From pgut001@cs.auckland.ac.nz  Wed Dec 20 17:36:54 2023
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id 96288C1AE955
 for <curdle@ietfa.amsl.com>; Wed, 20 Dec 2023 17:36:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level: 
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01,
 URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001,
 URIBL_ZEN_BLOCKED_OPENDNS=0.001]
 autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id pLHyWN4mB5Vx for <curdle@ietfa.amsl.com>;
 Wed, 20 Dec 2023 17:36:50 -0800 (PST)
Received: from au-smtp-delivery-117.mimecast.com
 (au-smtp-delivery-117.mimecast.com [103.96.21.117])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id A0EF5C23961D
 for <curdle@ietf.org>; Wed, 20 Dec 2023 17:36:45 -0800 (PST)
Received: from AUS01-SY4-obe.outbound.protection.outlook.com
 (mail-sy4aus01lp2169.outbound.protection.outlook.com [104.47.71.169]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 au-mta-83-4LMUplL3NhiktQ-OLWT0dg-1; Thu, 21 Dec 2023 12:36:25 +1100
X-MC-Unique: 4LMUplL3NhiktQ-OLWT0dg-1
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com (2603:10c6:10:10b::10)
 by MEWPR01MB8784.ausprd01.prod.outlook.com (2603:10c6:220:1f8::21)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7113.19; Thu, 21 Dec
 2023 01:36:23 +0000
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com
 ([fe80::b620:111d:4fd9:315e]) by SY4PR01MB6251.ausprd01.prod.outlook.com
 ([fe80::b620:111d:4fd9:315e%3]) with mapi id 15.20.7113.019; Thu, 21 Dec 2023
 01:36:23 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Dmitry Belyavsky <beldmit@gmail.com>, David Schinazi
 <dschinazi.ietf@gmail.com>
CC: saag <saag@ietf.org>, "curdle@ietf.org" <curdle@ietf.org>
Thread-Topic: [Curdle] [saag] Time for SSH3?
Thread-Index: AQHaMy5mbhsuFmqslEGvkPxSGLInyLCyB9lBgAAiLoCAADSQgIAAAKEAgABC84CAAAFGgIAAUiQ5
Date: Thu, 21 Dec 2023 01:36:23 +0000
Message-ID: <SY4PR01MB625125FF67B962FC34B8099BEE95A@SY4PR01MB6251.ausprd01.prod.outlook.com>
References: <GVXPR07MB96789816DE49A02D46AC25628996A@GVXPR07MB9678.eurprd07.prod.outlook.com>
 <SY4PR01MB6251678A7FD714B5CDC26A8FEE96A@SY4PR01MB6251.ausprd01.prod.outlook.com>
 <30cd214d9666d142cd8987ead79d5b42.squirrel@mail.ihtfp.org>
 <20231220163501.GB297455@mit.edu>
 <2b86631f-1d3c-4a58-a668-233d36368a36@cs.tcd.ie>
 <CAPDSy+5=LjQ6Tk_s_-61dbSZ+Bd39OCQE9iyH+8fR3cv6ZfiMg@mail.gmail.com>
 <CADqLbz+HnA4UPcDPSm_-v9ih8N-F8P+meSeppwkNKW6-24FvYQ@mail.gmail.com>
In-Reply-To: <CADqLbz+HnA4UPcDPSm_-v9ih8N-F8P+meSeppwkNKW6-24FvYQ@mail.gmail.com>
Accept-Language: en-NZ, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
msip_labels: 
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SY4PR01MB6251:EE_|MEWPR01MB8784:EE_
x-ms-office365-filtering-correlation-id: 4e854e1d-5d56-4bc6-865f-08dc01c53d96
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: qd3IU+2cyqnIRPd0TBK0I151+914c14bTZzJ/zWfYVECwo5a+SWkiuT6+IO0VDPYoNQrIgoGF3MA7aI89IjlYkMICprAx6xS8+1zKcN8zHa795SvPCcTdqnPofbVMar/CUYvg+VwJwHI0WGF4wMMYgVlXECpCVXw4U8jHzsS48rwsy2LMPRNbKsA6nQi1X3RR8csD37ga0SGP/CEgXVtqbU0B1AfFukn8s481QgBBMTCrCn7bI2ql4L0lgyTENoW5uadq5+nHvmOmbyOO3tzdDHtWuGJiO1MlA08QgpP3O9kY5zlKgPAHldr8dUlByxzkykSFku7SijTd58U7//I4flOXoAWW8+I1rRr8M8PbaoKt9UM63uELSk3d96rauLlNVvjcRly9UxNGLinYWHxDowfB5il5HM12M7Sxl5bbdfT4uB+8rP4WWL7mGs3DRsiYqt10fcPYK1yhW4X+2U3UF7zzG+xoZlaILD5ULJ2d2g9IF/j9Gn9sab9BR0vBBRxolOF5m16la6BN6Ng29gAueug6ZA9PtgMcb+YecGLy1WYEhnSAenibYXUKF1Sgf99Zxft+u3kthauESUm4zsy7J3dNjdhWXPDAinSUsvvAG+eRwx2JDS6k79IRalH3cxH
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:SY4PR01MB6251.ausprd01.prod.outlook.com; PTR:; CAT:NONE;
 SFS:(13230031)(396003)(39860400002)(346002)(376002)(366004)(136003)(230922051799003)(451199024)(186009)(1800799012)(64100799003)(83380400001)(26005)(66446008)(71200400001)(9686003)(6506007)(7696005)(478600001)(64756008)(66476007)(2906002)(5660300002)(4744005)(52536014)(41300700001)(76116006)(4326008)(8936002)(8676002)(110136005)(54906003)(66946007)(66556008)(786003)(316002)(33656002)(38100700002)(122000001)(38070700009)(86362001)(55016003);
 DIR:OUT; SFP:1101
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?ttuV/EpY1lN7bYOlq6OS1fyFbTtgPzniaFU0fT8V7z1yItbNP/1K+c8bpf?=
 =?iso-8859-1?Q?2useNi7RY0bRhxqo9BCFmLXsHR0k3AKfSCD3ZBz7J5LwhThTEH+ffRmhuy?=
 =?iso-8859-1?Q?z5KbhbiZ14mNovADFauV56ORvK6XjyHuacyChi6j0DIZeyMC2vIN7aQsfY?=
 =?iso-8859-1?Q?lNDKlxy8c7h9tI6QAnNGAbc061PDl67uHEMhOJylnqkOosIPnG93dmmg0z?=
 =?iso-8859-1?Q?xT+jJ8ga/I8mio5u790Z+OGtWvWpoFy8QJF/N0E35YamT9X7jNZGA+NAPv?=
 =?iso-8859-1?Q?b+VqNF0mDPDK3h2SntJxxpNeH/78O29CGC83gIis/QhDtb+PGL3Vd/v5Sz?=
 =?iso-8859-1?Q?cHDrYB2p+AzNar/5bfRXm2MdybfKRRpzSBIc36lWJ40xoioAzs7kdNI/PE?=
 =?iso-8859-1?Q?EBz7RwFQVOE32KZst6CLqYEcg4bowGmKC/kxrPwQbGGrGFGBPz7FUKqrhL?=
 =?iso-8859-1?Q?jUPbDz+ntfXQ1e41ANGm/u2Ciens1WESHHjBbL83T+dRpwZlmRO9NBSJTh?=
 =?iso-8859-1?Q?lygkQjYhHviQdJPDLV5Otx9CWe5gsrzEdWCPtJHZ184h5PgURtDCgaXH9z?=
 =?iso-8859-1?Q?JzRgl/SrytSYlq0ZSw7Ao5v+sVafdcqk5mvH/NZ1O7P8gBp1y6VYgNk8of?=
 =?iso-8859-1?Q?2rPk3QSeIhGA1LSoZbVTKSUCW/Gsc/3aOID7cgtm8qBZ8hAlg3WrutRhH4?=
 =?iso-8859-1?Q?QH4cyMJsIsIngdlkH0kJdzEJeSE2CZrXgl1D9b9zMGMtC/lllUMwhiQEjV?=
 =?iso-8859-1?Q?M0ZADQmU0qePx7B/0Oi9sN+UdKWsGWtCXOfWAxY2H7geC/Cu0Kx1Q1uwru?=
 =?iso-8859-1?Q?xzHnrwZNCuCQsKVHIs+JGhYP6RcRMYmNmv7gPmDi5WlCb+M+6KZzAwYIYd?=
 =?iso-8859-1?Q?9/0mlm9bO1NA2jJ+EOO52BSAH+uQ8MlTnJRtQzWDw4w1LoX8cokADo68hu?=
 =?iso-8859-1?Q?g22NPN/6O48klx9g4BP/1y1ppnCGk4YgVxD6rpoi3Vq8OxnMwl3vqYKpE0?=
 =?iso-8859-1?Q?K2tkG2oJQE+DZ+VN5FIXqFySlaPOfQlieK139T1lrSHdG9h6Q8oRg0DbL2?=
 =?iso-8859-1?Q?wFhSqNoRJxufseRoSexGXtLUDxOCe+mW692RabYWxl2DokdRLD7xfx0TYx?=
 =?iso-8859-1?Q?9dPHrAodFs8OO+SK9ioOAdLvSufLAV/JOykloNizyiguBAJD0v4WnM6o3E?=
 =?iso-8859-1?Q?opO14PoMexxqdkbQsC9wtIhMbDpRvrn8b9pYJAK2omSwQ1Ww9D++bw8ef0?=
 =?iso-8859-1?Q?UwsQwLqboVfg0RB7oo4uaFbxssyYaTBQMNUOxcjq4mor3+aAqsASFFb0nH?=
 =?iso-8859-1?Q?8Qk8vbBx0sOyQbg53uXGeKxVUzFVSqDtFMpMKX3yXtliJbQrrwXGlQjNG3?=
 =?iso-8859-1?Q?2OhgI3OCUUxNhveIUUCBi8p8nlVsusbEe3/3JXUrj+4S/uipXUo9RLoBhc?=
 =?iso-8859-1?Q?Z/pR/RSfAXqmCxZEKoqZVrErZZWknvcJqjrj2J+FSGMgJGjJGDbWq4t2G1?=
 =?iso-8859-1?Q?9QUXwd1LgV8r8mW/R4Dpsn1TnRk/lMXdv4VEmHOexSTyjV3XLvUvP3oXIx?=
 =?iso-8859-1?Q?td0X9XZU2YZx5GsQV8CCOE/yHA7q6zCTD7Q3QixHoBmmjlO7jCupn2GFh6?=
 =?iso-8859-1?Q?dMs7C4JDWUxG9IHe9YVgHEq/aW0gPPN3Bz?=
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SY4PR01MB6251.ausprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4e854e1d-5d56-4bc6-865f-08dc01c53d96
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Dec 2023 01:36:23.2643 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: sPn5tDfH0HyENrjoNOM6LPABokL3RcHKc1s7SRNHdmmpjnbpHpvXVTK71C5UHc9EzQioZG3chBMWvp/isDycOt9wUQ6BlEYfeH1J+h99NFk=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MEWPR01MB8784
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset=WINDOWS-1252
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/K5hxQyTa_80su_A9CzHmAel_87U>
Subject: Re: [Curdle] [saag] Time for SSH3?
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "List for discussion of potential new security area wg."
 <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>,
 <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>,
 <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Dec 2023 01:36:54 -0000

Dmitry Belyavsky <beldmit@gmail.com> writes:=0A=0A>Well, TLS 1.3 had to be =
redesigned to mimic TLS 1.2 and got 50% sites=0A>supporting it only in Nove=
mber 2021 despite all the advantages.=0A=0AThat's *web* sites, not sites in=
 general.  For non-web use, it's going to take=0Ayears, up to 1-2 decades, =
to switch fully to TLS 1.3.=0A=0AWith SSH it's even worse, it's pretty much=
 the universal access mechanism for=0Aanything and everything that needs CL=
I access, and those devices often run=0Auntil the hardware fails, with hard=
ware that's designed not to fail much in=0Athe first place.  I've still got=
 bug-workarounds for 20-year-old SSH bugs in=0Amy code because systems are =
still running that, the last thing you want to do=0Ais throw a completely n=
ew incompatible protocol into that situation.=0A=0AAs I pointed out previou=
sly, a large majority of these devices are immune to=0Athis attack because =
they never implemented the @openssh.com homebrew=0Amechanisms in the first =
place, so there isn't even anything to fix there.=0A=0APeter.