Re: [Curdle] AD Review: draft-ietf-curdle-ssh-ext-info-00.txt
denis bider <denisbider.ietf@gmail.com> Mon, 19 June 2017 16:13 UTC
Return-Path: <denisbider.ietf@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0EBE131546 for <curdle@ietfa.amsl.com>; Mon, 19 Jun 2017 09:13:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id doi8NYFrzu_F for <curdle@ietfa.amsl.com>; Mon, 19 Jun 2017 09:13:20 -0700 (PDT)
Received: from mail-yw0-x22b.google.com (mail-yw0-x22b.google.com [IPv6:2607:f8b0:4002:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3AC1F1314D0 for <curdle@ietf.org>; Mon, 19 Jun 2017 09:13:20 -0700 (PDT)
Received: by mail-yw0-x22b.google.com with SMTP id 63so42346952ywr.0 for <curdle@ietf.org>; Mon, 19 Jun 2017 09:13:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=W/BX5xDITJ/Oy3eaHeXbPeZZhu3wnk3tiqU3z+MZGNo=; b=tOkffzeWuCQ4GRvHAozTFYuh41s/VLe5AUCy4od0zhv9WapEGY8UkICx6B2/lIZ+yL hCbUn7HJxucmLmaesx2aKDKipKKFbbCmibkEm6yEo26xu9zG8W9+fzPYnVxDtn3aesVD zESzpFnIHefDAe5LBRz8bVztT/2Ym6M4rZ/RKNmvjpvFhnsx41bA3L5BXFW+c0T4YFqP 6zE9H3omPzjYsBbGWFqOq8QZ0alOnHwwPxfhA+luB1W2ux0e+5ZY73lALirC5n7Vo+Ho ceMv0IV4bemKnc4CoXts5oKDMW9Brp0nmBqmhNN4J7didkAeekishJB4fMpHgLcM7wZJ VEMw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=W/BX5xDITJ/Oy3eaHeXbPeZZhu3wnk3tiqU3z+MZGNo=; b=SSonXKgOz00uqA9/I5qH/CfarvrYXlTzwbzroSh+XVuSis2U2xx44xOyGclT5yD/vN QMHVpyrdN6m++LKnnmw+iTypmAOVORUXNHegiUDcYLbTXqmK39r1XOOWXwdfFcRVms2s VgbpXQDE/uXq0Yvii9A9hLO7WkewpOZFLVLlYS94KJwz2kRGg+Vns70xi9h66giD5xbu XW7qTz2QRkwonJAgx8J45IAjjv9lvn7IyYu5uJJnI7Qhtwn9M1uwOT5VqZ6mCf+XQ7Oo a1S/izdKpQ/ZZBKSqHH5oSvgxRg1T2h5qmXqbI3dtWaDfJhy6Uv5tqpVg1XG+Kd2Yv2n ZYdQ==
X-Gm-Message-State: AKS2vOzY3o2+OJXrhXrzN+agm95S4oUBB1+L57HUe8UuLbvky82ZM+pb 3Z7kJw965Egt9HKTG+Ajx8nOoBdIGA==
X-Received: by 10.13.230.212 with SMTP id p203mr18396165ywe.237.1497888799383; Mon, 19 Jun 2017 09:13:19 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.45.2 with HTTP; Mon, 19 Jun 2017 09:13:19 -0700 (PDT)
In-Reply-To: <CABcZeBPHNrDh4pNUMEB0UWw+uH13g4zUDYLrwirz8jCaoh8XLA@mail.gmail.com>
References: <CABcZeBPHNrDh4pNUMEB0UWw+uH13g4zUDYLrwirz8jCaoh8XLA@mail.gmail.com>
From: denis bider <denisbider.ietf@gmail.com>
Date: Mon, 19 Jun 2017 10:13:19 -0600
Message-ID: <CADPMZDD8PEV7MzF2ObHk5pHGE4v+VXSj2HcKnhLr4bQNuvrfVg@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: curdle <curdle@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c087df2cce9c10552526945"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/EHJvlW67MsC2KejJGoqYFCHmuus>
Subject: Re: [Curdle] AD Review: draft-ietf-curdle-ssh-ext-info-00.txt
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Jun 2017 16:13:24 -0000
> Can you explain what "neutral" means? Rephrased as: "The indicator names inserted by the client and server are different to ensure these names will not produce a match, and therefore not affect the algorithm chosen in key exchange algorithm negotiation." > Can a server send ext-info-s if it did not receive ext-info-c? Certainly. RFC 4253 makes no suggestions that either client or server should wait for the other with their KEXINIT packet. The server is free to send KEXINIT before receiving anything from the client. I have made this clearer by elaborating Section 2.2. > You need a citation for "elevated." I have added the following paragraph: "The terms "elevation" and "elevated" refer to an operating system mechanism where an administrator user's logon session is associated with two security contexts: one limited, and one with administrative rights. To "elevate" such a session is to activate the security context with full administrative rights. For more information about this mechanism on Windows, see also [WINADMIN] and [WINTOKEN]." The informative references are: WINADMIN: https://blogs.msdn.microsoft.com/winsdk/2013/03/22/how-to-launch-a-process-as-a-full-administrator-when-uac-is-enabled/ WINTOKEN: https://msdn.microsoft.com/en-us/library/windows/desktop/bb530718.aspx denis On Sat, Jun 17, 2017 at 1:37 PM, Eric Rescorla <ekr@rtfm.com> wrote: > > S 2.1. > The indicator names inserted by the client and server are different to > ensure that these names will not produce a match, and will be neutral > with respect to key exchange algorithm negotiation. > > Can you explain what "neutral" means? > > > S 2.2. > If a client or server offers "ext-info-c" or "ext-info-s" > respectively, it must be prepared to accept a SSH_MSG_EXT_INFO message > from the peer. > > Can a server send ext-info-s if it did not receive ext-info-c? > > > S 3.4. > A client sends "y" to indicate its preference that the session should > be elevated; "n" to not be elevated; and "d" for the server to use its > default behavior. If a client does not send the "elevation" extension, > the server SHOULD act as if "d" was sent. > > You need a citation for "elevated." > > > > _______________________________________________ > Curdle mailing list > Curdle@ietf.org > https://www.ietf.org/mailman/listinfo/curdle > >
- [Curdle] AD Review: draft-ietf-curdle-ssh-ext-inf… Eric Rescorla
- Re: [Curdle] AD Review: draft-ietf-curdle-ssh-ext… denis bider
- Re: [Curdle] AD Review: draft-ietf-curdle-ssh-ext… Eric Rescorla