IETF Logo Mail Archive

[Curdle] Time for SSH3?

John Mattsson <john.mattsson@ericsson.com> Wed, 20 December 2023 10:36 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76D15C14F5FE; Wed, 20 Dec 2023 02:36:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.109
X-Spam-Level:
X-Spam-Status: No, score=-7.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yxrSRWK1j_m7; Wed, 20 Dec 2023 02:36:30 -0800 (PST)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on2085.outbound.protection.outlook.com [40.107.8.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0013EC14F5FB; Wed, 20 Dec 2023 02:36:29 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=k4yfsDw8EtrKdEELjd3K7/wnUh3+lsGOWy0gU21sKdnDI+mMehokYM6lu9UyxCS3dEyCpCVplxT+Mt8EW4hmNv5zfuUYbJe/eQOo5nNsk98hM6FxwwsaKNpDQpNXWxIo51Fk8Uv1N5d7aa6Ejr4Jhhx56jE2Z/LjQQN4SlGOHZTVyklJkL+3PBT8QhbFXNPn9NbSoFojWKDN/kFKIIdu2f9T8tLEjqxVVea0dj4rPE5RD1R/eGKZzuvEHbMIwoOo0cHCME7kXy3LMJYV263U7m9zwTHfoHHRbnjvKDEwSSi6TYtsmLTWy/8+DQ5XCoRvcIrNcy/xfk8lDelABd/8Lg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=aiHreLrL2MhGdJ5L3nt/eCJ10P0o7ykvRIScDDZOWNo=; b=Dtvqp8pKlDVxKv4j+JAV5AZ/1W4yI2/cqhJKuQ2Ca4BIYr68rT1TQ9fcv/BiRZgBBYGRyNNzKdVrM4vvC1KxXajx2yewBMoZ9wAGqacpcCYralKZyeM+qozjtG3eOL4uG86KprRYRojpOWCP5i0aPO2dZOsqCyW20+Q0Sp1IH0pMTb1bSa875DtqeCbuut+Ig2j7J2cc4LdzYiR6/tKKQNZK6ZlU5ggXn34dtSqHwmBD0SgqFmYTc5JlGPOLTLqpUEbIKfPWjQ3zXdb7d7mSJiYip3xz0fkfh9ZadzftMnvqMoApSl+IZc/92uqhXILNtKfgaf2TsEU5fHQkShPteQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aiHreLrL2MhGdJ5L3nt/eCJ10P0o7ykvRIScDDZOWNo=; b=quQkZ/wM5mGmPabs7T7AbNgSbEyZdWmCqPPkMkfBgkfAClXfGexrGowS9oTM5901HinzhkG11pJw5141B4CjSr3uqXhQ5cnx/DNPCDA3lmjpbcF6CaZ8UH9zZTJhF7ZqG5PezDjAyXGU6/T5pF66Vp+2VMKNvCulmfPczyNqJ9VNjKtrSmgpD0LVKuoO6wQDztTibE4hW3QsuMyVu8+mhYVNfNX0mmI0HfPfbovIc154ldvtNpJHGVOEAHiXJfxMYYqd9myFq7pE99iqfZZTnLdK+WfgPZxGP54qTPYa7lZU3LzEh8OR5FMQba8MCcfxo+YyPPsEhWaw1q4K2d+0TA==
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by GVXPR07MB9773.eurprd07.prod.outlook.com (2603:10a6:150:115::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7091.38; Wed, 20 Dec 2023 10:36:26 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::5b7e:93e:145a:7cbb]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::5b7e:93e:145a:7cbb%2]) with mapi id 15.20.7091.034; Wed, 20 Dec 2023 10:36:26 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: saag <saag@ietf.org>, "curdle@ietf.org" <curdle@ietf.org>
Thread-Topic: Time for SSH3?
Thread-Index: AQHaMy5mbhsuFmqslEGvkPxSGLInyA==
Date: Wed, 20 Dec 2023 10:36:26 +0000
Message-ID: <GVXPR07MB96789816DE49A02D46AC25628996A@GVXPR07MB9678.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|GVXPR07MB9773:EE_
x-ms-office365-filtering-correlation-id: 98dd3a02-faf6-44c2-b3f4-08dc014784c4
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: dUU2/A4zHObRGqg/3uYt6HrbRLlUFUxFes5F+OrA6qri8eFTaK0yUG1jaE9FugH37c/Fy8XmV/zQS9nzvDZiRH8AoyMKNMyp7ihk92+5GOzDw+ycHYlBpfmoqb0PMPmYDnB+KL74i4jytMLsRb1vkimMKXrlMy2efwR4nf/EvEUZOGbK2qyBQi69zO53QPYras6VyjtBrReG7hgpQyUI6ZwLGVbe+WnUmaZ38eYNA+Y0kRJORi7zVh8hpnN1dmhG7QB0bOUhwK6J9UVCb9Q9cvpjyd6pMt9F40U6kAzhagzbekpwha13kpYPqiCW6FQ7RO0jz6l3pwkAp3yBGJyINBBCrIFpe1AuyUyWB+wYiUhxponB2K9EHG3jbVQSRCWEbRzRE8spJHFDHYnluBZBLpULAuh6F0ZqPF3b6slkhCt9K4OG8ux4+ocDaHo3ua0ApVHvPWxr+urD64TBcRdhhjnPfA+EWrVVyR9UCU1eLISCuip5h0tyXXYJz0ktEp2Qvusom1f0iglV+5tXdzKz/m8/QN6fiamGlwY/HY9o52qpt9VmQm97Y+eu5Ie/WRbOOeDoiZfrwPF45C/1zJ7cIhWrx62RXULq5AFZ8+eZafNEMInWiqtGkeW5RkzJmnwTcH8orLqHBB3ZC9TnQ55wrA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:GVXPR07MB9678.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(396003)(376002)(136003)(346002)(39860400002)(366004)(230922051799003)(64100799003)(1800799012)(451199024)(186009)(166002)(55016003)(82960400001)(38100700002)(122000001)(9686003)(66476007)(76116006)(64756008)(66946007)(66556008)(110136005)(33656002)(966005)(66446008)(316002)(8676002)(8936002)(44832011)(71200400001)(83380400001)(2906002)(52536014)(7116003)(450100002)(7696005)(4744005)(6506007)(38070700009)(26005)(478600001)(5660300002)(86362001)(41300700001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Qhs3Pzf5m+Y2OIStwTZZMromxnlpiPyHg2jnfpRlsUh9KCAlZme9R3gtvu+dMcli254yzKX30Q21HpaV7TzbuN0Vy8BkiSi9ucWldZx/LXYB1iWrwD2MP42NeXHkIq4jEGdSK9Xz35nizjBgJ4QGPZtQmc99js/w9L+7oYsmJ7wIa9EziQLaiCB0IVLpFX+uaPEkQLJnBisZWOAz8PLAklBsKmvvR92H7WM26tunjvpW3NQbQxTIrwJvIRZLAODJ2vW+/cNjUHRNSfyzF595M+ooq81w2KI1hj/PRlh7S3wBj0ong6AisuNY5CwEfYeMkxcrDnL3PZ0l1YYqg7wnEmkciBV5h+veydcYRFKbIJ1/VcJEM7AEh35Jgkv9eDeYCWcAJJIbQt03q2tVe6AyuY+vG9LB5vNtGR3jbQR30lqYUn5QJBLwegXQ/rTEcqLSxcMjWvOUtQ581YkvfrWG+/uVzY78NZLgrVfHjXxS2dFpdlS/IgoANZWTnkoVQ04ZxFR3AFDscwTKu9IfZ2ibQVTZyh3LRknHgMMNlxu9urKOHeMEZRG3qor0odR0M32o0kaagcprCkyA5uxkdgvJYWg+extA9b6JqNDg/M/te+d1N8uHMQLxF2YljnetmVM3lFIFBdk9l5jmcAYlLKSyCVpTXhpBwDTbNwXoZvgUBHTlENA3Ggok/zJ8G8omqzvzP2I8QzSMoymbP64QH9SBYdiTwO/F92zpJOI4xT0N2ptOmd5ksQOFGU8aJlxC9VOxU1DYbLuGEp/W5FALygyhCPqZ0GbUizEkTkdsDoNGlrxb1m2epvryEtJKMV+8UqsPq3GEGsyrr6DJUoTdp3xn/i+lt2YjxX2nSfhXzKf060NDpU8PFfXn1pkQ99R0oedDJMsCZuw/oMf1Ke4x2Gqys2a+oMqfgZQpAD1629akESeYL4yQh5LyhHgH0Y4x8CYUB9Z6moRj414QD/zbILWlZWHApacjUzhYSKKIODCMVnl/zPDrtCfVh7yqnPQbNxbMxfybGYz+nBpPQohH6YYCg1aMEpLo5DKNuxshMkthlZSzBfHPQtbS4LVZpWf5nlBC5p9cAWP3rJZPDVDnvJ4jWpf5hgkwNOFdNlcNMJGF11br+kvDq4iHSCOkRtOKEREwlbevFRwC02tJgJLyB0gxIIMh5mH1y04GJUbXrPvT/ptH2Y/EttF7H48Iqy8tAi0nZeo/kUfThNtNLaYNSeyah7pZMzdbu81SeV4YWJimuMCnafKYdEptvQJd6Qxbi1Xz1xpOMkDCiFYmQOrOZ/Qvl4U5wv6Gg6KeZjaSGagR55VwDAMH83i3J+nERwzJ0d55OuM1QkTZlc0vr66XbMXcQfu27dsJJfOOASGoFua23TPhKIeq2sf8GSsN8gtTN59sMwdQfdlhxDz0270ck8Uz0UUGte2gE6QMuyIUUHbtUfjmcuLZ4vvAQtRNtYqlf93FH9/iQAiytCtZIiTg6OLCzbpzIEHgU6xRr+GeBbzrWAX7ImZLR4pRncscycrhiiEeaCn3/odA37/MMI4iGjDu9q1Z7pOjtUUpGpd/2/oN9pWUJeYuSRfa5E5l2QxjXYNUlIkNK7pDNdAkm0e2319ol0OV6M4RQia9xpnoTHm8ZfE=
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB96789816DE49A02D46AC25628996AGVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 98dd3a02-faf6-44c2-b3f4-08dc014784c4
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Dec 2023 10:36:26.0993 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: D3/k1xjDZlMPYnONwz23VAQcaEKOANBbm4HWYLo+lA1t4gL5bSy1hx7JCTwvaWNZE75PgiNvSPtOsuSkBzrdgqe2Qq5nOjg2ATDGZxlUl2k=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: GVXPR07MB9773
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/DchJS_7DgvrXsuRzSItL7Rp85w8>
Subject: [Curdle] Time for SSH3?
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Dec 2023 10:36:34 -0000

Hi,

SSH was just hit by a major vulnerability. The reasons are that SSH just like SSL 2.0 – TLS 1.2 is built on a very shaky ground. The TLS WG concluded that it was not enough to patch the old TLS and instead decided for the completely redesigned TLS 1.3 built on the theoretical foundation of the SIGMA-I protocol. I think everybody agrees this was the right decision.

https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/

I strongly think the right future for SSH is to not do more patching and instead move to SSH3 build on top of QUIC. One such proposal was recently published on arXiv.

https://arxiv.org/pdf/2312.08396.pdf

Cheers,
John Preuß Mattsson

v2.29.0 | Report a Bug | By Email | System Status