Re: [Curdle] Time for SSH3?
Peter Gutmann <pgut001@cs.auckland.ac.nz> Thu, 21 December 2023 03:08 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9C38C137370 for <curdle@ietfa.amsl.com>; Wed, 20 Dec 2023 19:08:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SeB1XRUXQXiS for <curdle@ietfa.amsl.com>; Wed, 20 Dec 2023 19:08:16 -0800 (PST)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [103.96.23.117]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69DCAC1AE958 for <curdle@ietf.org>; Wed, 20 Dec 2023 19:08:12 -0800 (PST)
Received: from AUS01-ME3-obe.outbound.protection.outlook.com (mail-me3aus01lp2232.outbound.protection.outlook.com [104.47.71.232]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id au-mta-48-y5TZYxLPN4aH0gXaOFT42A-1; Thu, 21 Dec 2023 14:08:08 +1100
X-MC-Unique: y5TZYxLPN4aH0gXaOFT42A-1
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com (2603:10c6:10:10b::10) by SY8PR01MB8791.ausprd01.prod.outlook.com (2603:10c6:10:229::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7113.20; Thu, 21 Dec 2023 03:08:06 +0000
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::b620:111d:4fd9:315e]) by SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::b620:111d:4fd9:315e%3]) with mapi id 15.20.7113.019; Thu, 21 Dec 2023 03:08:06 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Matt Johnston <matt@ucc.asn.au>
CC: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, saag <saag@ietf.org>, "curdle@ietf.org" <curdle@ietf.org>
Thread-Topic: [Curdle] Time for SSH3?
Thread-Index: AQHaMy5mbhsuFmqslEGvkPxSGLInyLCyB9lBgADxVACAABUPfQ==
Date: Thu, 21 Dec 2023 03:08:06 +0000
Message-ID: <SY4PR01MB62512EB23E7E0D79A47F4F0BEE95A@SY4PR01MB6251.ausprd01.prod.outlook.com>
References: <GVXPR07MB96789816DE49A02D46AC25628996A@GVXPR07MB9678.eurprd07.prod.outlook.com> <SY4PR01MB6251678A7FD714B5CDC26A8FEE96A@SY4PR01MB6251.ausprd01.prod.outlook.com> <42ca27dada0f3c27d813d0d37446d078@ucc.asn.au>
In-Reply-To: <42ca27dada0f3c27d813d0d37446d078@ucc.asn.au>
Accept-Language: en-NZ, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SY4PR01MB6251:EE_|SY8PR01MB8791:EE_
x-ms-office365-filtering-correlation-id: e023761b-7221-45f9-09ec-08dc01d20da9
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: nwQbI6u6248yXCr0zLZo2zULjuWI05fZoFSJBaCG/4fKl4UphMaD7H5rSDS8MQVsD1gLBR1L2AIDe/nidLpj9+X7B+sZFKydMVJWDCEzl0CiWzsjTesDWaLSUAyEPTZrC6OO+/A3UCIveZYRxGLHZVbGiWmIGuqHbceIYvO7vp2ueClpG95KsOqYr5KUY+So0spBoOmpS6O/qFeEliGAY2WAVmPgcNeGoFAw5p6yHoiAuPNw1RVGYdUGRJzfYqkYinPPChLHfTwoKKhQ+JRBvpzZKUOjfZPtfUCdXG/11NMXJiu9AkYwkUZfEULWRSq+XPXFeE0/2NjYfsENjlXYCU5misBi5wpJBCw4X5CTKxiZ5ZDo5vnEKaU+OU/5GyW6AM0g6aagp2t5BDGtFTmgWU+qnEkcYaHcB0/GOwh3BlD+4g1FJMi1ZaDNWw0ceZtPCD1EQaBuqRFr5y/MgWCEeHAwHEs/O3AKTFflJqe3iBU+M6fORXnYhTWkIsPGKwBguFU/13jP7PUfgiEnb50YY3/qpqI4gsn/RU3y5+6YazLLbmKUWx//4/v/xMkYEtmDu2xB1+qi6Uf/XkzythT0wRJiPfOB702vTs9TXZVFImh/X6znMBlHc07kgP4GQX2t
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SY4PR01MB6251.ausprd01.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(346002)(136003)(376002)(39860400002)(396003)(366004)(230922051799003)(1800799012)(186009)(64100799003)(451199024)(478600001)(7696005)(26005)(71200400001)(6506007)(9686003)(66446008)(64756008)(66476007)(6916009)(52536014)(66556008)(66946007)(55016003)(76116006)(8676002)(83380400001)(8936002)(4326008)(2906002)(5660300002)(54906003)(786003)(316002)(38100700002)(33656002)(122000001)(41300700001)(38070700009)(86362001); DIR:OUT; SFP:1101
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: xCMcFGKMEyhxpENji/Ctx+tbfTy0cetV4p32TmHfsiLfhrfRiefmNlCCXgHJRmLNiQBED9BTGg10+KJ5Y/n8v6YiN6WwbMenerLKs2pCDaU03yCcQaLMvmir9WN4FYiFAUtZz/DDmgcUrlqWvOauiNM6D3y6nIBc6h3LZpMsbHfFbs11VeDOqCIaHPIaIPa7bbTRA+zzPK3k/FNqVWQDfw6Y2ik92czSbC25jixD/kigxT+z4zMNJQLyo8ylQSLzyNRJMjt7z6xnuGGQrZJcneNpPG3fpFPvrmWvTJ7uER6uN1Ypzcz1tn6W3eGDc3GUIoCA7WE1OSIkw/fnG1540NYiXnQx7iP+lNYahUQGv29+ub3DUevB6KC9mkRtoNQl/u291OI+222dUQ7KZn92T1FAJWFy7q2bUxKS9Yxdac84TH+NkNPb2xgr2Bs56BKe6f2+gwEaDQKkzeVBaj/8o//aMbII5pwf1csCfdRI0wP/Xqrt0wu1b2mqDGTwxdljEOvnxHeidUSsIW2lIcCmjR5+PDlQHs9p51dUOM/Iz7T5M/fXP6YITSUnWjZLX6XQTemPdKfVJxIWqiU1lp/GRIZ+FYc6IJ3ieFkSHscAwHrOV6QcHg65euqEBXt+bRy/sQutl5yHJ9J/tK9p4y7ZiyDpXcoVKSUGaO7qEH/zUClBkpAAPWgK2iS2igk7U3nC9WY63wfrbHwhB+kOdGGd8TGzOLtBPRnjLQs+XxsnocDktLO/McD65/iKCtSm0srsEljuNPUf/eUvKkxGwToq8Xa3XBzUATWELiV93UiJYZACMYcAfmtxBAHe+jCbFu7/EM/nnEDYQamxpdgnfQxDb6BPcnZHdvdlQ8yRmrsa+/Ux9CRfvMPHWMAfA2Luix5xiNLqQqpJraZU37oNzdJ6ImCFj+WctPEwz9bRux7OdqQG5u9PvKpeeyGoakgNHu+XvWt6M7Y7E9f3/Nvf/4iPVgW6jEFM5jgB8ACl1caAX09Ne7xQTYDw1GZ1QTrdtKcKpguDmptSPuMSisbwnEBKHbeTmdPGOw+nJdjRxyrBs4RAhHoNM3y5WyRfSPUGG4qx+Faz8sV+rgCp2CkcULfvu9UWBZcnDMN2HuyaEhznAUNhIsAmVhb/ftEoRpgtS6Wy22tgUWpc0JGBCWLNwUcIKVDPiPMug+xd75TbhneihLjrozjwed43P22oLZLzTLJ6HQkxwOS+KhMekFSnP7CWelc4chSrt1UFvdOR6jXKzXFbZQquSitb6fAzaHrCyk51PNHbq6Yy0FVfnz39Q8M1lL2k/stJXwl3jqNJVLWr5d1YJTZldMU9owlVxjgZtJL2VDNpCNRdCJGKt5vTS+jkxABizCbKH0TC+laz6ab6ajVUyrdcBBnK3ahwyBO9u7hlHhB/9Eu7A1tMNJvb1/SMdYWLdB5RCo88EfRRiWxJDf7pc0th8IRPRdrmek9BfecDB7aLS9x67EsObNF6KUcxErkBTf5OKxYPD/ZNF4ZX/3LG0vew5GBZULp75SFVxL8Ak839TwWkVCQ3ZGHtVVo9jpzOWQi9Pbh8V9vkkhogCFM6JgbPLl0ubY4kbc35/+LX
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SY4PR01MB6251.ausprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e023761b-7221-45f9-09ec-08dc01d20da9
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Dec 2023 03:08:06.2610 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: CbQW54uReNKoCb0sZFWEJURhY2vWcqAWp5WJsIFe87AQ2dE05x/gmBsZ9BatdpqYF7tFXfkPX+/RMwlwfbXIX3cUQx0IB8sq6AdORCcb9q0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SY8PR01MB8791
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/QIRkuLJiV66-cS6_prGrHvFdt5g>
Subject: Re: [Curdle] Time for SSH3?
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Dec 2023 03:08:20 -0000
Matt Johnston <matt@ucc.asn.au> writes: >In discussion of Terrapin I think there's been confusion of server-sig-algs >being security relevant. It's not a security mechanism, it's a compatibility >mechanism. The server decides whether to accept rsa sha1 signatures >(regardless of whether a client thinks it can send rsa sha1 signatures), and >dropping a server-sig-algs extension packet doesn't change that. Ah, good point. So perhaps before everyone rushes out work on their code with a pair of pliers (and optionally a blowtorch), it'd help first to get an idea of what the practical impact of this attack is. I mean, apart from egg on the face what could an attacker actually do that's going to cause a real security problem? Unless you exploit the @openssh.com ping extension (yet another OpenSSH add-on causing problems) you've got a very low probability of removing a message (0.04, CBC-EtM page 10) which even if you manage it probably won't have any security implications. What happens if you leave it as is, or at least mark it as "for future attention when the opportunity arises"? Peter.
- [Curdle] Time for SSH3? John Mattsson
- Re: [Curdle] Time for SSH3? Ilari Liusvaara
- Re: [Curdle] Time for SSH3? Peter Gutmann
- Re: [Curdle] [saag] Time for SSH3? Derek Atkins
- Re: [Curdle] [saag] Time for SSH3? Eric Rescorla
- Re: [Curdle] [saag] Time for SSH3? Theodore Ts'o
- Re: [Curdle] [saag] Time for SSH3? Stephen Farrell
- Re: [Curdle] [saag] Time for SSH3? Dmitry Belyavsky
- Re: [Curdle] [saag] Time for SSH3? David Schinazi
- Re: [Curdle] [saag] Time for SSH3? Tim Hollebeek
- Re: [Curdle] [saag] Time for SSH3? Theodore Ts'o
- Re: [Curdle] [saag] Time for SSH3? Peter Gutmann
- Re: [Curdle] [saag] Time for SSH3? Peter Gutmann
- Re: [Curdle] [saag] Time for SSH3? Watson Ladd
- Re: [Curdle] Time for SSH3? Matt Johnston
- Re: [Curdle] Time for SSH3? Peter Gutmann
- Re: [Curdle] [saag] Time for SSH3? Paul Wouters
- Re: [Curdle] [saag] Time for SSH3? Peter Gutmann
- Re: [Curdle] [saag] Time for SSH3? Orie Steele
- Re: [Curdle] [saag] Time for SSH3? Theodore Ts'o