IETF Logo Mail Archive

Re: [Curdle] Warren Kumari's No Objection on draft-ietf-curdle-ssh-curves-10: (with COMMENT)

"Mark D. Baushke" <mdb@juniper.net> Tue, 03 September 2019 16:08 UTC

Return-Path: <mdb@juniper.net>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4B7D12013A; Tue, 3 Sep 2019 09:08:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Efk36tPodY-3; Tue, 3 Sep 2019 09:08:43 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51F45120013; Tue, 3 Sep 2019 09:08:43 -0700 (PDT)
Received: from pps.filterd (m0108162.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x83FxUB6020840; Tue, 3 Sep 2019 09:08:39 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : cc : subject : in-reply-to : references : from : mime-version : content-type : content-id : content-transfer-encoding : date : message-id; s=PPS1017; bh=6pSuOXmplKapauuSEtfGfuKkFhPtWeepPv5ovqaaSuM=; b=pp6GHwABvotDAcfCxu/SwCbgp02IzLcq+MdLN9EdycZ509EufP2co+gwJOj00Q3S1uRs ssR+O3vdwFeUXWnYAOCngv24NE2UT3XRBClNVYqgEDTLQvd+1xL15lvRWF3ijn1yOV0C 2FcbhpPPWmbYQ4c5FX1JGmJykJx57cgXoXMMD0Pi9jIoJbMB/44D6wYUZKgnTmnWbBcW HDJB7t0DP9qSJnbPdpZeeV2NFFfiEGbw57F2HQgozRpFk7KcgoORv+agAwWDcv22EDX6 xJblNgL/IZQFhBhTIjnTCK7PBqkPeYsgRT7mJiYUFKq/FWrOGd0PHSAPK+C0DPCe9Hur BA==
Received: from nam03-co1-obe.outbound.protection.outlook.com (mail-co1nam03lp2059.outbound.protection.outlook.com [104.47.40.59]) by mx0b-00273201.pphosted.com with ESMTP id 2uqq594vgw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 03 Sep 2019 09:08:38 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GAMLlyZTfUciZF3aPITjjlTLRGqkKW7RC6JnCyaPuLc2GRpR1V/8fi9dVOD/O20QBd08SPeoH8E4HfKtG6yYeLGFt+II4k7ZTZd1m1qlkUgn1e6Xq22RiLmFrRbH98nhm6u8dMsxOttvVRtcAKQzgEZpR2lN9p4sdY3H8cJeTIn0kW+06MznKUxJ9bkiQ4QxsD6i24w/XVR17tLnPVudcYUWokmDKNpPyEVL2iusu4u13bQyS2UyMDoPRQ2lDioFKqb0KO6jqKCQuX1JxB12Uju9VB7xL/daKc/xe76SRh0qQ60lksXBfgPpPFCicVsjduvUy0WnaJQ/brn9Ki5sqg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6pSuOXmplKapauuSEtfGfuKkFhPtWeepPv5ovqaaSuM=; b=bqInkupA8o8c/ypaEQprNe31qF/WkmzPGTLe8mGNe1ozIwsj5uG6aowAgkrl/1GQrPldaoTJ1fVqOwF8abIfCau5pQJX6xxCa/30BJ1fhfqXjk6DMbWcpmlLhv67WHh/RArKokVWj3sg6ZJfpMTss6SzaVk3mrOL7Rw7Puhu52V4QCmxhzoYDgeMtjFdgUCkUKcbYOUXrp+CzqZ1C+WTtGjzo6iYP17YEwnJnewrIfSVkc5qVgjprfNK4qfBE2JV/+YIldWEWZmumxwq7x5ZqWqEvgl5oX4hxQQNXrq+Xfpw2gptcC15ARNz2tRIHGosRoswkWhtvZ1mSR/+xoibqQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip is 66.129.239.13) smtp.rcpttodomain=ietf.org smtp.mailfrom=juniper.net; dmarc=fail (p=reject sp=reject pct=100) action=oreject header.from=juniper.net; dkim=none (message not signed); arc=none
Received: from DM6PR05CA0013.namprd05.prod.outlook.com (2603:10b6:5:f8::26) by DM6PR05MB5066.namprd05.prod.outlook.com (2603:10b6:5:7d::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2241.5; Tue, 3 Sep 2019 16:08:34 +0000
Received: from CO1NAM05FT062.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e50::202) by DM6PR05CA0013.outlook.office365.com (2603:10b6:5:f8::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2241.9 via Frontend Transport; Tue, 3 Sep 2019 16:08:34 +0000
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.13 as permitted sender)
Received: from P-EXFEND-EQX-02.jnpr.net (66.129.239.13) by CO1NAM05FT062.mail.protection.outlook.com (10.152.96.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2241.7 via Frontend Transport; Tue, 3 Sep 2019 16:08:33 +0000
Received: from P-EXBEND-EQX-02.jnpr.net (10.104.8.53) by P-EXFEND-EQX-02.jnpr.net (10.104.8.55) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Tue, 3 Sep 2019 09:08:33 -0700
Received: from p-mailhub01.juniper.net (10.104.20.6) by P-EXBEND-EQX-02.jnpr.net (10.104.8.53) with Microsoft SMTP Server (TLS) id 15.0.1367.3 via Frontend Transport; Tue, 3 Sep 2019 09:08:32 -0700
Received: from contrail-ubm16-mdb.svec1.juniper.net ([10.163.18.199]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id x83G8R0O008887; Tue, 3 Sep 2019 09:08:28 -0700 (envelope-from mdb@juniper.net)
To: Warren Kumari <warren@kumari.net>
CC: The IESG <iesg@ietf.org>, draft-ietf-curdle-ssh-curves@ietf.org, Daniel Migault <daniel.migault@ericsson.com>, curdle-chairs@ietf.org, curdle@ietf.org
In-Reply-To: <156752357052.9594.7566059219592586096.idtracker@ietfa.amsl.com>
References: <156752357052.9594.7566059219592586096.idtracker@ietfa.amsl.com>
Comments: In-reply-to: Warren Kumari via Datatracker <noreply@ietf.org> message dated "Tue, 03 Sep 2019 08:12:50 -0700."
From: "Mark D. Baushke" <mdb@juniper.net>
X-Phone: +1 408 745-2952 (Office)
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
X-Face: #8D_6URD2G%vC.hzU<dI&#Y9szHj$'mGtUq&d=rXy^L$-=G_-LmZ^5!Fszk:yXZp$k\nTF? 8Up0!v/%1Q[(d?ES0mQW8dRCXi18gK)luJu)loHk, }4{Vi`yX?p?crF5o:LL{6#eiO:(E:YMxLXULB k|'a*EjN.B&L+[J!PhJ*aX0n:5/
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <23918.1567526907.1@contrail-ubm16-mdb.svec1.juniper.net>
Content-Transfer-Encoding: quoted-printable
Date: Tue, 03 Sep 2019 09:08:27 -0700
Message-ID: <23919.1567526907@contrail-ubm16-mdb.svec1.juniper.net>
X-EXCLAIMER-MD-CONFIG: e3cb0ff2-54e7-4646-8a04-0dae4ac7b136
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:66.129.239.13; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(4636009)(376002)(346002)(136003)(39860400002)(396003)(2980300002)(199004)(189003)(81166006)(446003)(426003)(186003)(6246003)(53936002)(70586007)(19627235002)(117636001)(966005)(46406003)(97756001)(126002)(11346002)(23726003)(476003)(486006)(26005)(86362001)(97876018)(8746002)(229853002)(6916009)(8936002)(70206006)(356004)(478600001)(4326008)(54906003)(7696005)(76176011)(50226002)(316002)(336012)(2906002)(305945005)(47776003)(5660300002)(66574012)(50466002)(81156014)(6306002)(8676002)(62816006); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR05MB5066; H:P-EXFEND-EQX-02.jnpr.net; FPR:; SPF:SoftFail; LANG:en; PTR:InfoDomainNonexistent; A:1; MX:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: b9c06345-d77a-4f65-aa63-08d73088f894
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(4710121)(4711137)(1401327)(4618075)(2017052603328); SRVR:DM6PR05MB5066;
X-MS-TrafficTypeDiagnostic: DM6PR05MB5066:
X-MS-Exchange-PUrlCount: 2
X-Microsoft-Antispam-PRVS: <DM6PR05MB50669A47A22E4DB548424889BFB90@DM6PR05MB5066.namprd05.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:7219;
X-Forefront-PRVS: 01494FA7F7
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: hhDAOPkTE0YRAuFd19aJACxVw0rANvSD7i7Fv66elpfhzKWXuTOokutGtVWY3yIE7lLc+JIFKo9XWXxkmL7u2xgRYbVxUYCS4/N/1yg4vsyk/AJf0B2Pg4JCR6MOvWekTZPMlJ8fqj7u2/YBcqHr+obGxA3U4eQh7rxq167ofXIK86E9rwPBL6WPsnlhNaiwU8vGASVygSXjlmM8Dj/Ggsq0Mw4RROh4vxpvUXm3oMbyXalpfgEgu4ZTFbaHyt+U+jzv5ga6ItOpo39s79v5rdvJ/LcSKqALcJRM0JmOGRwNGk2V98anm9L1sQYEG0kpUqtqH6sqHCt0nDVr0wd4bp9S+eBWeYJP4KoTRFCB8vw6QejUxpfW4AkIEZfupY7oWMrUwEIPexSAjKPaUmOQXWBGmRcaeuT06+0U577zGBI=
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Sep 2019 16:08:33.7720 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: b9c06345-d77a-4f65-aa63-08d73088f894
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.13]; Helo=[P-EXFEND-EQX-02.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR05MB5066
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.70,1.0.8 definitions=2019-09-03_02:2019-09-03,2019-09-03 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 adultscore=0 mlxlogscore=999 impostorscore=0 lowpriorityscore=0 phishscore=0 malwarescore=0 priorityscore=1501 mlxscore=0 clxscore=1011 bulkscore=0 suspectscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1906280000 definitions=main-1909030164
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/WyEBOHNyVP15ZL3xeQkCvdmb2zw>
Subject: Re: [Curdle] Warren Kumari's No Objection on draft-ietf-curdle-ssh-curves-10: (with COMMENT)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Sep 2019 16:08:49 -0000

Hi Warren,

Warren Kumari writes:
> Mirja beat me to it with the questions re: the additional Copyright
> text -- I'd *thought* I'd seen a reply to that mail, but cannot seem
> to find it at the moment..

My comment was that as I had not introduced the copyright section, I was
not comfortable removing it without approval of the other two authors of
this Draft. I have not yet heard from them on this topic. I have no
objections to the removal myself.

> Also:
>
> "An abort for these purposes is defined as a disconnect of the session
> with an appropriate SSH "protocol error" for the fault provided to or
> by the client. "
>
> Fair enough -- but would it be possible to point at where people can
> go find out what the "appropriate SSH protocol error" is?

Protocol error messages to abort are in Section 11.1 of RFC4253. and the
most likely code would be SSH_DISCONNECT_KEY_EXCHANGE_FAILED (reason
code 3).

See also URL:
https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-3

However, it has been suggested that too narrow a description of the
issue might not be wise.

As this comment has been raised and discussed a few times now. Should I
add a reference?

	An abort for these purposes is defined as a disconnect of the
	session with an appropriate SSH "protocol error" for the fault
	provided to or by the client such as using the reason code
	SSH_DISCONNECT_KEY_EXCHANGE_FAILED for the SSH_MSG_DISCONNECT
	message <xref target="IANA-REASON"/>

I am not happy to be this prescriptive given that I am not certain what
all implementors of this KEX do when the abort happens.

A number of different reason codes might be currently implemented,
including:

           Symbolic name                                reason code
           -------------                                -----------
      SSH_DISCONNECT_PROTOCOL_ERROR                          2
      SSH_DISCONNECT_KEY_EXCHANGE_FAILED                     3
      SSH_DISCONNECT_CONNECTION_LOST                        10
      0xFE000000-0xFFFFFFFF		    Reserved for Private Use


The "IANA_REASON" xref would become this informative reference:

     <reference
         anchor="IANA-REASON"
         target="http://www.iana.org/assignments/ssh-parameters/ssh-parameters.\
xhtml#ssh-parameters-3">
       <front>
         <title>Secure Shell (SSH) Protocol Parameters:
	 Disconnection Messages Reason Codes and Descriptions</title>
         <author>
           <organization>Internet Assigned Numbers Authority (IANA)
           </organization>
         </author>
         <date month="August" year="2019"/>
       </front>
     </reference>


	Thank you,
	-- Mark

v2.23.0 | Report a Bug | By Email