Re: [Curdle] RSA key transport for SSH (RFC 4432) and forward secrecy

"Mark D. Baushke" <mdb@juniper.net> Thu, 11 February 2021 06:12 UTC

Return-Path: <mdb@juniper.net>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8500C3A12B9 for <curdle@ietfa.amsl.com>; Wed, 10 Feb 2021 22:12:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.359
X-Spam-Level:
X-Spam-Status: No, score=-3.359 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.25, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=FzkDE5md; dkim=pass (1024-bit key) header.d=juniper.net header.b=H0mdxV+z
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aIqB4mOZ1-8p for <curdle@ietfa.amsl.com>; Wed, 10 Feb 2021 22:12:32 -0800 (PST)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 377DE3A12B8 for <curdle@ietf.org>; Wed, 10 Feb 2021 22:12:32 -0800 (PST)
Received: from pps.filterd (m0108163.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 11B6992k003776; Wed, 10 Feb 2021 22:12:25 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : cc : subject : in-reply-to : references : from : mime-version : content-type : content-id : date : message-id; s=PPS1017; bh=VqD67CPmmhehdr0teYl/OiZ7A6jQ8/V3wxeea+t19tU=; b=FzkDE5mdMLU8ufIDQb7YwpIApCJEjL7WR1Cx5G04Onk/vpK2JMT4wnfjaNING8zm3VJN SQQPcLBNO3UlzybQLHByF/s/YNypSO1zE0vgFT/29KwsbPVpat/ktNfLx4CxzC4S16f3 JpL8z75Ph+HK/bJDNLujWnODVFHwPf1D0hre7tP6hQ9K9qBS976Bn05N/fQY7Fr8kbKS QtnOQq/ZA05P7FAzGRbjtnfCAO823Ngg3c1eeY1GCcmr7QqRXZLuAiwSMRu6Jaw21w2o /bJMfBWfjHVXnLBEvSq06Gfk4iSJZj+fz78hjhUQ2VYW8vGYKCzp/ZEGOAfAnxapyh52 sA==
Received: from nam04-mw2-obe.outbound.protection.outlook.com (mail-mw2nam08lp2176.outbound.protection.outlook.com [104.47.73.176]) by mx0b-00273201.pphosted.com with ESMTP id 36m5qh2fsm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 10 Feb 2021 22:12:25 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WBxOxzaTaJXYPYNbSCeVh2cuQ/yQXgi0qOFdEqZqBbc6nCreV5F0yqf2lKSm3tGBHPgBK3a13tN2OWC4+h3oA6F4GAWPBjmkquyiwTV8IXCG0jtGJnUYHp+OxSU3Nq8w4g0rRyhPnsKS+faosvuev3vcqwzCgqNTuVgBj6XzzPN1ZtjugPuspm3feUSo6r+Sl6X+zO4iFkFAWLqwy7tmlRDboNKs+qcvX/ZNdYnlC4lSLaOiWg9V3PqpMzoLBvdhZz9rSaH48ooBoQHWH0K7Pt2HvtM0gP9x5SjAG9K6BX2SxkHWJn9Gg9uAY8h2U9I+jmdx8e6MLoIiYvt3Nc9XAg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VqD67CPmmhehdr0teYl/OiZ7A6jQ8/V3wxeea+t19tU=; b=ZWniHPv3NoeBroj50EvFmlU23Mh9EVmgrXD50jiuKnjbZY76zloBOrCK8/S8hR8fZ1OYWG8md3/ZM6M7yiw9kjWFHTDQnC5JUrnyYWm5bEGAMGdjl+iU6LrgGTqqli5ttB1BC+Oxtdr415iRbf1AtE3QtpGt5TGT0VwtO7Wed5t839xLAbnC5mn7i+KNbKbbbtBw46rliqnBq5KdhWqH76UFrKT0Vtl77x57uqm7/hBgmvljKPGz6liPCqu0JTkKmhKohhXq3hj5r9WVTzJV95dT9wpiXIkJ3uV6w+WAD/uHX+PHqCaTezyMnVLQ+550bcw5eZ0k55i4ZHicCu5fiw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip is 66.129.239.13) smtp.rcpttodomain=mit.edu smtp.mailfrom=juniper.net; dmarc=fail (p=reject sp=reject pct=100) action=oreject header.from=juniper.net; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VqD67CPmmhehdr0teYl/OiZ7A6jQ8/V3wxeea+t19tU=; b=H0mdxV+zlX6BJnMmvh8h+q7V+XWtk2Pz5kIPIV8RoCWoMz+NIYq13ltum3uhU01BNi9bb9M5qoqjJX1r2UdNXlA3KvUXq2OR2GfDA+N9cbv+cJ/fLw2XXhC7kNK3gMK5Ltdzk9VjSw2kK3f7b8isN74vOD1WK6UZLIxLXESKhVU=
Received: from BN0PR02CA0011.namprd02.prod.outlook.com (2603:10b6:408:e4::16) by DM6PR05MB3994.namprd05.prod.outlook.com (2603:10b6:5:8c::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3846.18; Thu, 11 Feb 2021 06:12:22 +0000
Received: from BN8NAM12FT028.eop-nam12.prod.protection.outlook.com (2603:10b6:408:e4:cafe::df) by BN0PR02CA0011.outlook.office365.com (2603:10b6:408:e4::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3846.27 via Frontend Transport; Thu, 11 Feb 2021 06:12:22 +0000
X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is 66.129.239.13) smtp.mailfrom=juniper.net; mit.edu; dkim=none (message not signed) header.d=none;mit.edu; dmarc=fail action=oreject header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.13 as permitted sender)
Received: from P-EXFEND-EQX-02.jnpr.net (66.129.239.13) by BN8NAM12FT028.mail.protection.outlook.com (10.13.183.63) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3846.25 via Frontend Transport; Thu, 11 Feb 2021 06:12:22 +0000
Received: from P-EXBEND-EQX-01.jnpr.net (10.104.8.52) by P-EXFEND-EQX-02.jnpr.net (10.104.8.55) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 10 Feb 2021 22:12:21 -0800
Received: from P-EXBEND-EQX-02.jnpr.net (10.104.8.53) by P-EXBEND-EQX-01.jnpr.net (10.104.8.52) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 10 Feb 2021 22:12:16 -0800
Received: from p-mailhub01.juniper.net (10.104.20.6) by P-EXBEND-EQX-02.jnpr.net (10.104.8.53) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Wed, 10 Feb 2021 22:12:16 -0800
Received: from svl-bsdx-06.juniper.net (svl-bsdx-06.juniper.net [10.160.3.21]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id 11B6CEn8013504; Wed, 10 Feb 2021 22:12:15 -0800 (envelope-from mdb@juniper.net)
To: Simon Tatham <anakin@pobox.com>, Ron Frederick <ronf@timeheart.net>, Alexandre Becoulet <alexandre.becoulet@free.fr>
CC: Peter Gutmann <pgut001@cs.auckland.ac.nz>, Benjamin Kaduk <kaduk@mit.edu>, "curdle@ietf.org" <curdle@ietf.org>
In-Reply-To: <CAMzhQmPc4=3uQJ-dhN4pjQ1oit2Ad6Z1uck5PU3eNgOkH9u51w@mail.gmail.com>
References: <20210211042551.GV21@kduck.mit.edu> <1613018828089.63687@cs.auckland.ac.nz> <94759.1613022658@svl-bsdx-06.juniper.net> <CAMzhQmPc4=3uQJ-dhN4pjQ1oit2Ad6Z1uck5PU3eNgOkH9u51w@mail.gmail.com>
Comments: In-reply-to: Keith Winstein <keithw@mit.edu> message dated "Wed, 10 Feb 2021 22:01:36 -0800."
From: "Mark D. Baushke" <mdb@juniper.net>
X-Phone: +1 408 745-2952 (Office)
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
X-Face: #8D_6URD2G%vC.hzU<dI&#Y9szHj$'mGtUq&d=rXy^L$-=G_-LmZ^5!Fszk:yXZp$k\nTF? 8Up0!v/%1Q[(d?ES0mQW8dRCXi18gK)luJu)loHk, }4{Vi`yX?p?crF5o:LL{6#eiO:(E:YMxLXULB k|'a*EjN.B&L+[J!PhJ*aX0n:5/
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <94868.1613023934.1@svl-bsdx-06.juniper.net>
Date: Wed, 10 Feb 2021 22:12:14 -0800
Message-ID: <94872.1613023934@svl-bsdx-06.juniper.net>
X-EXCLAIMER-MD-CONFIG: e3cb0ff2-54e7-4646-8a04-0dae4ac7b136
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 03020f25-934d-41c3-8d04-08d8ce53fe9e
X-MS-TrafficTypeDiagnostic: DM6PR05MB3994:
X-Microsoft-Antispam-PRVS: <DM6PR05MB3994132889E659B909ACBD54BF8C9@DM6PR05MB3994.namprd05.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:7691;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 9f5Dmv1rTygPYPYxrmgO4aU1P79NJr5XgfI5DkuyvtH8naaRM1d4UVn23wOsaZzBpLxoSFYDfXijiF+BKXSxheyQpCDPUfh+iW/KI0mSfW32aOnilVzc0YHN8bm9QmEMkXThBkwzo3gbD57rD+6FX8bG1eTPOAUHFvu89JsNHlaCiXAm7HqazBAbK9pHD+khHohb2sCB7GtBnWolG4OEJO6fjXrWNGOoNoozByatRZUD1BqKP0aHHgM8RGnqR/YlKC2AoiDYXGeMumC+ax5b6sKeRoj4+LPfcDvmSXpLga44QfHGHV1msCGI1VZo8ya/BV4oSZVljF3QFHZGJC9zQFUCStHAOsykv6JPqKSll+NgdAAIpbPH2HUqL73w9raeCPmUPPOs2w/buftmdUPVYsvHtSbKwgIFzsZXrqLR0O+jExHEicV6zMQcfWpCuR0x8rhqO9ubMK3FeGeVZ+w6E/omDi8LIcTtvE1Qdh0rHrgVBBi4PZKLz2CUtv9LBaxFu1wQnaQkXb0B0/3s5XuPAocivKFdMEW/NWbTsnKy3a+ohpNBiSV7T3NzIfKmbIUdltQtxluMmIKXMjiaNFs0EmreL0qyORrOZaRHcgtbfeSpBwySEtuijc2v/VSw7U3uLI+/WwkBV2AG+kpe+nwIKyA3GzwASfI5VQ7kGTAPhMEorRfd+78shML0Ud3kH77F
X-Forefront-Antispam-Report: CIP:66.129.239.13; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:P-EXFEND-EQX-02.jnpr.net; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(4636009)(136003)(396003)(376002)(39860400002)(346002)(36840700001)(46966006)(81166007)(4326008)(47076005)(336012)(2906002)(426003)(26005)(186003)(7696005)(82740400003)(558084003)(8676002)(478600001)(356005)(8936002)(36860700001)(70206006)(54906003)(110136005)(82310400003)(316002)(86362001)(5660300002)(70586007)(36900700001); DIR:OUT; SFP:1102;
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Feb 2021 06:12:22.0807 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 03020f25-934d-41c3-8d04-08d8ce53fe9e
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.13]; Helo=[P-EXFEND-EQX-02.jnpr.net]
X-MS-Exchange-CrossTenant-AuthSource: BN8NAM12FT028.eop-nam12.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR05MB3994
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.737 definitions=2021-02-11_05:2021-02-10, 2021-02-11 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 phishscore=0 spamscore=0 bulkscore=0 mlxscore=0 mlxlogscore=719 adultscore=0 suspectscore=0 malwarescore=0 lowpriorityscore=0 impostorscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2102110053
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/A_o2Skay2LPwhyKhLv-tL4xhbjU>
Subject: Re: [Curdle] RSA key transport for SSH (RFC 4432) and forward secrecy
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Feb 2021 06:12:34 -0000

[moved to BCC: keithw@mit.edu, 
               Hari Balakrishnan <hari@mit.edu>du>, mosh-devel@mit.edu,]

Hi Keith,

It seems I had the wrong pointer for Mobile SSH. Thank you for the
correction.

	Be safe, stay healthy,
	-- Mark