Re: [Curdle] Looking for comments on draft-ietf-curdle-ssh-kex-sha2
Simo Sorce <simo@redhat.com> Tue, 01 December 2020 15:36 UTC
Return-Path: <simo@redhat.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EAF53A13B2 for <curdle@ietfa.amsl.com>; Tue, 1 Dec 2020 07:36:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.12
X-Spam-Level:
X-Spam-Status: No, score=-2.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HHSkQdL_fTUs for <curdle@ietfa.amsl.com>; Tue, 1 Dec 2020 07:36:51 -0800 (PST)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5EA353A14E8 for <curdle@ietf.org>; Tue, 1 Dec 2020 07:36:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1606836978; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CbQtsMQZ+Aq3jMlru49YCqNcGi03pBCYg3hquudul+w=; b=fDlTb2hgQCM08zr5SGKW4wyeUCaApXmV1wJsu/YM9OZO5f9AFVi9vvL4yR0Gmf7LlJs728 mJzuwlcWF7TpACOWNju5yTefKAXYi1Ant3Qtju2LvaXGmGOK0S2buzURbtEaY0CIsz4lA8 2aXOgBtmKtMvzlFkBOiNdg+NF/U5vsg=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-109-pTr7FdWRMgK-_4bH4jBCWA-1; Tue, 01 Dec 2020 10:36:08 -0500
X-MC-Unique: pTr7FdWRMgK-_4bH4jBCWA-1
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D71EC1966323; Tue, 1 Dec 2020 15:36:06 +0000 (UTC)
Received: from ovpn-115-14.phx2.redhat.com (ovpn-115-14.phx2.redhat.com [10.3.115.14]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 58A5119C48; Tue, 1 Dec 2020 15:36:06 +0000 (UTC)
Message-ID: <2f6c95ef41c29eaf1e505aa65dab0a21ecb80c27.camel@redhat.com>
From: Simo Sorce <simo@redhat.com>
To: Tero Kivinen <kivinen@iki.fi>, "Mark D. Baushke" <mdb=40juniper.net@dmarc.ietf.org>
Cc: curdle@ietf.org, Hubert Kario <hkario@redhat.com>
Date: Tue, 01 Dec 2020 10:36:05 -0500
In-Reply-To: <24512.5140.838958.415785@fireball.acr.fi>
References: <25423.1596646626@eng-mail01.juniper.net> <SA0PR15MB37917F0E55D801609AF23EB0E34B0@SA0PR15MB3791.namprd15.prod.outlook.com> <20200807052623.GM92412@kduck.mit.edu> <71619.1606168457@eng-mail01.juniper.net> <7107b6ac-0e6c-419d-96ac-d0a53b65ee5b@redhat.com> <24511.57685.169815.673441@fireball.acr.fi> <afea8fb0-82e2-46e9-b2cc-4dca4038b630@redhat.com> <6050.1606417649@eng-mail01.juniper.net> <24512.5140.838958.415785@fireball.acr.fi>
Organization: Red Hat, Inc.
Mime-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=simo@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/JdBFIbm_I7dOkUEKgoj_kR1uqJs>
Subject: Re: [Curdle] Looking for comments on draft-ietf-curdle-ssh-kex-sha2
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2020 15:36:53 -0000
On Thu, 2020-11-26 at 22:46 +0200, Tero Kivinen wrote: > Mark D. Baushke writes: > > I could add this informative reference: > > > > Karthikeyan Bhargavan, Gaeutan Leurent. Transcript Collision Attacks: > > Breaking Authentication in TLS, IKE, and SSH. Network and Distributed > > System Security Symposium -- NDSS 2016, Feb 2016, San Diego, United > > States. 10.14722/ndss.2016.23418 . hal-01244855 > > URL: https://hal.inria.fr/hal-01244855/document > > > > to the informative section of the RFC and try to add additional > > theoretical justification against SHA-1, is this really necessary? > > I think it would be good idea to add that reference, even when it do > consider that attack against ssh impractical with 2^77 work, but it do > warn about not including weak ciphers in the list, and warn about the > group exchange. > > > The paper does show that the group exchange (RFC4419) use of *-sha1 may > > be somewhat easier to attack than the fixed group, but I have already > > listed that as 'SHOULD NOT' in my -12 draft. > > This could refer to this same paper. > > > The real question here is if "SHOULD NOT" is the correct implementation > > guidance for all use of diffie-hellman-group14-sha1 in key exchanges > > which is a big jump from "MUST" right now. All of the other *-sha1 > > exchanges in the draft are listed as "SHOULD NOT" already. > > I think it can still be SHOULD, just to keep backward compatibility > with old devices. It does not need to be enabled by policy in default > configuration, but sometimes you need to connect those devices, and it > is painful if you need to find old version of some ssh client just to > be able to connect to them. A MAY is probably more adequate in this case. It means you can provide it, but you are not out of spec if you decide not to implement it, and not implementing it should be a valid choice. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc
- Re: [Curdle] Looking for comments on draft-ietf-c… Hubert Kario
- [Curdle] Looking for comments on draft-ietf-curdl… Mark D. Baushke
- Re: [Curdle] Looking for comments on draft-ietf-c… Ron Frederick
- Re: [Curdle] Looking for comments on draft-ietf-c… Mark D. Baushke
- Re: [Curdle] Looking for comments on draft-ietf-c… Ron Frederick
- Re: [Curdle] Looking for comments on draft-ietf-c… Mark D. Baushke
- Re: [Curdle] Looking for comments on draft-ietf-c… denis bider
- Re: [Curdle] Looking for comments on draft-ietf-c… denis bider
- Re: [Curdle] Looking for comments on draft-ietf-c… Ron Frederick
- Re: [Curdle] Looking for comments on draft-ietf-c… Mark D. Baushke
- Re: [Curdle] Looking for comments on draft-ietf-c… Hubert Kario
- Re: [Curdle] Looking for comments on draft-ietf-c… Mark D. Baushke
- Re: [Curdle] Looking for comments on draft-ietf-c… Tero Kivinen
- Re: [Curdle] Looking for comments on draft-ietf-c… Hubert Kario
- Re: [Curdle] Looking for comments on draft-ietf-c… Mark D. Baushke
- Re: [Curdle] Looking for comments on draft-ietf-c… Tero Kivinen
- Re: [Curdle] Looking for comments on draft-ietf-c… Tero Kivinen
- Re: [Curdle] Looking for comments on draft-ietf-c… Hubert Kario
- Re: [Curdle] Looking for comments on draft-ietf-c… Simo Sorce
- Re: [Curdle] Looking for comments on draft-ietf-c… Mark D. Baushke