IETF Logo Mail Archive

Re: [Curdle] [saag] Time for SSH3?

David Schinazi <dschinazi.ietf@gmail.com> Wed, 20 December 2023 20:37 UTC

Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35CDEC14F617; Wed, 20 Dec 2023 12:37:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PIS6KGphjYUd; Wed, 20 Dec 2023 12:37:07 -0800 (PST)
Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59A68C14F5F1; Wed, 20 Dec 2023 12:37:07 -0800 (PST)
Received: by mail-lf1-x12a.google.com with SMTP id 2adb3069b0e04-50e2168ab09so186889e87.0; Wed, 20 Dec 2023 12:37:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1703104625; x=1703709425; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=7MfasvnjQAUCpswX9QqwfbU/RJ9kYHzTwJEVY7CJzLU=; b=PivM8roqv/W2ng1z3atrksg6NxJqkdZORs4d+LFVUPP583+jQLRJIsoulc23y3gHAw 4B5KVQWau6CwzGKsWjwXrSmV5SKP6jG0LFLFDF8TXo7izloe568FhUieMDB7X83mGF+V axXNtp5V9lSNmC/fn1NAO27CEGW5+xp3bYuvCVByYFs4DDr0CSVRMj2G0Kmq1cKLR72D /6AK0PIdc0CwINeMJwYMzbZ7aBGkSmlIUJfBbTt/PjRmRKIBCvCv9OkMjZePnfbo/sdc eNBGWBH43DSy4Apey7EbLleZnQPQwrTX1gvCH6IZH3FoRP9IHW8DGLRlb2qVcaU36iKs duzg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703104625; x=1703709425; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=7MfasvnjQAUCpswX9QqwfbU/RJ9kYHzTwJEVY7CJzLU=; b=qAmc5goZLDdib9IFBXoRLEuh49zfNy1pTqh2OjsZRJoaBDzM+VykF0WgrBoNevtMhA ZuShnSeYrJwBVTxbXguc0wzMOqpgDzNFfg3bqRCCVFH0QHUUQXwmudxH2XpibOPfA2Vr vpyEapuzVKSIz6yNVTRdoVy2Jlk1wLM/k1xjK8oJBKFSZIjQ9be9XHinf6e5O0sbZhgl F4N+ol/eX5/Lb4U0oKtkx751eyUjaF8r2EbES3dcsR6kFcd5xbOx+8RFcuOMYUXlSX36 BbwQGrTj7hq3IWMafZA3ztpRRl7yAPkq26cOOZiJ7pOH2Igdr3CwT41f8N2PR9L3i9aG MWZw==
X-Gm-Message-State: AOJu0Yxa9pVQEmoupL2MxV3YaFo61HQ+i5R61F2hztNeyaWFxzmE3mBF o8B307TssXkoUM0y1govkkwZQUZrJvlBBqjOXvuQ+yQ3L80=
X-Google-Smtp-Source: AGHT+IEdXF6HD6hSJdF9zCzTtApBvnoSAxs1UJwuYeDbLLvlr8dFcvTGpRL89zvswIeah0niHRnYcDnhcE5WOz+FqBk=
X-Received: by 2002:a19:6d0b:0:b0:50e:2e79:eb2 with SMTP id i11-20020a196d0b000000b0050e2e790eb2mr3267070lfc.14.1703104624672; Wed, 20 Dec 2023 12:37:04 -0800 (PST)
MIME-Version: 1.0
References: <GVXPR07MB96789816DE49A02D46AC25628996A@GVXPR07MB9678.eurprd07.prod.outlook.com> <SY4PR01MB6251678A7FD714B5CDC26A8FEE96A@SY4PR01MB6251.ausprd01.prod.outlook.com> <30cd214d9666d142cd8987ead79d5b42.squirrel@mail.ihtfp.org> <20231220163501.GB297455@mit.edu> <2b86631f-1d3c-4a58-a668-233d36368a36@cs.tcd.ie>
In-Reply-To: <2b86631f-1d3c-4a58-a668-233d36368a36@cs.tcd.ie>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Wed, 20 Dec 2023 12:36:53 -0800
Message-ID: <CAPDSy+5=LjQ6Tk_s_-61dbSZ+Bd39OCQE9iyH+8fR3cv6ZfiMg@mail.gmail.com>
To: saag <saag@ietf.org>
Cc: "curdle@ietf.org" <curdle@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002b4663060cf6f232"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/XVkmNl83fUepNZCFTKRgottP1p0>
Subject: Re: [Curdle] [saag] Time for SSH3?
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Dec 2023 20:37:11 -0000

I wouldn't compare SSH2 -> SSH3 to IPv4 -> IPv6. IPv6 has been taking
forever because it requires changing every router on the path. A better
comparison would be TLS 1.2 -> TLS 1.3, or HTTP/2 -> HTTP/3, as those only
required modifying the endpoints (for a specific definition of
endpoint...). And that transition happened quite quickly. I do think it
makes sense to consider rearchitecting SSH like we did for TLS, but I agree
with Stephen that we'll need the developers of popular SSH stacks to be
enthusiastic about such an effort for it to have any chance of success.

David

On Wed, Dec 20, 2023 at 8:37 AM Stephen Farrell <stephen.farrell@cs.tcd.ie>
wrote:

>
>
> On 20/12/2023 16:35, Theodore Ts'o wrote:
> > Moreover, if IETF tries to standardize a completely incompatible
> > protocol rewrite without close coperation with development team(s) of
> > the dominant implementation(s), the precedent of IPv6 of taking
> > **decades** to be fully rolled out may be the more relevant
> > comparison.
>
> +1 - if the main developers of SSH implementations were up
> for starting work on an SSH3, then it'd be a good plan. If
> they're not, it'd likely be a bad plan.
>
> Cheers,
> S.
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle
>

v2.29.0 | Report a Bug | By Email | System Status