Re: [Curdle] RFC 8308 on Extension Negotiation in the Secure Shell (SSH) Protocol
denis bider <denisbider.ietf@gmail.com> Thu, 22 March 2018 11:58 UTC
Return-Path: <denisbider.ietf@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5236512D80E for <curdle@ietfa.amsl.com>; Thu, 22 Mar 2018 04:58:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nWPMlNk_Z1uA for <curdle@ietfa.amsl.com>; Thu, 22 Mar 2018 04:58:45 -0700 (PDT)
Received: from mail-qt0-x232.google.com (mail-qt0-x232.google.com [IPv6:2607:f8b0:400d:c0d::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 452ED12D7F6 for <curdle@ietf.org>; Thu, 22 Mar 2018 04:58:45 -0700 (PDT)
Received: by mail-qt0-x232.google.com with SMTP id j26so8557798qtl.11 for <curdle@ietf.org>; Thu, 22 Mar 2018 04:58:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=lQQeBB9kYEAbUr+7Zyaw4yLr0S3RfQ/xxQdhmlOOh20=; b=YvN5UeSXnWrQ+aHlGCdF1//SpYWfRWRUqEu5HTl22DccLOzAw34ZKJkhOjFnE/iqas BKRECVcB0cNO65IoO97B1icpPbUdX2NQw33OrrFj6birxa3RnpouerVF09ih8hIEfdEb pnCIVd5FOYJhh52VA/sMHcz79B1tuu6VqUMbkY4ekZHYjAYiL92qBkZb1qNUuXA8vF/Q fHXQJz4sGk9Tq5oa8xJJeS2/zibB1AaplWTYxBT4VwkgrSgoiQpACzLhO3aP/Wi/cyrL mgbHufgZmAoxFp3mwfDogxjd6lsevXdQvtV19G2TkqR2KGSyj/aZERfTwzpRg1FqJHlJ +TVg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=lQQeBB9kYEAbUr+7Zyaw4yLr0S3RfQ/xxQdhmlOOh20=; b=mHXhTPVms4gsa57LnuiLUWa8bBVGksd9BNLdm131vqsSmAOzJcOqOVCoTJrYRL8xE+ 88C+RDth7NGh7+zoH7fC46hyM85cUNs76Vif3LE2njQeQ4+cMuDft2Bh1wadwTmQ/fqP SpO4vON1tQRD2rx3DEZqs6gW+xbj15io3IPQvw8S/cBXvVnZs74k7a6Mm+GclhUdObje ININtXgXp7q+T4tTiho8ziInKOpZ56IIoqwj+INN79VZhnMU9mwoFWVoJ91yXXjYOB02 o7EwDb96c18w/dAH/zrlDuKI5iAvIVHnGOWqOgiaaGMYOCCnZ6/EtICpPiA8NJaQmJjK FYrQ==
X-Gm-Message-State: AElRT7GOZ+uWMX8OneAJXZWi5ubNQRmSKYV9H3LsEdUsi5PVMtvlAb4a 6qx6tSb1/SvLJoccKh1IWo/MudwYE5/yopeRrN4=
X-Google-Smtp-Source: AG47ELsvEDCe9OAH76jaWk7CDARLbK26+LrfI6K4GGNznJAo5xt6sf6ufwzaffvHnOf12n1O1TNIIbIFE4XBV6jCXAk=
X-Received: by 10.200.11.70 with SMTP id m6mr34919034qti.95.1521719924499; Thu, 22 Mar 2018 04:58:44 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.12.158.146 with HTTP; Thu, 22 Mar 2018 04:58:44 -0700 (PDT)
In-Reply-To: <CADPMZDBHGJrn+-pgyKnLmVjA06nE_jm841aYQbwZ6nRew6X0tw@mail.gmail.com>
References: <20180319222314.9400DB810E0@rfc-editor.org> <1521538833144.57449@cs.auckland.ac.nz> <CADPMZDAaJkjwhW8NnSgn=a82VKEdf0uhTbNHcWyqWUjEXFvzKw@mail.gmail.com> <1521611321502.90637@cs.auckland.ac.nz> <CADPMZDBOXLKnWrhn77Uo3gBH_E36-Q7wKAVNNY2dFZbrezEYrw@mail.gmail.com> <1521713601730.55723@cs.auckland.ac.nz> <CADPMZDBHGJrn+-pgyKnLmVjA06nE_jm841aYQbwZ6nRew6X0tw@mail.gmail.com>
From: denis bider <denisbider.ietf@gmail.com>
Date: Thu, 22 Mar 2018 06:58:44 -0500
Message-ID: <CADPMZDAgwu1TErh7oYA5=wY86AKRnOdzm+095oiayN73dLS6HQ@mail.gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: "curdle@ietf.org" <curdle@ietf.org>
Content-Type: multipart/alternative; boundary="089e0822920c8c2a820567ff07e4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/KV_Td335_UOvm7q2YOdHHvfo25s>
Subject: Re: [Curdle] RFC 8308 on Extension Negotiation in the Secure Shell (SSH) Protocol
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Mar 2018 11:58:47 -0000
To be sure, the latest OpenSSH version is 7.6. I know that versions up to 7.5 will disconnect on receiving binary extension-values. Fortunately OpenSSH makes it easy to identify itself, so we have a workaround for that (not sending "delay-compression" to OpenSSH 7.5 and older, which does not support "delay-compression" anyway). On Thu, Mar 22, 2018 at 6:55 AM, denis bider <denisbider.ietf@gmail.com> wrote: > Those sound like good ideas. I would like more people to try that. :) > > If you want to test with Bitvise SSH Server, you can download it free of > charge from our website. It's easy to set up if you have a Windows > computer. You can also access it already set up here: > > Host: experiment.bitvise.com > Port: 10739 > User: test > Pass: test > > If you want to test RSA authentication, the server will provide > instructions in the SSH authentication banner, or you can find them in > Welcome.txt after you are logged in. > > If you want to test Bitvise SSH Client, you can also download it free of > charge from our website. It can be used free of cost in any environment. > You just need a Windows installation. > > The real juice however would be in testing other implementations. I would > suggest setting up and trying the latest OpenSSH versions, both server and > client. > > > On Thu, Mar 22, 2018 at 5:13 AM, Peter Gutmann <pgut001@cs.auckland.ac.nz> > wrote: > >> denis bider <denisbider.ietf@gmail.com> writes: >> >> >Where I'm less comfortable is the hinges that are not yet widely >> deployed. As >> >long as a hinge is not in common use, it is in danger of rusting. These >> hinges >> >include: >> > >> >- EXT_INFO sent by client (only server sends it for "server-sig-algs"). >> >- Extensions with binary extension-value (for example >> "delay-compression"). >> >> I was going to try sending in extensions with undefined values, and binary >> data embdded in them, to see what happens. If it's the same as previous, >> in >> some instances inadvertent, cases of sending unexpected data values then I >> expect all sorts of fireworks. >> >> >EXT_INFO with the "server-sig-algs" extension is widely deployed. It's >> well >> >tested with rsa-sha2-256 and rsa-sha2-512 signatures, and I have no >> concerns >> >about it. As far as I know, there are no compatibility issues to be >> >experienced by an implementation that follows the just-published spec. >> >> OK, that's good to know. >> >> Peter. >> > >
- [Curdle] RFC 8308 on Extension Negotiation in the… rfc-editor
- Re: [Curdle] RFC 8308 on Extension Negotiation in… Peter Gutmann
- Re: [Curdle] RFC 8308 on Extension Negotiation in… denis bider
- Re: [Curdle] RFC 8308 on Extension Negotiation in… Peter Gutmann
- Re: [Curdle] RFC 8308 on Extension Negotiation in… denis bider
- Re: [Curdle] RFC 8308 on Extension Negotiation in… Peter Gutmann
- Re: [Curdle] RFC 8308 on Extension Negotiation in… denis bider
- Re: [Curdle] RFC 8308 on Extension Negotiation in… denis bider