IETF Logo Mail Archive

Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?

"Salz, Rich" <rsalz@akamai.com> Sat, 11 July 2020 18:40 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFC133A1158; Sat, 11 Jul 2020 11:40:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Puuxd9i2FIC0; Sat, 11 Jul 2020 11:40:56 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5316F3A1156; Sat, 11 Jul 2020 11:40:56 -0700 (PDT)
Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.16.0.42/8.16.0.42) with SMTP id 06BIetH6022361; Sat, 11 Jul 2020 19:40:55 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=eRxEXME9IWmwbFpmNzfUDAy5MM6f6tIP0+w1XaMX+dw=; b=F6vtgz2nvNxfa2AsmUuucoLIAha2Dp0ZrTRWFskYkNDYWLDmtZrvu4DzdzBI8BgTuVFh 2VrzSZDv3kbJntauOJ3bqcM9H1aXYD6dbZiwtlWDFgTXOOzbbJl/Eb0wu9TRrzoJ4YHL gP+JSgGMuN/CBIqMy7eOW9AkrW7pUDIRyZ4GNp9pOIqKGYLK2o2paFrTWvjA+aXgu5lZ TKjMJyUxemZQGgpgoQSDqEKX2Ir4tbUsUZJGpjvLTOhYDx/hqu5AIi95asJJQ/ci9V2y V8WYX9TQVbBDgHX1gDfcsnYzJN1JeDV0d4hTPealWT2KnPk6t7dqaeRv39SP/znBvOVt Tw==
Received: from prod-mail-ppoint4 (a72-247-45-32.deploy.static.akamaitechnologies.com [72.247.45.32] (may be forged)) by m0050102.ppops.net-00190b01. with ESMTP id 327aayxvu9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 11 Jul 2020 19:40:55 +0100
Received: from pps.filterd (prod-mail-ppoint4.akamai.com [127.0.0.1]) by prod-mail-ppoint4.akamai.com (8.16.0.42/8.16.0.42) with SMTP id 06BIafib004807; Sat, 11 Jul 2020 14:40:54 -0400
Received: from email.msg.corp.akamai.com ([172.27.165.116]) by prod-mail-ppoint4.akamai.com with ESMTP id 3278rxb5m8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Sat, 11 Jul 2020 14:40:54 -0400
Received: from USTX2EX-DAG1MB3.msg.corp.akamai.com (172.27.165.121) by ustx2ex-dag1mb1.msg.corp.akamai.com (172.27.165.119) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sat, 11 Jul 2020 13:40:53 -0500
Received: from USTX2EX-DAG1MB3.msg.corp.akamai.com ([172.27.165.121]) by ustx2ex-dag1mb3.msg.corp.akamai.com ([172.27.165.121]) with mapi id 15.00.1497.006; Sat, 11 Jul 2020 13:40:53 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: denis bider <denisbider.ietf@gmail.com>, curdle <curdle@ietf.org>, curdle-chairs <curdle-chairs@ietf.org>
Thread-Topic: State of draft-ietf-curdle-ssh-kex-sha2?
Thread-Index: AQHWV6bgpwQBtcqBFky+EC4tQ/Oyp6kCxtAAgAAAQQA=
Date: Sat, 11 Jul 2020 18:40:51 +0000
Message-ID: <92C754DA-8E91-4F30-ACCA-65462AEA91C2@akamai.com>
References: <CADPMZDB8oXAg0g0oJvZmkK1XPhb28SQPnxwRmL9umzFXkH0ogQ@mail.gmail.com> <A7586F04-1469-4376-80A4-FD4860A52E3E@akamai.com>
In-Reply-To: <A7586F04-1469-4376-80A4-FD4860A52E3E@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.38.20061401
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.46.184]
Content-Type: multipart/alternative; boundary="_000_92C754DA8E914F30ACCA65462AEA91C2akamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-07-11_13:2020-07-10, 2020-07-11 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 mlxscore=0 malwarescore=0 adultscore=0 mlxlogscore=951 spamscore=0 bulkscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2007110145
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-07-11_13:2020-07-10, 2020-07-11 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 adultscore=0 mlxlogscore=893 malwarescore=0 spamscore=0 impostorscore=0 clxscore=1015 bulkscore=0 mlxscore=0 priorityscore=1501 suspectscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2007110146
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/IQovRpdQHYPmEcA8_J39lDNP0QA>
Subject: Re: [Curdle] State of draft-ietf-curdle-ssh-kex-sha2?
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Jul 2020 18:40:58 -0000

See also https://mailarchive.ietf.org/arch/msg/curdle/Bmt_100BMUuVyUhNyNzVPVyGvlY/


From: Rich Salz <rsalz@akamai.com>
Date: Saturday, July 11, 2020 at 2:40 PM



  *   https://datatracker.ietf.org/doc/draft-ietf-curdle-ssh-kex-sha2/<https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dietf-2Dcurdle-2Dssh-2Dkex-2Dsha2_&d=DwMGaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=kjk-1wS-Ba-rq_gcvu8q7wovDKLrzWDAVRonYiTwXlE&s=jf8FE6xiVFlcTnjy75cR7kGwVzruFFQrlh3g3LWJo7Q&e=>


  *   This seems to be an important draft which would standardize the current use of key exchange algorithms in SSH. However, it looks like no changes have been made in 2.5 years?

Looks like there was some AD feedback that was never addressed; see https://mailarchive.ietf.org/arch/msg/curdle/kf-iCb-o3yyxKLvH_pnGsxq7FVo/<https://urldefense.proofpoint.com/v2/url?u=https-3A__mailarchive.ietf.org_arch_msg_curdle_kf-2DiCb-2Do3yyxKLvH-5FpnGsxq7FVo_&d=DwMGaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=kjk-1wS-Ba-rq_gcvu8q7wovDKLrzWDAVRonYiTwXlE&s=fM_bC5zY2gVxjSNwflusaIOqfzgI6yUlPiGeN3R_e0w&e=>
(roughly a year ago).  I guess the chairs (myself included) let this fall through the cracks.

v2.23.0 | Report a Bug | By Email