Re: [Curdle] Alexey Melnikov's Discuss on draft-ietf-curdle-ssh-ext-info-12: (with DISCUSS and COMMENT)
Alexey Melnikov <aamelnikov@fastmail.fm> Wed, 13 September 2017 13:12 UTC
Return-Path: <aamelnikov@fastmail.fm>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08F2D133038; Wed, 13 Sep 2017 06:12:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.718
X-Spam-Level:
X-Spam-Status: No, score=-2.718 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmail.fm header.b=dJrwseQO; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=H/jU4q+A
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pXUlsLMU-JJ8; Wed, 13 Sep 2017 06:12:07 -0700 (PDT)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0C8F132D14; Wed, 13 Sep 2017 06:12:06 -0700 (PDT)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id ED27420E04; Wed, 13 Sep 2017 09:12:05 -0400 (EDT)
Received: from web5 ([10.202.2.215]) by compute7.internal (MEProxy); Wed, 13 Sep 2017 09:12:05 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.fm; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=0oNuXG2kvzO7JMb8KFiNgrYCc8PXb F4S5mVdSLxuLuc=; b=dJrwseQOneNYGMkNk4U4gn7GtoFA/uJqEHhy/MaM7teA2 HbvK044Pl5IKm7axWecz/0AQdBeyEqzfz+PvGI3jBtBrOfx4Etf7+3LGvpcvIo2I WMiGMqliM0LP6W7zh7zox4ArotNMlfLCF1wYFsSsQLVFMUi++8DqDtmMtyK5sHhI h/qV53JphScHObYIkeNnuhiGrt0tsyAEbKcmXlrS/Bi5NU5PJG4ltswSaRZxAyvY BTQQqatMiphINM7VFHtHP3bB7qr4ck4tTsQzE4yma8G+CUQUJP0cWPKrrjWXemzM yhyIu93UTQGTA77rsKWAyc+JUQqe6joA/dab7pbOg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=0oNuXG 2kvzO7JMb8KFiNgrYCc8PXbF4S5mVdSLxuLuc=; b=H/jU4q+AzI2M/wqKZGruJo vzbeFYgJcjyEBr+VwLm8oEp281B9WHgQrASOFh8WSn9Cb/KptmJptktiXfFWy4iz InKtXUqBp1C2sXXQB9/hqMSAq9VKy41+mSZwj5i7Sqvxc4skd/DyZUqRj9ufM5Jk DKzEJ3kouyHuEa5/1wSOIYVMVgYmztnvQZrHPohTBJGBEnQn5bnkGvceJ2bcbv4v zwHa24XDLH5k+FEcbQb3vzWrGLJCLDT9U3ZpBDUN9VCKd93coj2l5VFd8PYoiW6Q bJxDcpr4WW+yTEbAzLF7DUf+RHm3SIsrjHZF2ThL4OrdkWzIpAGvAQFv32ZHPurw ==
X-ME-Sender: <xms:pS65Wbs2dlksZIh47rKe6uFuIcIzj4XuEp-4UU4Oh2SusD6Bw99JSw>
Received: by mailuser.nyi.internal (Postfix, from userid 99) id C50909E2E4; Wed, 13 Sep 2017 09:12:05 -0400 (EDT)
Message-Id: <1505308325.2062993.1104706296.3E3DDD7F@webmail.messagingengine.com>
From: Alexey Melnikov <aamelnikov@fastmail.fm>
To: denis bider <denisbider.ietf@gmail.com>
Cc: The IESG <iesg@ietf.org>, Daniel Migault <daniel.migault@ericsson.com>, curdle-chairs <curdle-chairs@ietf.org>, curdle <curdle@ietf.org>, draft-ietf-curdle-ssh-ext-info@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: multipart/alternative; boundary="_----------=_150530832520629931"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-64b08692
References: <150530402783.30467.17664468923363358742.idtracker@ietfa.amsl.com> <CADPMZDAENLRJEhbhYv86L=Q9v9nARtsrkicyPg86yGqrjUP0mg@mail.gmail.com>
Date: Wed, 13 Sep 2017 14:12:05 +0100
In-Reply-To: <CADPMZDAENLRJEhbhYv86L=Q9v9nARtsrkicyPg86yGqrjUP0mg@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/araOtOgCuU7zShvwLiUVVogsxWs>
Subject: Re: [Curdle] Alexey Melnikov's Discuss on draft-ietf-curdle-ssh-ext-info-12: (with DISCUSS and COMMENT)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Sep 2017 13:12:10 -0000
On Wed, Sep 13, 2017, at 01:56 PM, denis bider wrote: > > It is not clear for me from the formatting whether the first > > name-list is sent by the client and the second by the server, > > or both lists are always included in the value. I suspect it > > is the former, but can you please clarify? > > SSH negotiates compression, integrity, and encryption algorithms > separately for each direction. Both lists are sent by both parties. > Not just here, but also in KEXINIT.> > This is used rarely in practice, but this draft keeps to the same > practice, so as not to bundle a reduction of functionality (i.e. > requiring same compression for both directions) in the same package as > an extension (i.e. providing a mechanism for delayed activation of > compression).> > The next draft will include an example of encoding, as suggested by > Adam. This should make things clearer, even for readers unfamiliar > with SSH.Yes, I think this will help. If you can list an example here for both the client side and the server side, that would be great. > > > 1) Sentences like: > > Use of Receivers MUST tolerate any sequence of bytes; including > > null bytes at any position; in an unknown extension's extension- > > value.> > Reads fine to me. Still, I changed these to use dashes. > > > > Can you provide an example of why depending on order > > would be useful? This potentially makes it harder to implement. > > It is the nature of an extension mechanism that it intends to be open > to unforeseen circumstances. If we could come up with examples for all > possible future uses, extensions would not be required.> > For this reason, I would prefer if you can demonstrate how allowing > for this possibility makes anything harder to implement. In my > implementation experience, it doesn't.I implemented multiple capability negotiation frameworks and very few of them (at the moment I can't think of any, actually) have dependencies on order. Dealing with one element at a time seems a bit simpler. My gut feeling is that you will never need this, so I wanted to know if you actually can provide an example that depends on order. > > In several places you use EXT_INFO instead of SSH_MSG_EXT_INFO. > > It would be less confusing if you used the latter consistently > > everywhere.> > This doesn't just go for EXT_INFO, it also goes for KEXINIT, NEWKEYS, > NEWCOMPRESS, and USERAUTH_SUCCESS.> > OK, I changed this to use the SSH_MSG_ prefix always. Thank you. > > > This extension is sent by the server, and contains a list of > > public> > key algorithms that the server is able to process as part of a > > "publickey" authentication request. If a client sends this > > extension,> > the server MAY ignore it, and MAY disconnect. > > > > Why would the client disconnect when seeing this extension? Does it > > mean it is> > broken? > > > > Also, as the client can always disconnect at any point, why > > mentioning this> > here? > > I believe you have misread the text in this case. It should be clear > from the above quoted snippet.Oh, do you mean that this is never supposed to be sent by the client? In this case, yes, I misread it. Never mind. > > > Can you elaborate on what do you mean by "authentication penalties"> > in this context? > > SSH servers commonly implement some way of locking out or throttling > IP addresses that make frequent login attempts, so as to deter brute > force password guessing, username guessing, and similar undesired > behaviors.> > Some servers apply such penalties to clients that attempt to use an > unknown public key algorithm (e.g. "rsa-sha2-256"). This can result in > the client's IP address being locked out.> > The "server-sig-algs" extension provides a way for the client to know > that the server supports e.g. "rsa-sha2-256" before it attempts to use > it, to avoid a potential IP lockout.I think explaining this in the document would be useful. "Penalties" sounds a bit vague. > On Wed, Sep 13, 2017 at 6:00 AM, Alexey Melnikov > <aamelnikov@fastmail.fm> wrote:>> Alexey Melnikov has entered the following ballot position for >> draft-ietf-curdle-ssh-ext-info-12: Discuss >> >> When responding, please keep the subject line intact and reply >> to all>> email addresses included in the To and CC lines. (Feel free to >> cut this>> introductory paragraph, however.) >> >> >> Please refer to >> https://www.ietf.org/iesg/statement/discuss-criteria.html>> for more information about IESG DISCUSS and COMMENT positions. >> >> >> The document, along with other ballot positions, can be found here:>> https://datatracker.ietf.org/doc/draft-ietf-curdle-ssh-ext-info/ >> >> >> >> ---------------------------------------------------------------- >> ------>> DISCUSS: >> ---------------------------------------------------------------- >> ------>> >> This is generally a good and useful document. I have some minor >> comments I>> would like to discuss: >> >> 3.2. "delay-compression" >> >> This extension MAY be sent by both parties as follows: >> >> string "delay-compression" >> string: >> name-list compression_algorithms_client_to_server >> name-list compression_algorithms_server_to_client >> >> It is not clear for me from the formatting whether the first name- >> list is sent>> by the client and the second by the server, or both lists are always >> included>> in the value. I suspect it is the former, but can you please >> clarify?>> >> >> ---------------------------------------------------------------- >> ------>> COMMENT: >> ---------------------------------------------------------------- >> ------>> >> 1) Sentences like: >> Use of Receivers MUST tolerate any sequence of bytes; including >> null bytes>> at any position; in an unknown extension's extension-value. >> or >> In particular, applications MUST tolerate any sequence of bytes; >> including>> null bytes at any position; in an unknown extension's extension- >> value.>> >> Use of punctuation is not my strongest point, but I am reasonably >> certain that>> use of ";" is not correct here. I think you should use (). >> Otherwise these>> sentences are reading as a list of 3 things, yet in both cases the >> 3rd is a>> continuation of the 1st. >> >> 2) In Section 2.5: >> >> The relative order in which extensions appear in an >> EXT_INFO message MUST be ignored by default; but an extension MAY>> specify that the order matters for that extension, in a specific >> way.>> >> Can you provide an example of why depending on order would be >> useful? This>> potentially makes it harder to implement. >> >> In several places you use EXT_INFO instead of SSH_MSG_EXT_INFO. It >> would be>> less confusing if you used the latter consistently everywhere. >> >> 3) In 3.1: >> >> This extension is sent by the server, and contains a list of >> public>> key algorithms that the server is able to process as part of a >> "publickey" authentication request. If a client sends this >> extension,>> the server MAY ignore it, and MAY disconnect. >> >> Why would the client disconnect when seeing this extension? Does it >> mean it is>> broken? >> >> Also, as the client can always disconnect at any point, why >> mentioning this>> here? >> >> If a server does not send this extension, a client MUST NOT >> make any>> assumptions about the server's public key algorithm support, >> and MAY>> proceed with authentication requests using trial and error. Note >> that>> implementations are known to exist that apply authentication >> penalties>> if the client attempts to use an unexpected public key algorithm.>> >> Can you elaborate on what do you mean by "authentication penalties" >> in this>> context? >> >> >> _______________________________________________ >> Curdle mailing list >> Curdle@ietf.org >> https://www.ietf.org/mailman/listinfo/curdle
- [Curdle] Alexey Melnikov's Discuss on draft-ietf-… Alexey Melnikov
- Re: [Curdle] Alexey Melnikov's Discuss on draft-i… denis bider
- Re: [Curdle] Alexey Melnikov's Discuss on draft-i… Alexey Melnikov
- Re: [Curdle] Alexey Melnikov's Discuss on draft-i… denis bider
- Re: [Curdle] Alexey Melnikov's Discuss on draft-i… Eric Rescorla
- Re: [Curdle] Alexey Melnikov's Discuss on draft-i… denis bider
- Re: [Curdle] Alexey Melnikov's Discuss on draft-i… Adam Roach
- Re: [Curdle] Alexey Melnikov's Discuss on draft-i… denis bider
- Re: [Curdle] Alexey Melnikov's Discuss on draft-i… Adam Roach
- Re: [Curdle] Alexey Melnikov's Discuss on draft-i… denis bider
- Re: [Curdle] Alexey Melnikov's Discuss on draft-i… Adam Roach