Re: [Curdle] Mirja Kühlewind's No Objection on draft-ietf-curdle-ssh-ext-info-12: (with COMMENT)
denis bider <denisbider.ietf@gmail.com> Tue, 05 September 2017 01:16 UTC
Return-Path: <denisbider.ietf@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2097E1321D5; Mon, 4 Sep 2017 18:16:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qjssg8_AFREh; Mon, 4 Sep 2017 18:16:11 -0700 (PDT)
Received: from mail-lf0-x234.google.com (mail-lf0-x234.google.com [IPv6:2a00:1450:4010:c07::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73F711321C7; Mon, 4 Sep 2017 18:16:08 -0700 (PDT)
Received: by mail-lf0-x234.google.com with SMTP id 80so1342413lfy.4; Mon, 04 Sep 2017 18:16:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=qaPq6osrdhfkKuP92hvNmeKKQ2lU1go+eOsZO8lw2cI=; b=E/pA8QI4o69uW2rooJtwHniF/284kVvej/YIStSqeZDLIyQ+CayAZ2KKoYrFfeqOVn hYPQWXraoBuoiFp0DTSfqb5mg+BxSMf3ZHpxqT9t9crZrd9XmndjVgMSmkyrthOT0cU3 HwCq+HkgjPAWZXPzYaxrVN84RXkBEo5qbQac/ZGx+WbV9j5gq9xU8J/SIuvyDYfIknnw WOviDgmzwKE8XHM7Esi2Id2iQ80Kas7dimeuIB10cSylnbOK6nETwPPfJrp5SUQiykeo JDuumKSlg3MuR+EDsoz9A31eabZGF3nDIQve8Sm4BnTmMC9mN8CyH36e0rUWVWNvwtLB QwaA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=qaPq6osrdhfkKuP92hvNmeKKQ2lU1go+eOsZO8lw2cI=; b=AUwGpbmHJOmeipmvIeagbfMD0/8xibvTNd4lt3KCNF9ZTycFKcYH7FFvNUdqY7ZICm gL2MoBcM7HYRYkPOODfIa7XwGy8uqkFj8beGavZCGZPHkOVNFYRmFVCgtTp/Hb3O3Wm8 2hk9ZOrkUnIuay9VsJoK4J63aZyKpAq03DFz/2Xma3SEf7xjXhGU1cSwgnhv7K2/BXsH ZJuyhEm3VuggQhxSBpWOI+3bgYRv5kQ14JUGaZ1ZSNLwvRZn0jqRTrMe29OEAJRk8JgN 0f49yZk+xMS31NkOkXbmY06m4p0VEdEJGNTxEYOAOYfwukels824RrWISdme3GdrZLls 3LSA==
X-Gm-Message-State: AHPjjUi53dmm/58nuJWBFEtFVkM3k0Pp6ewLBzFV2VZBLIdaHzTsZpfj RZgnVMnEx372AosCljLZxp0Mn4dViqE/
X-Google-Smtp-Source: ADKCNb4lvF+V0QQCqXvfqVd5p75x3fe1dDgdzkLPAWOrn9LATKt40hdfq8sEDFAM+oWUoWY4RRCd8vPx4HwqmVe/Apk=
X-Received: by 10.25.1.4 with SMTP id 4mr165095lfb.78.1504574166723; Mon, 04 Sep 2017 18:16:06 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.179.27.209 with HTTP; Mon, 4 Sep 2017 18:16:06 -0700 (PDT)
In-Reply-To: <150452751108.452.17402297157409789400.idtracker@ietfa.amsl.com>
References: <150452751108.452.17402297157409789400.idtracker@ietfa.amsl.com>
From: denis bider <denisbider.ietf@gmail.com>
Date: Mon, 04 Sep 2017 20:16:06 -0500
Message-ID: <CADPMZDBoFEFmBz5tkDf1TyvOkbjngCU8PncZ2q0i1K-02PauFQ@mail.gmail.com>
To: Mirja Kühlewind <ietf@kuehlewind.net>
Cc: The IESG <iesg@ietf.org>, Daniel Migault <daniel.migault@ericsson.com>, curdle-chairs <curdle-chairs@ietf.org>, curdle <curdle@ietf.org>, draft-ietf-curdle-ssh-ext-info@ietf.org
Content-Type: multipart/alternative; boundary="001a113a3edebef2eb055866f8e2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/OCseErRsLGqb_3wXniwLhaMg-JI>
Subject: Re: [Curdle] Mirja Kühlewind's No Objection on draft-ietf-curdle-ssh-ext-info-12: (with COMMENT)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Sep 2017 01:16:14 -0000
Hello Mirja: > What happens if the server received more than one (different) > EXT_INFO messages or the client receives more than two? Such sender behavior is incorrect according to the spec. Receiver behavior is implementation dependent. In the absence of a specific reason to do so, I think it's counter-productive to define receiver behavior for all possible ways a sender could violate the spec. It complicates both the implementation and the spec. It seems best to let implementations handle that in whatever way is convenient. > One question regarding flow control: I understood that some > implementation simply set the max value for the initial window, > however, if you don't even have a max window how do you > ensure that the receiver is not over loaded and what do you > do if you receive more data that you can handle? The max value hack and the no-flow-control extension behave similarly until 4 GB of data is transferred. When amount of data transferred approaches 4 GB, the max value hack has to send a window adjust, whereas an implementation using the no-flow-control extension can just keep going. In both cases, flow control is provided by TCP. If the receiver can't handle the data, it doesn't read it from the socket. It is for this reason that the no-flow-control extension specifies there can be at most one SSH channel at a time when this extension is in effect. The TCP flow control only works satisfactorily with a single channel. In my view at least, applications that implement multiple channels should implement proper per-channel flow control as originally specified by SSH. > I'm by far not an expert but I would have expected that > there are additional security consideration for elevation > and mybe even flow control... no? Not that I know of. There's certainly no impact on flow control. If there's a security consideration, it's that this extension would be nice for everyone to implement - including vendors who hate Windows - so that SSH sessions made by administrators to Windows servers could be established without elevation by default; and with elevation only if requested by the user (e.g. through a client command line flag). Presently, without this extension, SSH sessions made by administrators to Windows servers have to always be elevated by the SSH server by default. This decision needs to be made before authentication, because after authentication, the security context for the session is already constructed. If there's no way for the client to indicate this choice, the server always needs to create an elevated session in case the user wants to exercise their administrative access. If this extension is supported, the user has the option to request no elevation, e.g. because they know they're only going to need their regular use permissions, not their administrative access. If the extension were to become universally supported, then no elevation (being the safer choice) could become the server-side default. On Mon, Sep 4, 2017 at 7:18 AM, Mirja Kühlewind <ietf@kuehlewind.net> wrote: > Mirja Kühlewind has entered the following ballot position for > draft-ietf-curdle-ssh-ext-info-12: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-curdle-ssh-ext-info/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > 1) What happens if the server received more than one (different) EXT_INFO > messages or the client receives more than two? > > 2) One question regarding flow control: I understood that some > implementation > simply set the max value for the initial window, however, if you don't even > have a max window how do you ensure that the receiver is not over loaded > and > what do you do if you receive more data that you can handle? > > 3) I'm by far not an expert but I would have expected that there are > additional > security consideration for elevation and mybe even flow control... no? > > 4) Thanks for quickly addressing the genart review! > > > _______________________________________________ > Curdle mailing list > Curdle@ietf.org > https://www.ietf.org/mailman/listinfo/curdle >
- [Curdle] Mirja Kühlewind's No Objection on draft-… Mirja Kühlewind
- Re: [Curdle] Mirja Kühlewind's No Objection on dr… denis bider