Re: [Curdle] Warren Kumari's No Objection on draft-ietf-curdle-ssh-curves-10: (with COMMENT)
"Mark D. Baushke" <mdb@juniper.net> Wed, 04 September 2019 03:50 UTC
Return-Path: <mdb@juniper.net>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35A67120090; Tue, 3 Sep 2019 20:50:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NoCrNH7_a2wd; Tue, 3 Sep 2019 20:50:58 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52C9212008A; Tue, 3 Sep 2019 20:50:58 -0700 (PDT)
Received: from pps.filterd (m0108162.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x843mnWM002730; Tue, 3 Sep 2019 20:50:39 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : cc : subject : in-reply-to : references : from : mime-version : content-type : content-transfer-encoding : date : message-id; s=PPS1017; bh=1BeICnxn29Pn38BR4yW2fZUc/8ZIyV/vwV6ZPnCPcLA=; b=mhrABzAxnRXUxg9sBIVorA5UFtP1cPSOIG+oQZCkkOzLJVMf+61iRO/ZDt1vR/sFMcvi NmAn2QByk5oTaCAKJAI90RzGxTchcWLjLKSUmQ8Se51yI2Z2JNUKsCpIh/6wrrr++iZb hP88A9H61SlXmtY8Y41IoxJxO/VcsC0ovxIjR+9bqzCTC2+qrx5K0IvxChFpqaOqfEO0 6vrQseJf0R5CkriKI1nhk67PdSBI1eAZPVAUi6gi/t98PZpW91PO7JPN3iEQr44TThXB RD/fTKmyN+17X5lnu6OE/e2d6EtD+g93ynGfKuzBNq6zJn6SyBlFAqBKKNlvvwzH50zW ow==
Received: from nam04-co1-obe.outbound.protection.outlook.com (mail-co1nam04lp2056.outbound.protection.outlook.com [104.47.45.56]) by mx0b-00273201.pphosted.com with ESMTP id 2uqq595tnq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 03 Sep 2019 20:50:38 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fiVChK0N6XMkKhE60XtCIJ3KiBrcdxKZeOMqgb3HfUIJUsvnW5DYX/uSdYy9nn2iQ8Du3I+UFulbXETdvbyrmwin/89tcb3OLhH66dhg1w2RSoG4xp2TPCmJTtNUgO1255nsPlkZK1XCVvj619E18vHus81K1nekM5RV3h+eIlxOImOYUxVzAzxQpMQTpUoB1YcpWxgmaz4sPLW5clPmCMR7Fq+6W1pcXM+FtIX7MF3ldDm676NtAPMDplk7NR/6KWhpzjnV3FXKrbLzXHOUkZrqOrSv7bI5YI16lM8WBNdKpIpFvk+QvTBBVAhW0IAwyxO/Mcxhl/wuJOh1BJL98Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1BeICnxn29Pn38BR4yW2fZUc/8ZIyV/vwV6ZPnCPcLA=; b=J0g3a9kWEbqEp9/nj7FHWgXTDiWcqf8oqV9bHwt6pCWMLiQqWSlcR5Udic2wrb+3qSf/GfKEw0q6e9Yj+V4y7z0z/K4o7KYZrv76Z/XZ2BLnTb8SuuQycEvn04OTT9Au8+2hdEwRzQauH7d+MpN4hQ62F8x4K8XkIuFpG8aZp9+suJGjK1A0sYE+RmYr3WXBXqFcFBD+UTCi9CO7PTwAH4iOo8UmmUu2WI1no5wHBxtCp2xYeztbyGolUl5VYcvfDN+BVnwOKTM/s6xV8/Ih+GsRNqPLO0LlWx2E8yCuCN4T8SC1Vx4NvUlfOUgQalL66a1gI5wWIpb0AtUjhqOc3w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip is 66.129.239.12) smtp.rcpttodomain=kumari.net smtp.mailfrom=juniper.net; dmarc=fail (p=reject sp=reject pct=100) action=oreject header.from=juniper.net; dkim=none (message not signed); arc=none
Received: from DM5PR05CA0034.namprd05.prod.outlook.com (2603:10b6:4:39::23) by BN7PR05MB4147.namprd05.prod.outlook.com (2603:10b6:406:84::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2241.14; Wed, 4 Sep 2019 03:50:35 +0000
Received: from CO1NAM05FT016.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e50::207) by DM5PR05CA0034.outlook.office365.com (2603:10b6:4:39::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2241.6 via Frontend Transport; Wed, 4 Sep 2019 03:50:35 +0000
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender)
Received: from P-EXFEND-EQX-01.jnpr.net (66.129.239.12) by CO1NAM05FT016.mail.protection.outlook.com (10.152.96.123) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2241.7 via Frontend Transport; Wed, 4 Sep 2019 03:50:33 +0000
Received: from P-EXBEND-EQX-03.jnpr.net (10.104.8.56) by P-EXFEND-EQX-01.jnpr.net (10.104.8.54) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Tue, 3 Sep 2019 20:50:31 -0700
Received: from P-EXBEND-EQX-02.jnpr.net (10.104.8.53) by P-EXBEND-EQX-03.jnpr.net (10.104.8.56) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Tue, 3 Sep 2019 20:50:31 -0700
Received: from p-mailhub01.juniper.net (10.104.20.6) by P-EXBEND-EQX-02.jnpr.net (10.104.8.53) with Microsoft SMTP Server (TLS) id 15.0.1367.3 via Frontend Transport; Tue, 3 Sep 2019 20:50:31 -0700
Received: from contrail-ubm16-mdb.svec1.juniper.net ([10.163.18.199]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id x843oSXB023035; Tue, 3 Sep 2019 20:50:28 -0700 (envelope-from mdb@juniper.net)
To: Ron Frederick <ronf@timeheart.net>
CC: "Mark D. Baushke" <mdb=40juniper.net@dmarc.ietf.org>, Aris Adamantiadis <aris@badcode.be>, Daniel Migault <daniel.migault@ericsson.com>, draft-ietf-curdle-ssh-curves@ietf.org, curdle-chairs@ietf.org, curdle@ietf.org, The IESG <iesg@ietf.org>, Warren Kumari <warren@kumari.net>
In-Reply-To: <56E1A5A0-A7F1-465E-A8A0-4B3B94A68C9E@timeheart.net>
References: <156752357052.9594.7566059219592586096.idtracker@ietfa.amsl.com> <23919.1567526907@contrail-ubm16-mdb.svec1.juniper.net> <27bf18c7-7028-dc2a-54d6-2f98f98e7328@badcode.be> <26773.1567531651@contrail-ubm16-mdb.svec1.juniper.net> <56E1A5A0-A7F1-465E-A8A0-4B3B94A68C9E@timeheart.net>
Comments: In-reply-to: Ron Frederick <ronf@timeheart.net> message dated "Tue, 03 Sep 2019 16:12:43 -0700."
From: "Mark D. Baushke" <mdb@juniper.net>
X-Phone: +1 408 745-2952 (Office)
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
X-Face: #8D_6URD2G%vC.hzU<dI&#Y9szHj$'mGtUq&d=rXy^L$-=G_-LmZ^5!Fszk:yXZp$k\nTF? 8Up0!v/%1Q[(d?ES0mQW8dRCXi18gK)luJu)loHk, }4{Vi`yX?p?crF5o:LL{6#eiO:(E:YMxLXULB k|'a*EjN.B&L+[J!PhJ*aX0n:5/
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 03 Sep 2019 20:50:28 -0700
Message-ID: <965.1567569028@contrail-ubm16-mdb.svec1.juniper.net>
X-EXCLAIMER-MD-CONFIG: e3cb0ff2-54e7-4646-8a04-0dae4ac7b136
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:66.129.239.12; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(4636009)(136003)(396003)(346002)(376002)(39860400002)(2980300002)(189003)(199004)(6916009)(86362001)(316002)(305945005)(2906002)(186003)(336012)(426003)(446003)(486006)(47776003)(5660300002)(126002)(476003)(97876018)(356004)(8676002)(50466002)(117636001)(11346002)(81166006)(81156014)(53936002)(6246003)(76176011)(478600001)(26005)(54906003)(229853002)(70206006)(70586007)(8936002)(8746002)(50226002)(7696005)(2486003)(23676004)(4326008); DIR:OUT; SFP:1102; SCL:1; SRVR:BN7PR05MB4147; H:P-EXFEND-EQX-01.jnpr.net; FPR:; SPF:SoftFail; LANG:en; PTR:InfoDomainNonexistent; MX:1; A:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 41e6b2c7-12e0-46d6-0ef3-08d730eb09f6
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(4710121)(4711137)(1401327)(4618075)(2017052603328); SRVR:BN7PR05MB4147;
X-MS-TrafficTypeDiagnostic: BN7PR05MB4147:
X-Microsoft-Antispam-PRVS: <BN7PR05MB4147B4624B3209C55C5B0978BFB80@BN7PR05MB4147.namprd05.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:8273;
X-Forefront-PRVS: 0150F3F97D
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: lXz82kGtELX7rMct/l4Ux9NCdawFLsrEbQdC4KQ5th+vc6TShvuLgw8UuaL5uRaL/KdFifGg6Bo4WzC/3s1eYe1Ss4gCadIigQSyRRBMeDKnuSU/ysaVjz5o5bGvirFjGVKEH6Mp04AT/Q8OgPkAPFTh/Zp70doIImvNbni0jXQaeg6ELUrW8getDZ4oLOPctaKiw2MKEKnsBNYKcd0xCvwPs6Wv8K6FoePle1nADo46z/gQAMLGprIMF4KkkC1KXr9qg8oKqAU2sYUo4lFxnR8mOOD275NAx7ATLYvxynf++83hHEcjuAp76ITl+Oe762bIQdfpM9psVgTB2I4enmuwUSH8UP6e5TlroK+0F2176ADQlLoqUVMonJnRQFx6Vt443Jj0SPv83wLsQW0oHzu1BKacMO0yyNimxRIiWNo=
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Sep 2019 03:50:33.4899 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 41e6b2c7-12e0-46d6-0ef3-08d730eb09f6
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[P-EXFEND-EQX-01.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR05MB4147
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.70,1.0.8 definitions=2019-09-03_05:2019-09-03,2019-09-03 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 adultscore=0 mlxlogscore=795 impostorscore=0 lowpriorityscore=0 phishscore=0 malwarescore=0 priorityscore=1501 mlxscore=0 clxscore=1011 bulkscore=0 suspectscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1906280000 definitions=main-1909040040
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/da0mWT2e7WDn6i7usDakThM9cV8>
Subject: Re: [Curdle] Warren Kumari's No Objection on draft-ietf-curdle-ssh-curves-10: (with COMMENT)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Sep 2019 03:50:59 -0000
Ron Frederick <ronf@timeheart.net> writes: > The middle sentence here about failing the key exchange due to the > length of the public keys kind of breaks up the references to “abort” > here. I think it might read better as something like: > > Alternative implementations of these functions > SHOULD abort when either input forces the shared secret to one > of a small set of values, as described in Section 7 of > [RFC7748]. Clients and servers MUST also abort if > the length of the received public keys are not the expected > lengths. An abort for these purposes is defined as a > disconnect (SSH_MSG_DISCONNECT) of the session and SHOULD use > the SSH_DISCONNECT_KEY_EXCHANGE_FAILED reason for the message > <xref target="IANA-REASON"/>. > > That way, the paragraph consistently uses the “abort” terminology for > both types of failures, and then goes on to explain what “abort” > means. You are correct. The paragraph reads better with your change. I'll add it to the -12 revision after I get a few more comments. -- Mark
- [Curdle] Warren Kumari's No Objection on draft-ie… Warren Kumari via Datatracker
- Re: [Curdle] Warren Kumari's No Objection on draf… Mark D. Baushke
- Re: [Curdle] Warren Kumari's No Objection on draf… Aris Adamantiadis
- Re: [Curdle] Warren Kumari's No Objection on draf… Warren Kumari
- Re: [Curdle] Warren Kumari's No Objection on draf… Ron Frederick
- Re: [Curdle] Warren Kumari's No Objection on draf… Mark D. Baushke
- Re: [Curdle] Warren Kumari's No Objection on draf… Warren Kumari
- Re: [Curdle] Warren Kumari's No Objection on draf… Ron Frederick
- Re: [Curdle] Warren Kumari's No Objection on draf… Mark D. Baushke