IETF Logo Mail Archive

Re: [Curdle] Time for SSH3?

Peter Gutmann <pgut001@cs.auckland.ac.nz> Thu, 21 December 2023 03:08 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9C38C137370 for <curdle@ietfa.amsl.com>; Wed, 20 Dec 2023 19:08:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SeB1XRUXQXiS for <curdle@ietfa.amsl.com>; Wed, 20 Dec 2023 19:08:16 -0800 (PST)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [103.96.23.117]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69DCAC1AE958 for <curdle@ietf.org>; Wed, 20 Dec 2023 19:08:12 -0800 (PST)
Received: from AUS01-ME3-obe.outbound.protection.outlook.com (mail-me3aus01lp2232.outbound.protection.outlook.com [104.47.71.232]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id au-mta-48-y5TZYxLPN4aH0gXaOFT42A-1; Thu, 21 Dec 2023 14:08:08 +1100
X-MC-Unique: y5TZYxLPN4aH0gXaOFT42A-1
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com (2603:10c6:10:10b::10) by SY8PR01MB8791.ausprd01.prod.outlook.com (2603:10c6:10:229::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7113.20; Thu, 21 Dec 2023 03:08:06 +0000
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::b620:111d:4fd9:315e]) by SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::b620:111d:4fd9:315e%3]) with mapi id 15.20.7113.019; Thu, 21 Dec 2023 03:08:06 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Matt Johnston <matt@ucc.asn.au>
CC: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, saag <saag@ietf.org>, "curdle@ietf.org" <curdle@ietf.org>
Thread-Topic: [Curdle] Time for SSH3?
Thread-Index: AQHaMy5mbhsuFmqslEGvkPxSGLInyLCyB9lBgADxVACAABUPfQ==
Date: Thu, 21 Dec 2023 03:08:06 +0000
Message-ID: <SY4PR01MB62512EB23E7E0D79A47F4F0BEE95A@SY4PR01MB6251.ausprd01.prod.outlook.com>
References: <GVXPR07MB96789816DE49A02D46AC25628996A@GVXPR07MB9678.eurprd07.prod.outlook.com> <SY4PR01MB6251678A7FD714B5CDC26A8FEE96A@SY4PR01MB6251.ausprd01.prod.outlook.com> <42ca27dada0f3c27d813d0d37446d078@ucc.asn.au>
In-Reply-To: <42ca27dada0f3c27d813d0d37446d078@ucc.asn.au>
Accept-Language: en-NZ, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SY4PR01MB6251:EE_|SY8PR01MB8791:EE_
x-ms-office365-filtering-correlation-id: e023761b-7221-45f9-09ec-08dc01d20da9
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: nwQbI6u6248yXCr0zLZo2zULjuWI05fZoFSJBaCG/4fKl4UphMaD7H5rSDS8MQVsD1gLBR1L2AIDe/nidLpj9+X7B+sZFKydMVJWDCEzl0CiWzsjTesDWaLSUAyEPTZrC6OO+/A3UCIveZYRxGLHZVbGiWmIGuqHbceIYvO7vp2ueClpG95KsOqYr5KUY+So0spBoOmpS6O/qFeEliGAY2WAVmPgcNeGoFAw5p6yHoiAuPNw1RVGYdUGRJzfYqkYinPPChLHfTwoKKhQ+JRBvpzZKUOjfZPtfUCdXG/11NMXJiu9AkYwkUZfEULWRSq+XPXFeE0/2NjYfsENjlXYCU5misBi5wpJBCw4X5CTKxiZ5ZDo5vnEKaU+OU/5GyW6AM0g6aagp2t5BDGtFTmgWU+qnEkcYaHcB0/GOwh3BlD+4g1FJMi1ZaDNWw0ceZtPCD1EQaBuqRFr5y/MgWCEeHAwHEs/O3AKTFflJqe3iBU+M6fORXnYhTWkIsPGKwBguFU/13jP7PUfgiEnb50YY3/qpqI4gsn/RU3y5+6YazLLbmKUWx//4/v/xMkYEtmDu2xB1+qi6Uf/XkzythT0wRJiPfOB702vTs9TXZVFImh/X6znMBlHc07kgP4GQX2t
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SY4PR01MB6251.ausprd01.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(346002)(136003)(376002)(39860400002)(396003)(366004)(230922051799003)(1800799012)(186009)(64100799003)(451199024)(478600001)(7696005)(26005)(71200400001)(6506007)(9686003)(66446008)(64756008)(66476007)(6916009)(52536014)(66556008)(66946007)(55016003)(76116006)(8676002)(83380400001)(8936002)(4326008)(2906002)(5660300002)(54906003)(786003)(316002)(38100700002)(33656002)(122000001)(41300700001)(38070700009)(86362001); DIR:OUT; SFP:1101
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: xCMcFGKMEyhxpENji/Ctx+tbfTy0cetV4p32TmHfsiLfhrfRiefmNlCCXgHJRmLNiQBED9BTGg10+KJ5Y/n8v6YiN6WwbMenerLKs2pCDaU03yCcQaLMvmir9WN4FYiFAUtZz/DDmgcUrlqWvOauiNM6D3y6nIBc6h3LZpMsbHfFbs11VeDOqCIaHPIaIPa7bbTRA+zzPK3k/FNqVWQDfw6Y2ik92czSbC25jixD/kigxT+z4zMNJQLyo8ylQSLzyNRJMjt7z6xnuGGQrZJcneNpPG3fpFPvrmWvTJ7uER6uN1Ypzcz1tn6W3eGDc3GUIoCA7WE1OSIkw/fnG1540NYiXnQx7iP+lNYahUQGv29+ub3DUevB6KC9mkRtoNQl/u291OI+222dUQ7KZn92T1FAJWFy7q2bUxKS9Yxdac84TH+NkNPb2xgr2Bs56BKe6f2+gwEaDQKkzeVBaj/8o//aMbII5pwf1csCfdRI0wP/Xqrt0wu1b2mqDGTwxdljEOvnxHeidUSsIW2lIcCmjR5+PDlQHs9p51dUOM/Iz7T5M/fXP6YITSUnWjZLX6XQTemPdKfVJxIWqiU1lp/GRIZ+FYc6IJ3ieFkSHscAwHrOV6QcHg65euqEBXt+bRy/sQutl5yHJ9J/tK9p4y7ZiyDpXcoVKSUGaO7qEH/zUClBkpAAPWgK2iS2igk7U3nC9WY63wfrbHwhB+kOdGGd8TGzOLtBPRnjLQs+XxsnocDktLO/McD65/iKCtSm0srsEljuNPUf/eUvKkxGwToq8Xa3XBzUATWELiV93UiJYZACMYcAfmtxBAHe+jCbFu7/EM/nnEDYQamxpdgnfQxDb6BPcnZHdvdlQ8yRmrsa+/Ux9CRfvMPHWMAfA2Luix5xiNLqQqpJraZU37oNzdJ6ImCFj+WctPEwz9bRux7OdqQG5u9PvKpeeyGoakgNHu+XvWt6M7Y7E9f3/Nvf/4iPVgW6jEFM5jgB8ACl1caAX09Ne7xQTYDw1GZ1QTrdtKcKpguDmptSPuMSisbwnEBKHbeTmdPGOw+nJdjRxyrBs4RAhHoNM3y5WyRfSPUGG4qx+Faz8sV+rgCp2CkcULfvu9UWBZcnDMN2HuyaEhznAUNhIsAmVhb/ftEoRpgtS6Wy22tgUWpc0JGBCWLNwUcIKVDPiPMug+xd75TbhneihLjrozjwed43P22oLZLzTLJ6HQkxwOS+KhMekFSnP7CWelc4chSrt1UFvdOR6jXKzXFbZQquSitb6fAzaHrCyk51PNHbq6Yy0FVfnz39Q8M1lL2k/stJXwl3jqNJVLWr5d1YJTZldMU9owlVxjgZtJL2VDNpCNRdCJGKt5vTS+jkxABizCbKH0TC+laz6ab6ajVUyrdcBBnK3ahwyBO9u7hlHhB/9Eu7A1tMNJvb1/SMdYWLdB5RCo88EfRRiWxJDf7pc0th8IRPRdrmek9BfecDB7aLS9x67EsObNF6KUcxErkBTf5OKxYPD/ZNF4ZX/3LG0vew5GBZULp75SFVxL8Ak839TwWkVCQ3ZGHtVVo9jpzOWQi9Pbh8V9vkkhogCFM6JgbPLl0ubY4kbc35/+LX
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SY4PR01MB6251.ausprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e023761b-7221-45f9-09ec-08dc01d20da9
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Dec 2023 03:08:06.2610 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: CbQW54uReNKoCb0sZFWEJURhY2vWcqAWp5WJsIFe87AQ2dE05x/gmBsZ9BatdpqYF7tFXfkPX+/RMwlwfbXIX3cUQx0IB8sq6AdORCcb9q0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SY8PR01MB8791
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/QIRkuLJiV66-cS6_prGrHvFdt5g>
Subject: Re: [Curdle] Time for SSH3?
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Dec 2023 03:08:20 -0000

Matt Johnston <matt@ucc.asn.au> writes:

>In discussion of Terrapin I think there's been confusion of server-sig-algs
>being security relevant. It's not a security mechanism, it's a compatibility
>mechanism. The server decides whether to accept rsa sha1 signatures
>(regardless of whether a client thinks it can send rsa sha1 signatures), and
>dropping a server-sig-algs extension packet doesn't change that.

Ah, good point.  So perhaps before everyone rushes out work on their code with
a pair of pliers (and optionally a blowtorch), it'd help first to get an idea
of what the practical impact of this attack is.  I mean, apart from egg on the
face what could an attacker actually do that's going to cause a real security
problem?  Unless you exploit the @openssh.com ping extension (yet another
OpenSSH add-on causing problems) you've got a very low probability of removing
a message (0.04, CBC-EtM page 10) which even if you manage it probably won't
have any security implications.

What happens if you leave it as is, or at least mark it as "for future
attention when the opportunity arises"?

Peter.

v2.23.0 | Report a Bug | By Email