IETF Logo Mail Archive

Re: [Curdle] Kathleen Moriarty's Yes on draft-ietf-curdle-ssh-dh-group-exchange-05: (with COMMENT)

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Fri, 15 September 2017 18:59 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC80D1326FE; Fri, 15 Sep 2017 11:59:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yeA1385FSwd8; Fri, 15 Sep 2017 11:59:00 -0700 (PDT)
Received: from mail-pg0-x22c.google.com (mail-pg0-x22c.google.com [IPv6:2607:f8b0:400e:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1CF8C132D7B; Fri, 15 Sep 2017 11:59:00 -0700 (PDT)
Received: by mail-pg0-x22c.google.com with SMTP id v66so2010697pgb.5; Fri, 15 Sep 2017 11:59:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=jb0s/S561WSRETL74ZI/WIszP7Zdg0as+DO4tU0/JuE=; b=ckS4jPg+ei8sTidyFcfX9ObiSS+hFSakFdq9pCGTvNRkPsd+RSCkBDOV7lZ4wwTkDy 2xZj6RgYVxF0rgSSpklwLEXw1mP8M+SICEYijSR3cUTSZLJKgdOXqS59RGrzkWQd+tpn SYJY3eOd/g+/UmqM8O8dJUV27p4jcKCAvBt8VJB4uMSlfV+vE4WuzgUdMcQU75GNtkpZ qvBFvsK1cn0aQAiaC4nAVcspSkDiJ9xzE1kJSVyY0r+bwzQ7LVTxVvSEZHdkL0cW6PNc 2P4hR2KYspRx/TcTz81v+GdQqp6+Ane4etp8/AwDecz/mPJsgAxtp+QPlSBDinf+O+Vd IwOQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=jb0s/S561WSRETL74ZI/WIszP7Zdg0as+DO4tU0/JuE=; b=Bas4NBx7vhgQBOus3X2cz3QvTfqP0byjxhfraLOBmduYPyk35jKVwUtACFT2EnOljD kldCriUY2jU0JW1+9qf5RwWdiBqJZNAPzj0cQn7zzdtK6V1UNv+Xd3iK9bWAdMqsRTlH f+O7IbpIw/VRWX+B35QUUaeecD2ypxdAMcU+WaXnd1O4FtoIl/Ughl51Oz/mhgUNlaC3 eC2Fd9N77juvTIGWMmoXFXsJuJCh1CQQ6I1KhB588C0wKtP2t2tSBc3ZDm/1AIsAafEi qP+BuKIxhBsdKyzqEuIGtSr7oWiY/qnVJpcz39KgmCL0kMkSCISgY7tb31yiDQspmlfA /Wcw==
X-Gm-Message-State: AHPjjUiTP9+avThlL8RCGAp4zgjGTdlgMQADZ4wemCumTwntOMtXDszV 3b1C9G3lWFDDY/eGl0/jju+cMPtqMvy4Ulpc6Lk=
X-Google-Smtp-Source: ADKCNb4zyOvpmcOxjnXd1+3UM8w491sapo08nDbEghqdLggSr4TcOZhWW5LLFV44kTJPPFzYyqevQfJD1635egd/ZIc=
X-Received: by 10.98.68.206 with SMTP id m75mr25964964pfi.163.1505501939660; Fri, 15 Sep 2017 11:58:59 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.144.1 with HTTP; Fri, 15 Sep 2017 11:58:19 -0700 (PDT)
In-Reply-To: <73822.1505499925@eng-mail01.juniper.net>
References: <150532612778.30489.12003202456500621755.idtracker@ietfa.amsl.com> <CAFDEUTdXRo4MG2=RR+gB0yYpnr1o229qpp+aOaMaDPc6qmnogg@mail.gmail.com> <CAKKJt-etZb1nnXuhxsDZVu2oRUaqUxyD3-xG_0gVVOaQZdZqbQ@mail.gmail.com> <7EAB674F-C7F9-41B1-B362-721F47B86914@gmail.com> <E44A4C52-F926-47FB-B6EA-788F0441A1B7@akamai.com> <B0BF79C2-D43D-429A-9089-0DD46CF74FBF@gmail.com> <8D12EBA0-06FE-499E-BD29-ED83D30FA02B@akamai.com> <73822.1505499925@eng-mail01.juniper.net>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Fri, 15 Sep 2017 14:58:19 -0400
Message-ID: <CAHbuEH7PLRbWyTcuvk=i9kfcoPiFjzqRmCQoJJztkTfBhwP-kA@mail.gmail.com>
To: "Mark D. Baushke" <mdb@juniper.net>
Cc: "Salz, Rich" <rsalz@akamai.com>, Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>, Loganaden Velvindron <logan@hackers.mu>, draft-ietf-curdle-ssh-dh-group-exchange <draft-ietf-curdle-ssh-dh-group-exchange@ietf.org>, curdle <curdle@ietf.org>, curdle <curdle-chairs@ietf.org>, The IESG <iesg@ietf.org>, Daniel Migault <daniel.migault@ericsson.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/Dj2UjIMt7if8Q-vokFigW48BSpQ>
Subject: Re: [Curdle] Kathleen Moriarty's Yes on draft-ietf-curdle-ssh-dh-group-exchange-05: (with COMMENT)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Sep 2017 18:59:02 -0000

Mark,

Thanks for your detailed response, I appreciate it.  Inline.

On Fri, Sep 15, 2017 at 2:25 PM, Mark D. Baushke <mdb@juniper.net> wrote:
> Salz, Rich <rsalz@akamai.com> writes:
>
>> ➢ Ok, so why can't that just be done the next time the deployed base
>> > is ready? Is there a reason why the deployed base needs to be
>> > compliant with this RFC? Or will making 2048 a MUST help to drive the
>> > change?
>>
>> That’s an excellent question; I think Dennis and other authors should
>> reply ☺
>
> My biggest change for the core SSH protocol is that governmental
> agencies are mandating compliance to the standards if SSH is to be used
> in a product. By updating the standards from a SHOULD to a MUST without
> consideration for a large installed base of embedded equipment, we may
> find that many products are being excluded from being used when the
> 'standard' they define is bumped.

Embedded equipment is a tough problem.  So for this, your worried
about new purchases.  Sales should go way down with the SHOULD at this
point and I wouldn't let an organization I managed chose a product
that didn't support the minimum recommendation at this point, so it is
really an issue if there is no competitor and the only choice doesn't
meet the minimum SHOULD.  If it's already purchased, then we are
talking an audit issue and possibly not having funds to buy  some
million dollar piece of equipment that happens to support less than
2048.  Hmm, in the past, I've done thing to mitigate threats like
isolating such hosts when the threat warranted measures.  I see your
point, I'm just trying to walk through real instances of issues to
make sure we are considering options well.

>
> For draft-ietf-curdle-ssh-dh-group-exchange, RFC4419 does not use the
> word "MUST" for the current 1024 bit value. So, in this case, just
> updating a SHOULD from a SHOULD seems reasonable to me. If it were a
> MUST, then I would probably advocate for SHOULD NOT as the step down.
>
> For example, I would have no objection to adding text which says that
> the min value in the SSH_MSG_KEY_DH_GEX_REQUEST SHOULD NOT be less than
> 2048.
>
> fwiw: I also suspect that 2048 will not survive more than another couple
> of years and would not mind saying that "n SHOULD be 3072 or greater". I
> do not believe that view is accepted by everyone, so 2048 bits is what
> is in place for now.

Hmm, than it would be good to make a note of this so those who are
replacing embedded equipment make the leap to a higher value than
2048.  This can be in the non normative text.

>
> I worry more about more of core SSH compliance changes.
>
> For example, diffie-hellman-group1-sha1 which is in the original SSH
> RFCs as a MUST implement is too weak. My draft moves it from a MUST
> implement from the SSH core standards to a SHOULD NOT. I stopped short
> of going to a MUST NOT as I believe there needs to be a transition
> period for the implementations out there to become compliant. I say this
> because I have observed some standards (NIAP an Common Criteria)
> currently want exact complaince to the standand RFCs they list. For a
> large embedded installed base, it will likely take a long time for those
> boxes to be updated (if they even can be updated in all cases).
>
> Is SHOULD NOT stronger than SHOULD? It may not be, but somehow it feels
> stronger...

It's technically not, but I see what you are saying.

There are a few published RFCs (I think some CMS RFCs) that took on a
notion of SHOULD - and SHOULD + as well as MUST + MUST -.  I see the
JOSE algorithms RFC also uses recommended + and recommended -.  The
minus shows that although this is kinda okay now, it really isn't
recommended and shouldn't be in new products.

Do you think that approach could help to allow some flexibility, but
also show 1024 is on it's way out the door and 2048 will follow soon?

Thanks,
Kathleen
>
> The above is my personal opinion and may not represent that of the
> company with which I am affiliated.
>
>         -- Mark



-- 

Best regards,
Kathleen

v2.23.0 | Report a Bug | By Email