Re: [Curdle] Comments on draft-ietf-curdle-ssh-ext-info
Peter Gutmann <pgut001@cs.auckland.ac.nz> Tue, 11 April 2017 00:11 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17CC4126D05 for <curdle@ietfa.amsl.com>; Mon, 10 Apr 2017 17:11:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MF6nns91rSs5 for <curdle@ietfa.amsl.com>; Mon, 10 Apr 2017 17:11:12 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1F0C124C27 for <curdle@ietf.org>; Mon, 10 Apr 2017 17:11:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1491869471; x=1523405471; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=SY9ouhn8GIsRJ8iMKUfLKX2ozzqfVisDr+IxGluPVWg=; b=hJ8qw0kVCDUXGqvUFGV+pZG41k3QAvCY8x+iMURjqwcG1+K2ESZeOWmn GvJCrIJ5oUA7dT+HDiyGzt2t67LLmA0KuvKdGbF9KP7Oy/B45ealG8N2/ ULJiIPMJwtmmd4BvwcuIXO6h5e4bNW2YdLUjmq1mEp/nVzqCc8sxc0c8a AMWgCPigIlvXtz5l91wzC0GbnaR8IwBEjzj6Oy6XRaK16hqvwKUZ7aMfE wxyV7IwhX5dk58gf3ZVzVdJ6r42qkmd4Iwb9u3Fkr25xNPRZf3wzMsEum Xsm5wyxK+n+OIO5hPieSWxXCOwznMKncW1uw4rSwKNWt8IaFFr3blMs6q A==;
X-IronPort-AV: E=Sophos;i="5.37,184,1488798000"; d="scan'208";a="149156528"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.3.2 - Outgoing - Outgoing
Received: from smtp.uoa.auckland.ac.nz (HELO uxcn13-tdc-a.UoA.auckland.ac.nz) ([10.6.3.2]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 11 Apr 2017 12:11:07 +1200
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-tdc-a.UoA.auckland.ac.nz (10.6.3.22) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Tue, 11 Apr 2017 12:11:06 +1200
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) with mapi id 15.00.1263.000; Tue, 11 Apr 2017 12:11:06 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: denis bider <denisbider.ietf@gmail.com>
CC: curdle <curdle@ietf.org>
Thread-Topic: [Curdle] Comments on draft-ietf-curdle-ssh-ext-info
Thread-Index: AQHSn+vj75AP59wDbUy5ryRiOFPQYKGb4DhQgAWgX4CAA91Jyf//yxWAgBMy0XmAAFvPgIACNyu///+1xACABMuyxg==
Date: Tue, 11 Apr 2017 00:11:06 +0000
Message-ID: <1491869463837.53839@cs.auckland.ac.nz>
References: <2DD56D786E600F45AC6BDE7DA4E8A8C118BA5A70@eusaamb107.ericsson.se> <1489827654266.43895@cs.auckland.ac.nz> <50977E6A3D174856B8DAF264C3CB81E8@Khan> <1489914378158.63423@cs.auckland.ac.nz> <74B4C5B2AFD644748A0E1B0957A22C96@Khan> <1490436136828.60577@cs.auckland.ac.nz> <76BA84F1D47F476A8DB5C8CC42AA1B57@Khan> <1491480250094.74577@cs.auckland.ac.nz> <CADPMZDDG1X4awEQiigM5rocLs3Qbvup-NyaaU7J+DcW+o60zPQ@mail.gmail.com> <1491621835513.71448@cs.auckland.ac.nz>, <CADPMZDCqK-bocB5qaz6Vqj7+NHfqgeL6qCzEXhm1nE5g_PTVCQ@mail.gmail.com>
In-Reply-To: <CADPMZDCqK-bocB5qaz6Vqj7+NHfqgeL6qCzEXhm1nE5g_PTVCQ@mail.gmail.com>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/BL6-6WYODf5viXV0EzRmIpa7AK0>
Subject: Re: [Curdle] Comments on draft-ietf-curdle-ssh-ext-info
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Apr 2017 00:11:14 -0000
denis bider <denisbider.ietf@gmail.com> writes: >According to the link provided by Eric, Zero-RTT in TLS is a concept that >does not even exist in SSH. Yeah, as I said, I was reasoning by analogy, that there were concerns in TLS about sending data before mutual confirmation of crypto parameters had taken place. Obviously SSH isn't TLS, but in this case it would also be sending data before the mutual conf. had occurred, i.e. before the other side's NEWKEYS had been received. >As-is, the "no-flow-control" extension already dictates there will be no more >than one concurrent channel. What do you have in mind beyond that? Hmm, but the text around it is a bit confusing, it says "MUST refuse" (= MUST NOT I assume?) but then immediately follows it with SHOULD allow it, so it doesn't really appear to say "only one channel". That text really is confusing since it contradicts itself across the two sentences. What about replacing it with: Implementations MUST NOT open more than one simultaneous channel when this extension is in effect. Peter.
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… Eric Rescorla
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… denis bider
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… denis bider
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… Peter Gutmann
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… Peter Gutmann
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… Peter Gutmann
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… denis bider
- [Curdle] Multiple WGLC Daniel Migault
- Re: [Curdle] Multiple WGLC Peter Gutmann
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… denis bider (Bitvise)
- Re: [Curdle] Multiple WGLC Mark D. Baushke
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… Benjamin Kaduk
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… Peter Gutmann
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… denis bider (Bitvise)
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… Peter Gutmann
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… denis bider (Bitvise)
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… Peter Gutmann
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… denis bider
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… Eric Rescorla