IETF Logo Mail Archive

Re: [Curdle] Ben Campbell's Discuss on draft-ietf-curdle-ssh-ext-info-12: (with DISCUSS and COMMENT)

denis bider <denisbider.ietf@gmail.com> Thu, 14 September 2017 04:05 UTC

Return-Path: <denisbider.ietf@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3B0713309A; Wed, 13 Sep 2017 21:05:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ayVhcKaGs-_J; Wed, 13 Sep 2017 21:05:07 -0700 (PDT)
Received: from mail-lf0-x236.google.com (mail-lf0-x236.google.com [IPv6:2a00:1450:4010:c07::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97CC81330A3; Wed, 13 Sep 2017 21:05:06 -0700 (PDT)
Received: by mail-lf0-x236.google.com with SMTP id m199so5256371lfe.3; Wed, 13 Sep 2017 21:05:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=WQutboaleQqkhP1iA651/DU1IC9VVZvC6qkvPVU1+UU=; b=iFHCtIxRye11GYNPpXjhEkhy6yLUIsfgue0qEX3KD9hVgPyG6bFArBsdlak0pIPhb4 mD0S4ZNR6RAAdilLP2LXC2gYbNEXgUfVytNaDFdbl+ssdYjH3sqjKpUoQcuaGmoZma8u eQ1pdtfp/shDY7o6FLj6lageQLLHB3OYXj3cmBbPD84zUa3dXQWM8NC8fr2vtAowK1jm //Cw93AgHdK4/HaewVfzHPibzcbHi8pw5S1Gk6BH9J7iE+sEfCiE81gvMbDjdaKqKDwS TkbWWBto921SNd++GbACVh1NuA8AQEuCV8K+Hhbn1F2M1GATxljJBukJsat/aSKB4Ndr kIZw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=WQutboaleQqkhP1iA651/DU1IC9VVZvC6qkvPVU1+UU=; b=M2m9pi0YXhVcqaLSwOPnP/BTmIa06DgUDAGHxSIIEGxxWjc1v4IJ9oA28NLCiPRpvI ctcs6jvhkLjgF4F0W/+Aox/IZMh7LlUDKdL9pEAj6J8DRFoZHdMceaciZL6R2v6vfikA gqZwLsq1usB4gOgZFCqLXy8KdTfSG8O1Ybhd2rp3ZJeFS9ARQtDVPmq7LKcKHeyDBu+0 J7Zv5EHH4YVGOTM9AcOuyK1S2aSFhWHtMWeuNG8uc7FGn3ZTeWi6F2UXENx624BI77XV YAXQAcjWy+EjpjbRytoXxss7SmeVTuKHhavUT8eMXJzSEj1QAmQtBFgvIbjHzya/dAfw xqbw==
X-Gm-Message-State: AHPjjUh9An87NzFQZvbQZUt9YJhn0KsT3nDpbyFS684mvqucO3/jQDQ0 KQ7Nh68UvHsMWiV+D8NBATnB0zZuy9WYzSVRloA=
X-Google-Smtp-Source: AOwi7QCAX1takvvTlxRi+Qjqe5c++t+IwixVg4LmGwAeZnMdFVwRh3RuAxOXsXY6Zi4UF6XhHFYNhNmL4WwG5iD/7FE=
X-Received: by 10.25.219.216 with SMTP id t85mr8130642lfi.88.1505361904670; Wed, 13 Sep 2017 21:05:04 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.179.27.209 with HTTP; Wed, 13 Sep 2017 21:05:03 -0700 (PDT)
In-Reply-To: <150533102741.30467.13878869431655356929.idtracker@ietfa.amsl.com>
References: <150533102741.30467.13878869431655356929.idtracker@ietfa.amsl.com>
From: denis bider <denisbider.ietf@gmail.com>
Date: Wed, 13 Sep 2017 22:05:03 -0600
Message-ID: <CADPMZDD1ApUzELbNcG-WM3-EoSxGNppWP6mA6FoFr1Ga=a7x8A@mail.gmail.com>
To: Ben Campbell <ben@nostrum.com>
Cc: The IESG <iesg@ietf.org>, Daniel Migault <daniel.migault@ericsson.com>, curdle-chairs <curdle-chairs@ietf.org>, curdle <curdle@ietf.org>, draft-ietf-curdle-ssh-ext-info@ietf.org
Content-Type: multipart/alternative; boundary="94eb2c184a32961ca605591e61f9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/IiY2bz0rtjVeDwGM40yEkn7YPvA>
Subject: Re: [Curdle] Ben Campbell's Discuss on draft-ietf-curdle-ssh-ext-info-12: (with DISCUSS and COMMENT)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Sep 2017 04:05:10 -0000

> I don't think allowing specific extensions
> to add ordering requirement works.

OK, fair point.

That makes two votes against this. There is currently no known extension
that needs this, and if one does arise, there exist other possible
approaches for what is required. I have removed.


> 2.3: "This message is sent immediately after SSH_MSG_NEWKEYS,
> without delay." That seems to be contradicted in section 2.4, which
> talks about two other potential times.

True. I have substantially rewritten sections 2.3. and 2.4. so as to not
conflict, and to make this clearer.


> 2.5, 2nd paragraph: "or it MAY be sufficient that only one party
> includes it" That seems like a statement of fact rather than a grant
> of permission. If so, the 2119 MAY is not appropriate.

True. Changed to lowercase "can".


> -2.1, first paragraph: "Applications implementing this mechanism
> MUST add to the field "kex_algorithms", in their KEXINIT packet
> sent for the first key exchange, one of the following indicator names:"
> That's hard to parse.

I'm guessing you're not a German speaker. :) The issue raised here seems to
be that one needs to read to the end of the sentence to fully understand
what is being added ("one of the following indicator names").

No problem, rearranged sentence.


> -2.5, 2nd to last paragraph: "... applications MUST tolerate
> any sequence of bytes; including null bytes at any position;
> in an unknown extension’s extension-value."
> Redundant to similar normative statement in 2.3.

Aye, this is redundant on purpose. If this is not followed, it is
devastating to compatibility. OpenSSH in particular has this issue in
currently released versions (including 7.5, the latest). They stated
they'll fix this for 7.6, but a workaround is required to NOT send
extension-values containing null bytes to OpenSSH servers.

The bug is not on purpose, it's because they have multiple functions to
decode an SSH string - some that allow for binary data, some that don't.
They accidentally used the one that doesn't allow binary data to decode
extension-values.

That's bad - and easy to proliferate as long as the most commonly used
extensions don't exercise binary data. Fortunately, OpenSSH doesn't hide
its version string, so the compatibility workaround is straightforward.
That's not the case for all implementations.

This is super important not to miss. The spec is somewhat big, and
implementers might read one part at one time, and another part at another.
I would prefer that this is not missed by anyone.

denis



On Wed, Sep 13, 2017 at 1:30 PM, Ben Campbell <ben@nostrum.com> wrote:

> Ben Campbell has entered the following ballot position for
> draft-ietf-curdle-ssh-ext-info-12: Discuss
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-curdle-ssh-ext-info/
>
>
>
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
>
> I plan to ballot "yes", but I want to discuss one point first. Alexey
> mentioned
> this in his comments, but I think it's discuss worthy. Hopefully it's an
> easy
> fix, and it may well be because I've missed something obvious. If people
> think
> it really, really needs to be this way, I will clear--but I want to
> discuss it
> first:
>
> - 2.5: The relative order in which extensions appear in an
>   EXT_INFO message MUST be ignored by default; but an extension MAY
>   specify that the order matters for that extension, in a specific way.
>
> I don't think allowing specific extensions to add ordering requirement
> works.
> It opens up the possibility of incompatible ordering requirements across
> extensions. As far as I can tell, the only control over this is the "IETF
> Consensus" requirement for adding new extensions. I'm open to arguments
> that
> this is good enough, but my knee-jerk response is that it puts an undue
> burden
> on the consensus process for little return.
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> Substantive:
>
> -2.3: "This message is sent immediately after SSH_MSG_NEWKEYS, without
> delay."
> That seems to be contradicted in section 2.4, which talks about two other
> potential times.
>
> -2.4, last paragraph (asterisk note): "The message MUST be sent at this
> point
> for the following reasons:" That's a confusing use of MUST. Do you mean
> that
> the message MUST NOT be sent unless the reasons are true? Or that if the
> reasons are true, the message MUST be sent? Or is this just a statement of
> fact, in which case the 2119 keyword is not appropriate?
>
> -2.5, 2nd paragraph: "or it MAY be sufficient that only one party includes
> it"
> That seems like a statement of fact rather than a grant of permission. If
> so,
> the 2119 MAY is not appropriate.
>
> Editorial:
>
> -2.1, first paragraph: "Applications implementing this mechanism MUST add
> to
> the field
>   "kex_algorithms", in their KEXINIT packet sent for the first key
>   exchange, one of the following indicator names:"
>
> That's hard to parse.  Suggestion:
> "Applications implementing this mechanism MUST add one of the
>  following indicator names to the "kex_algorithms" field for the first
>  key exchange:"
>
> -2.5, 2nd to last paragraph: "... applications MUST
>   tolerate any sequence of bytes; including null bytes at any position;
>   in an unknown extension’s extension-value."
>
> Redundant to similar normative statement in 2.3.
>
>
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle
>

v2.23.0 | Report a Bug | By Email