Re: [Curdle] Adam Roach's Discuss on draft-ietf-curdle-ssh-ext-info-12: (with DISCUSS and COMMENT)
denis bider <denisbider.ietf@gmail.com> Wed, 13 September 2017 05:34 UTC
Return-Path: <denisbider.ietf@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA79813306C; Tue, 12 Sep 2017 22:34:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KsA9QT5YM4H1; Tue, 12 Sep 2017 22:34:11 -0700 (PDT)
Received: from mail-lf0-x234.google.com (mail-lf0-x234.google.com [IPv6:2a00:1450:4010:c07::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1516D129B7A; Tue, 12 Sep 2017 22:34:10 -0700 (PDT)
Received: by mail-lf0-x234.google.com with SMTP id d17so31331420lfe.2; Tue, 12 Sep 2017 22:34:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=t7UZhdbe5Pn3fGwwf7TjBqeXxzCU0dV+rnpI0rxtFdc=; b=UBd/uxzfDL2zGsahRKaPyC8K7mFmpjMZIxbCbKd0ntoyI3ZXL6a7lxBW4csJuZZuZN AoqgJ5m9kSAIW8+x5yPvv02cGY5IAFjAGfeey50IgtRvPd6uA/texAEW8Bz/gENWVGi1 zaCCcO2R6zJbhrT5uBnWD2JsKagzfCJdct0YkyqFabmMFf/TWWeNQ+X2yyV2M9RZl1BK ysYrUH3LDtG+ws7HD0sZXGS6gNQXBxdOkIr67p1oo9KmUOjXysZjW6BYli4N8K1KEQ2E OlA1cvpqQqApsSMu11234zRjdc/rBrHUHpTvn3slC24uL6NDhYbKu89G0zO6K7nEOchi Bgfg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=t7UZhdbe5Pn3fGwwf7TjBqeXxzCU0dV+rnpI0rxtFdc=; b=SI9YZzF3FXoDoib8VECpXLdf9Il+VDgc3t88TevkF4EpEuUFOWxEZTPd7DyquHfk+t UeJpKz5XD54/NB4EIkXlrRmZY001opLcy6Pc1680tOXqfEBP4obzPhAJbOiKVG/BZUuq SW+Hfu2OAq1+yZP/fBmJgQZMwUl5S22tcsc2ALCsSsLj8Bn0BuC8tfPjDCuZxmWPPTS0 LheB/OxZGr2+VhEkDrKS6tFXTuq7iSxkzwqFhnXRc9YxH4po+yKrYgyMKIGR8fHchcm/ ClqblH2SmiLi1GbV6Doe8QuGidHcFa5CAnTPGn/JBmIuO6ljy/9DPXdOpXUMa8kalq/d ktJg==
X-Gm-Message-State: AHPjjUil3F3bag5zMzDqsUkdSsvW7FkJc/HpBgU963kC5jwygDj3YG+I VibyLT7SlRQyE3SIk8wywoGZx6ZWYCTO42muIk0=
X-Google-Smtp-Source: AOwi7QDbt7e+qhXV2BJMvizQ34Lu5IfPljk9Dc6VMeCiC0gqiJWHhYxaC2QRaePP0lByLD6a8eiFNJHFtB0EuvUngZw=
X-Received: by 10.25.18.195 with SMTP id 64mr5283934lfs.60.1505280848939; Tue, 12 Sep 2017 22:34:08 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.179.27.209 with HTTP; Tue, 12 Sep 2017 22:34:08 -0700 (PDT)
In-Reply-To: <150525503378.30416.5679611796140295482.idtracker@ietfa.amsl.com>
References: <150525503378.30416.5679611796140295482.idtracker@ietfa.amsl.com>
From: denis bider <denisbider.ietf@gmail.com>
Date: Tue, 12 Sep 2017 23:34:08 -0600
Message-ID: <CADPMZDBOe+whUyyUzgkL80OsgqNNjXA2yGwxRQpKuYrbtLzQjw@mail.gmail.com>
To: Adam Roach <adam@nostrum.com>
Cc: The IESG <iesg@ietf.org>, Daniel Migault <daniel.migault@ericsson.com>, curdle-chairs <curdle-chairs@ietf.org>, curdle <curdle@ietf.org>, draft-ietf-curdle-ssh-ext-info@ietf.org
Content-Type: multipart/alternative; boundary="001a113fb8f849cfdd05590b8230"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/T00iTgsb4zQj7HtFMFIxtJXAdGw>
Subject: Re: [Curdle] Adam Roach's Discuss on draft-ietf-curdle-ssh-ext-info-12: (with DISCUSS and COMMENT)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Sep 2017 05:34:14 -0000
Comment 1: Good point. Example is useful. Will add example. Comment 2: This is meant along the lines of "*If* the server sends a second EXT_INFO, it MUST be sent at this point". Will look into clarifying the language. On Tue, Sep 12, 2017 at 4:23 PM, Adam Roach <adam@nostrum.com> wrote: > Adam Roach has entered the following ballot position for > draft-ietf-curdle-ssh-ext-info-12: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-curdle-ssh-ext-info/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > I am concerned that the syntax of "delay-compression" is not specified with > enough detail to ensure compatible interoperation. I may have missed > something > in the protocols this document relies upon; but if I haven't, I think this > needs additional specification. > > The current definition for "delay-compression" is: > > string "delay-compression" > string: > name-list compression_algorithms_client_to_server > name-list compression_algorithms_server_to_client > > In reading through this document (and skimming RFC4251), I don't see > anything > that indicates the on-the-wire encoding for "string containing multiple > name-lists." I suspect that the intention is something like > [string-length][list-length]value[list-length]value; however, that > requires > making a number of unstated assumptions, and I doubt that all implementors > will > make the same assumptions. > > To be clear, what I mean by my formulation above would result in the value > field of client_to_server="foo,bar" and server_to_client="bar,baz" being > encoded as: > > 00 00 00 16 00 00 00 07 66 6f 6f 2c 62 61 72 00 00 00 07 62 61 72 2c 62 61 > 7a > > If this is the intention, please be explicit (and, ideally, provide an > example). > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Section 2.4: > > (*) The message MUST be sent at this point for the following reasons: > > It's not clear how this normative requirement interacts with this MAY: > > The second opportunity is just > before (*) SSH_MSG_USERAUTH_SUCCESS, as defined in [RFC4252]. The > server MAY send EXT_INFO at the second opportunity, whether or not it > sent it at the first. > > One seems to merely allow it, while the other seems to demand it. Could > you add > some text that clarifies this apparent contradiction? > > > _______________________________________________ > Curdle mailing list > Curdle@ietf.org > https://www.ietf.org/mailman/listinfo/curdle >