IETF Logo Mail Archive

Re: [Curdle] Warren Kumari's No Objection on draft-ietf-curdle-ssh-curves-10: (with COMMENT)

"Mark D. Baushke" <mdb@juniper.net> Tue, 03 September 2019 17:28 UTC

Return-Path: <mdb@juniper.net>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAF47120233; Tue, 3 Sep 2019 10:28:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xhb1sizOvSO9; Tue, 3 Sep 2019 10:28:04 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1ED3B1208D9; Tue, 3 Sep 2019 10:28:04 -0700 (PDT)
Received: from pps.filterd (m0108159.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x83HO3I0020733; Tue, 3 Sep 2019 10:27:44 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : cc : subject : in-reply-to : references : from : mime-version : content-type : content-id : content-transfer-encoding : date : message-id; s=PPS1017; bh=voexYl6l0EGWtanv9noQpAtBgsyCvR5KLKXf7yEoudk=; b=g8+gF0WinAHSpJKzIPB3ruQxW/UYlhV1ZxRlhUplsZLUxrw0SVmeGL3ChPjQTTDZyrbk IwZ/cQbKfUwqiIN23kHtCHlllcDST1wk8c5luUYUN0KCdjpe1iRUYTXW5dI260PYCfFz sgIkRGAIL4HDwTuWsEmqzCZcTcqh6WLjLgY7Ey44Ua/J81+ZRtXKak3dUuA9LrwybfRS pxgod+N5Qp0ZCOoHPGau7j7ahQpdtKSqb8GoozyeDCpDOFhlsBPOLJbNnJxYTcMyTc1k Uo3A0w0HSlpAsJm+JSEZLrJh66bPdkXdvwhJ3x6k5GE9dFlU3oH7ViQfKNhZXqIJrfaE OA==
Received: from nam01-sn1-obe.outbound.protection.outlook.com (mail-sn1nam01lp2057.outbound.protection.outlook.com [104.47.32.57]) by mx0a-00273201.pphosted.com with ESMTP id 2us7ap1wu8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 03 Sep 2019 10:27:44 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=F80aoB54BbKqX4B7XwyRKMwLxisp4+MHrohSY5JNsRtu1WCvj5NWkOKMH8FGuZB5OZ2lt0lzbZxsS+zLEBnwbQvFiouSEkeJ3jdc11rcDMnUDCzj34wvu/Ll1yPiOG9c9TyZqpsgTxC+8kHEfYsnKg28+nkMAaetIzoyg8OTuq4l5Jyt/wzv+aV1x/gC6KY1SFfJQceWo4tHgiAH+yMUs6Mc1qaZ1/BTRTt576f2BelocpX4kt4M/dUHeKdcc78aq9nvkAulhxK3OtgMNegHyV9tTDQBaF77QXu6pvSvvbIAu8CPef1qyV0odbia4kv6HoYPKjSYlEGBE6c578SNEQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=voexYl6l0EGWtanv9noQpAtBgsyCvR5KLKXf7yEoudk=; b=Wq8FTX/nOr1MOx3i8+BfvmYz17Ki17aVCOIlVHgA83tBMXfyajVz9DfNTQqNivlwcz+ddV1Pjppr9ZDuHuV1nOfuuY2FYnipMHmztcI4g3XmTgUVe5Wgp+oFeCgNPiTUNChqhKh55cIvrl2jQt9p+4BwwjKDf/ffgt1SeUoIR6P+kCvhiXLbV87b0LTznhaioWPO7UaJfmi/G6r+bBdbOkPXCOLRLjbmVMErHVCyDXyWSI4BtEeE36RTZenpsQtIPFgWUAX5Y41GF4ndwKSM6lmU/IJTSojR1ej0Ksb7G77rgrtBQcu59uUXNe9A6JUYXNZ/vFzpBSSFIFHAY8W6IA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip is 66.129.239.13) smtp.rcpttodomain=ietf.org smtp.mailfrom=juniper.net; dmarc=fail (p=reject sp=reject pct=100) action=oreject header.from=juniper.net; dkim=none (message not signed); arc=none
Received: from BYAPR05CA0076.namprd05.prod.outlook.com (2603:10b6:a03:e0::17) by BYAPR05MB6085.namprd05.prod.outlook.com (2603:10b6:a03:dc::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2241.11; Tue, 3 Sep 2019 17:27:39 +0000
Received: from CO1NAM05FT027.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e50::209) by BYAPR05CA0076.outlook.office365.com (2603:10b6:a03:e0::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2241.5 via Frontend Transport; Tue, 3 Sep 2019 17:27:37 +0000
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.13 as permitted sender)
Received: from P-EXFEND-EQX-02.jnpr.net (66.129.239.13) by CO1NAM05FT027.mail.protection.outlook.com (10.152.96.137) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2241.7 via Frontend Transport; Tue, 3 Sep 2019 17:27:35 +0000
Received: from P-EXBEND-EQX-03.jnpr.net (10.104.8.56) by P-EXFEND-EQX-02.jnpr.net (10.104.8.55) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Tue, 3 Sep 2019 10:27:33 -0700
Received: from P-EXBEND-EQX-01.jnpr.net (10.104.8.52) by P-EXBEND-EQX-03.jnpr.net (10.104.8.56) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Tue, 3 Sep 2019 10:27:33 -0700
Received: from p-mailhub01.juniper.net (10.104.20.6) by P-EXBEND-EQX-01.jnpr.net (10.104.8.52) with Microsoft SMTP Server (TLS) id 15.0.1367.3 via Frontend Transport; Tue, 3 Sep 2019 10:27:33 -0700
Received: from contrail-ubm16-mdb.svec1.juniper.net ([10.163.18.199]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id x83HRVbn022317; Tue, 3 Sep 2019 10:27:31 -0700 (envelope-from mdb@juniper.net)
To: Aris Adamantiadis <aris@badcode.be>
CC: Warren Kumari <warren@kumari.net>, The IESG <iesg@ietf.org>, draft-ietf-curdle-ssh-curves@ietf.org, Daniel Migault <daniel.migault@ericsson.com>, curdle-chairs@ietf.org, curdle@ietf.org
In-Reply-To: <27bf18c7-7028-dc2a-54d6-2f98f98e7328@badcode.be>
References: <156752357052.9594.7566059219592586096.idtracker@ietfa.amsl.com> <23919.1567526907@contrail-ubm16-mdb.svec1.juniper.net> <27bf18c7-7028-dc2a-54d6-2f98f98e7328@badcode.be>
Comments: In-reply-to: Aris Adamantiadis <aris@badcode.be> message dated "Tue, 03 Sep 2019 18:42:24 +0200."
From: "Mark D. Baushke" <mdb@juniper.net>
X-Phone: +1 408 745-2952 (Office)
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
X-Face: #8D_6URD2G%vC.hzU<dI&#Y9szHj$'mGtUq&d=rXy^L$-=G_-LmZ^5!Fszk:yXZp$k\nTF? 8Up0!v/%1Q[(d?ES0mQW8dRCXi18gK)luJu)loHk, }4{Vi`yX?p?crF5o:LL{6#eiO:(E:YMxLXULB k|'a*EjN.B&L+[J!PhJ*aX0n:5/
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <26772.1567531651.1@contrail-ubm16-mdb.svec1.juniper.net>
Content-Transfer-Encoding: quoted-printable
Date: Tue, 03 Sep 2019 10:27:31 -0700
Message-ID: <26773.1567531651@contrail-ubm16-mdb.svec1.juniper.net>
X-EXCLAIMER-MD-CONFIG: e3cb0ff2-54e7-4646-8a04-0dae4ac7b136
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:66.129.239.13; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(979002)(4636009)(136003)(396003)(376002)(346002)(39860400002)(2980300002)(189003)(199004)(81166006)(86362001)(476003)(446003)(81156014)(8746002)(11346002)(70206006)(486006)(126002)(8936002)(4326008)(316002)(8676002)(117636001)(50226002)(336012)(47776003)(966005)(305945005)(478600001)(2906002)(97756001)(50466002)(26005)(7696005)(23726003)(97876018)(76176011)(70586007)(54906003)(6916009)(426003)(5660300002)(186003)(53936002)(6246003)(6306002)(229853002)(46406003)(4744005)(356004)(62816006)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR05MB6085; H:P-EXFEND-EQX-02.jnpr.net; FPR:; SPF:SoftFail; LANG:en; PTR:InfoDomainNonexistent; MX:1; A:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 5a92f380-9972-4ec2-65a8-08d7309403be
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(4710121)(4711137)(1401327)(4618075)(2017052603328); SRVR:BYAPR05MB6085;
X-MS-TrafficTypeDiagnostic: BYAPR05MB6085:
X-MS-Exchange-PUrlCount: 1
X-Microsoft-Antispam-PRVS: <BYAPR05MB608552C5C94C58D8666DF6DCBFB90@BYAPR05MB6085.namprd05.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:7219;
X-Forefront-PRVS: 01494FA7F7
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: mKovOiIeNcTOsG23J3rUYB/4cAwmO83z4pQIVo+JEMR1EPhdOZdGGCZjz559n1YvD8OliJh+vHn8Qkz6nd/Cop+kIE7XrF3FEiI6f2C4+R1EnJajJjJ8nZkJicmlOOGKnyQFkX5AMYmk5ZzLY72b6rJeydbqFP96Ogu+NOzqC/XuXWA454zIhMCVukZTfRRUtX7U2xUu3OPCvcX/+7a08LBBv4rv0wmFHsnQx0ij/6BIArjsoaqrE1IUvBEyiTn7KSFZWz9fPMMK4H6SYA0ViCnloceVvAYFGLRXuKrPx+WK3YP2iDbbr1ONQSHK2ayjIWrdKeKgX54y9I4gj807sFv2vvJ3nQ1kDlNK3s0GwYd+vk/wxo4YK8guno+vuzMbM6zju16h+IRsSBqmix1dHPLafi7zw9rzKvaqNhi9s5w=
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Sep 2019 17:27:35.6384 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 5a92f380-9972-4ec2-65a8-08d7309403be
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.13]; Helo=[P-EXFEND-EQX-02.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR05MB6085
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.70,1.0.8 definitions=2019-09-03_03:2019-09-03,2019-09-03 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 malwarescore=0 lowpriorityscore=0 bulkscore=0 mlxscore=0 impostorscore=0 spamscore=0 priorityscore=1501 suspectscore=0 mlxlogscore=798 clxscore=1011 adultscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1906280000 definitions=main-1909030176
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/WnlrUWWIDj_cf5Iz9Up-HFOfVfI>
Subject: Re: [Curdle] Warren Kumari's No Objection on draft-ietf-curdle-ssh-curves-10: (with COMMENT)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Sep 2019 17:28:21 -0000

Hi Aris & Warren & Ron,

With a two of three majority, I will remove the "Copying Conditions"
section.

Regardin the key agreement abort. Here is the revised text...

        ...elided...
                    Alternative implementations of these functions
        SHOULD abort when either input forces the shared secret to one
        of a small set of values, as described in Section 7 of
        [RFC7748].  Clients and servers MUST fail the key exchange if
        the length of the received public keys are not the expected
        lengths. An abort for these purposes is defined as a
        disconnect (SSH_MSG_DISCONNECT) of the session and SHOULD use
        the SSH_DISCONNECT_KEY_EXCHANGE_FAILED reason for the message
        <xref target="IANA-REASON"/>.
        ...elided...

Where IANA-REASON is an information reference to the URL

    http://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-3

(which extended the RFC4250 and RFC4253 number space to include private
values).

Should I upload the latest revision now or wait for more comments?

        -- Mark

v2.23.0 | Report a Bug | By Email