> Alexey Melnikov has entered the following ballot position for
> draft-ietf-curdle-ssh-ext-info-12: Discuss
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-curdle-ssh-ext-info/
>
>
>
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
>
> This is generally a good and useful document. I have some minor comments I
> would like to discuss:
>
> 3.2.  "delay-compression"
>
>   This extension MAY be sent by both parties as follows:
>
>     string         "delay-compression"
>     string:
>       name-list    compression_algorithms_client_to_server
>       name-list    compression_algorithms_server_to_client
>
> It is not clear for me from the formatting whether the first name-list is
> sent
> by the client and the second by the server, or both lists are always
> included
> in the value. I suspect it is the former, but can you please clarify?
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> 1) Sentences like:
>   Use of  Receivers MUST tolerate any sequence of bytes; including null
> bytes
>   at any position; in an unknown extension's extension-value.
> or
>  In particular, applications MUST  tolerate any sequence of bytes;
> including
>  null bytes at any position;  in an unknown extension's extension-value.
>
> Use of punctuation is not my strongest point, but I am reasonably certain
> that
> use of ";" is not correct here. I think you should use (). Otherwise these
> sentences are reading as a list of 3 things, yet in both cases the 3rd is a
> continuation of the 1st.
>
> 2) In Section 2.5:
>
>  The relative order in which extensions appear in an
>   EXT_INFO message MUST be ignored by default; but an extension MAY
>   specify that the order matters for that extension, in a specific way.
>
> Can you provide an example of why depending on order would be useful? This
> potentially makes it harder to implement.
>
> In several places you use EXT_INFO instead of SSH_MSG_EXT_INFO. It would be
> less confusing if you used the latter consistently everywhere.
>
> 3) In 3.1:
>
>   This extension is sent by the server, and contains a list of public
>   key algorithms that the server is able to process as part of a
>   "publickey" authentication request. If a client sends this extension,
>   the server MAY ignore it, and MAY disconnect.
>
> Why would the client disconnect when seeing this extension? Does it mean
> it is
> broken?
>
> Also, as the client can always disconnect at any point, why mentioning this
> here?
>
>   If a server does not send this extension, a client MUST NOT make any
>   assumptions about the server's public key algorithm support, and MAY
>   proceed with authentication requests using trial and error. Note that
>   implementations are known to exist that apply authentication penalties
>   if the client attempts to use an unexpected public key algorithm.
>
> Can you elaborate on what do you mean by "authentication penalties" in this
> context?
>
>
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle
>

v2.23.0 | Report a Bug | By Email