IETF Logo Mail Archive

Re: [Curdle] [saag] Time for SSH3?

Dmitry Belyavsky <beldmit@gmail.com> Wed, 20 December 2023 20:42 UTC

Return-Path: <beldmit@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 246E5C14F617; Wed, 20 Dec 2023 12:42:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PdRi7MkTLRCP; Wed, 20 Dec 2023 12:41:57 -0800 (PST)
Received: from mail-yb1-xb2e.google.com (mail-yb1-xb2e.google.com [IPv6:2607:f8b0:4864:20::b2e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 870F1C14F5EF; Wed, 20 Dec 2023 12:41:40 -0800 (PST)
Received: by mail-yb1-xb2e.google.com with SMTP id 3f1490d57ef6-dbd49d583e3so84402276.2; Wed, 20 Dec 2023 12:41:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1703104899; x=1703709699; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=tZZD38uiLBbAkuSFqgAV4yBAoS4EE7lkaQWUOrz69qs=; b=iOWwvhcZnOga6DLvNhxpTh6lYIecQADBDzOm5zPmwbaGrO9/6sY3JzLj+/P2r13n7J cuWQMDkwr/XrBs3f3jTK+Hz5AJUjuj+k38Gj0qyoW79VbaACTQZgq1Bu+OVrc5OtXj09 YZCcFcmixR+kQLQVcjbIt8tUPW4EfIv9K8Q91+U4nHMZnqIe2wYweq1YQqinuK4ewFpG sHputEFEjMh9Kbx/eNz/Wlq8CBmldfLraUi71QZZ6S7Jd2E3msnUc79/3QxaFmzsDDd2 BUkVpXvvPaZWSO/3YRRJx23vZ+RoOz5gFgqHMUndVsZlJFU25/xyv2JpXmeD/SdufStj 7wqg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703104899; x=1703709699; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=tZZD38uiLBbAkuSFqgAV4yBAoS4EE7lkaQWUOrz69qs=; b=MlYHED6ix3ks8vIJ5I5VCOwh8Opl0rhpBK36nh+thAiATNXIEe1AkI58XPlS2yxwiJ 1E4JmZ/ObLQgsYA373s2NWvP+cToOPZLWKoZ6aSu8DIxkpJghAN4QWAl6+zTwUd/W6ey dnKQ1FLM7kLuqkgUDFN6sBz7G1i99k8APyeH5QtwrevqEDYyF49uAb/AuSaoDffTUDaW TYdXt8X8fpOK//6XrwdPPydmmfJrfPFvLKLpjdp6hhb803+c3Gr7LB8qOU6DI+i4bH1r JqfHYJklQ9hWjwmC7BIApoSJUmZmez2KnovHBsByklBPqrXvz7+xix0ll9wtIxBBVVCj ME3A==
X-Gm-Message-State: AOJu0Yx9BZV6bEuqvnYrqGH/TMoUatj7EOEpc/CrNvrmsTo7pltcvQBZ VsZ0zD/xOVoqzgcnLB+k6cCjph0kcLtl1UCQFWGci13W
X-Google-Smtp-Source: AGHT+IFF1QBV1/l+6uNI2NRwzvr2z31EA64F+fyu3AjjgX9hd7UceQwSuCwevyGfooJMUEPmgAp9zGxAJ17AyS9FZgs=
X-Received: by 2002:a05:6902:161b:b0:dbd:b176:5796 with SMTP id bw27-20020a056902161b00b00dbdb1765796mr401718ybb.86.1703104899269; Wed, 20 Dec 2023 12:41:39 -0800 (PST)
MIME-Version: 1.0
References: <GVXPR07MB96789816DE49A02D46AC25628996A@GVXPR07MB9678.eurprd07.prod.outlook.com> <SY4PR01MB6251678A7FD714B5CDC26A8FEE96A@SY4PR01MB6251.ausprd01.prod.outlook.com> <30cd214d9666d142cd8987ead79d5b42.squirrel@mail.ihtfp.org> <20231220163501.GB297455@mit.edu> <2b86631f-1d3c-4a58-a668-233d36368a36@cs.tcd.ie> <CAPDSy+5=LjQ6Tk_s_-61dbSZ+Bd39OCQE9iyH+8fR3cv6ZfiMg@mail.gmail.com>
In-Reply-To: <CAPDSy+5=LjQ6Tk_s_-61dbSZ+Bd39OCQE9iyH+8fR3cv6ZfiMg@mail.gmail.com>
From: Dmitry Belyavsky <beldmit@gmail.com>
Date: Wed, 20 Dec 2023 21:41:27 +0100
Message-ID: <CADqLbz+HnA4UPcDPSm_-v9ih8N-F8P+meSeppwkNKW6-24FvYQ@mail.gmail.com>
To: David Schinazi <dschinazi.ietf@gmail.com>
Cc: saag <saag@ietf.org>, curdle@ietf.org
Content-Type: multipart/alternative; boundary="00000000000089493a060cf7026b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/9vYtm6HFrT02zMkFwHEy-Kv5cnA>
Subject: Re: [Curdle] [saag] Time for SSH3?
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Dec 2023 20:42:01 -0000

Well, TLS 1.3 had to be redesigned to mimic TLS 1.2 and got 50% sites
supporting it only in November 2021 despite all the advantages.

On Wed, 20 Dec 2023, 21:37 David Schinazi, <dschinazi.ietf@gmail.com> wrote:

> I wouldn't compare SSH2 -> SSH3 to IPv4 -> IPv6. IPv6 has been taking
> forever because it requires changing every router on the path. A better
> comparison would be TLS 1.2 -> TLS 1.3, or HTTP/2 -> HTTP/3, as those only
> required modifying the endpoints (for a specific definition of
> endpoint...). And that transition happened quite quickly. I do think it
> makes sense to consider rearchitecting SSH like we did for TLS, but I agree
> with Stephen that we'll need the developers of popular SSH stacks to be
> enthusiastic about such an effort for it to have any chance of success.
>
> David
>
> On Wed, Dec 20, 2023 at 8:37 AM Stephen Farrell <stephen.farrell@cs.tcd.ie>
> wrote:
>
>>
>>
>> On 20/12/2023 16:35, Theodore Ts'o wrote:
>> > Moreover, if IETF tries to standardize a completely incompatible
>> > protocol rewrite without close coperation with development team(s) of
>> > the dominant implementation(s), the precedent of IPv6 of taking
>> > **decades** to be fully rolled out may be the more relevant
>> > comparison.
>>
>> +1 - if the main developers of SSH implementations were up
>> for starting work on an SSH3, then it'd be a good plan. If
>> they're not, it'd likely be a bad plan.
>>
>> Cheers,
>> S.
>> _______________________________________________
>> Curdle mailing list
>> Curdle@ietf.org
>> https://www.ietf.org/mailman/listinfo/curdle
>>
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle
>

v2.29.0 | Report a Bug | By Email | System Status