Re: [Curdle] Kathleen Moriarty's Yes on draft-ietf-curdle-ssh-dh-group-exchange-05: (with COMMENT)
denis bider <denisbider.ietf@gmail.com> Sat, 16 September 2017 10:46 UTC
Return-Path: <denisbider.ietf@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 625FB132705; Sat, 16 Sep 2017 03:46:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WK-0BWqvaCDe; Sat, 16 Sep 2017 03:46:12 -0700 (PDT)
Received: from mail-lf0-x231.google.com (mail-lf0-x231.google.com [IPv6:2a00:1450:4010:c07::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7995124B18; Sat, 16 Sep 2017 03:46:11 -0700 (PDT)
Received: by mail-lf0-x231.google.com with SMTP id k9so4387166lfe.10; Sat, 16 Sep 2017 03:46:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=f+mJlVs0m9hEQHa33qlm0EsEtm9da8dk2ABHyov8y3g=; b=DTfBEgE6P7qWKMCOWfzzEPOo0oi9uA3+ocZeAA4o6RU+m0zeWnvDh1vjZ5J2zFS5zM 3yBIb5MTSt3Fx8R+nvQG/aLb+/XmUeCPurTQFfooA/qTLqx9RYZLGgWgvxADA7Ilb4/l fWCb+LBRdHEYTO24tshmcnw5YoDzmFKVHeLI/mM0/hrpbKwpq0xaVWCnqRHDczNAHTAl 4fsXXNJg0v4DbhUSjHZLuSnEYjG4p15g/ybmAdmfx4L6rWuY938oSI9L4U+j2Y8u4j6q Cp9F8Mhpo5LjhbgwIgKpE4/Po9kMLFvdBDCOMPNJ0nsd2osAuF4cFwYCeMVeAL3KCx/X XY7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=f+mJlVs0m9hEQHa33qlm0EsEtm9da8dk2ABHyov8y3g=; b=VIYip1MjS+ZZ4c16dcxEaL4QWgsNMaPABqPMHH2+pg0uEms/kBCJntFagwfXloRkwO rOwWEj74ZGLreEDNVZTVc5JezhJ8P89vXAsrFG8Ku+trGEOW+QMHnFvKAG7EtsQSDylY dhzNlwedF1NT8057nrmlan/MEDGbCFQcqZaaCnAgLdbu07IZQePDoTA2akPSUtENHWZf YvBKXwzf15DFv+zZ5OfSizu9V6RVhXXCXAxUXsUau8QXlhvFhYuPWbzqFlah5HFlu8JU 2l2L4tHE0RgU9gUxqoCUUZHBt1CJm3Djxs1I98k+lebd7qsiGSErU9V2Pq92g/oig5HF Ln6Q==
X-Gm-Message-State: AHPjjUh46VGjLE0UX1nHsRcLECrRZ5zslzsWFVn/A34DnPJYB7kXHQuT sqLLBt64SFSc/ss8R7+tsKw6aM/kjjd/cpdfimw=
X-Google-Smtp-Source: AOwi7QBpmEZd3yDnWsFPYLwm+XupLqCQRQDianvpRiLK7Hmk8mXFSzAtu7WmEhQ0fFnnvH9HEiAYtNqV8TWvH4SKs20=
X-Received: by 10.46.93.215 with SMTP id v84mr3992069lje.8.1505558770203; Sat, 16 Sep 2017 03:46:10 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.179.27.209 with HTTP; Sat, 16 Sep 2017 03:46:09 -0700 (PDT)
In-Reply-To: <8D12EBA0-06FE-499E-BD29-ED83D30FA02B@akamai.com>
References: <150532612778.30489.12003202456500621755.idtracker@ietfa.amsl.com> <CAFDEUTdXRo4MG2=RR+gB0yYpnr1o229qpp+aOaMaDPc6qmnogg@mail.gmail.com> <CAKKJt-etZb1nnXuhxsDZVu2oRUaqUxyD3-xG_0gVVOaQZdZqbQ@mail.gmail.com> <7EAB674F-C7F9-41B1-B362-721F47B86914@gmail.com> <E44A4C52-F926-47FB-B6EA-788F0441A1B7@akamai.com> <B0BF79C2-D43D-429A-9089-0DD46CF74FBF@gmail.com> <8D12EBA0-06FE-499E-BD29-ED83D30FA02B@akamai.com>
From: denis bider <denisbider.ietf@gmail.com>
Date: Sat, 16 Sep 2017 04:46:09 -0600
Message-ID: <CADPMZDBu356SPMNR6qTHtf_18qVDW5uTYTh4HhZsuQRyp3Qyyg@mail.gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Cc: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, curdle <curdle@ietf.org>, draft-ietf-curdle-ssh-dh-group-exchange <draft-ietf-curdle-ssh-dh-group-exchange@ietf.org>, curdle <curdle-chairs@ietf.org>, Daniel Migault <daniel.migault@ericsson.com>, Loganaden Velvindron <logan@hackers.mu>, Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>, The IESG <iesg@ietf.org>
Content-Type: multipart/alternative; boundary="001a114a0ac0afc01a05594c3752"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/f3CXh0IAxCIpWCDj5_5zAq23Kro>
Subject: Re: [Curdle] Kathleen Moriarty's Yes on draft-ietf-curdle-ssh-dh-group-exchange-05: (with COMMENT)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Sep 2017 10:46:14 -0000
I think Mark has a more educated position on this than I do, but I can respond to the following with a bit of practical information: > Next, what's the explicit compatibility concern? If your just waiting on a key rollover > or something along those lines, it's fine for this RFC to draw a hard line. One of the explicit compatibility concerns goes like this. More or less directly taken from a real example: - Organization X has a bunch of appliances (routers, etc) of model C. - The appliances need to back up their log files. - The appliances offer like two choices for backup, either plaintext FTP or some old version of SSH+SFTP with only 1024-bit crypto, or only SHA-1, or like that. - The manufacturer no longer maintains the appliances. There are no updates planned for SSH+SFTP on this hardware. - Organization X wants to upgrade their SSH+SFTP server S on which they receive the log files from the appliances. Now the issue arises that a new RFC is out that says "MUST NOT support 1024-bit crypto" or "MUST NOT support SHA-1". If it said "SHOULD NOT", then that's fine. Server S can come with 1024-bit crypto and SHA-1 disabled by default, but users can enable if they want compatibility with these old appliances. But the spec says "MUST NOT". So now Server S, if it wants to be compliant, cannot include 1024-bit crypto or SHA-1 at all. So now organization X cannot update to a new version of server S because then they won't be able to receive transfers from appliances that only support 1024-bit crypto or SHA-1 or whatnot. The organization is not throwing away the appliances also, because they serve their purpose and are a big hardware investment. So as a result, causal process goes like this: idealist standards organization says "MUST NOT" support old stuff => new version of software cuts out support for old stuff => new version can't interoperate with old hardware => users don't upgrade to new version Or alternately: idealist standards organization says "MUST NOT" support old stuff => new version of software violates spec and supports it anyway => spec is toothless Or alternately: => new version of software violates spec and supports "MUST NOT" algorithms anyway => another type of user comes in and says "we can't use because you violate spec" => two new versions of software must be released and maintained, one that violates spec and one that doesn't We must accept that hardware implementations exist which are set in stone. "MUST NOT" for anything that was enabled by default, in new software, in the last 10 years, is more or less a no-go. With regard to key rollover, most users do not rollover keys in SSH. At all. On Fri, Sep 15, 2017 at 10:28 AM, Salz, Rich <rsalz@akamai.com> wrote: > ➢ Ok, so why can't that just be done the next time the deployed base is > ready? Is there a reason why the deployed base needs to be compliant with > this RFC? Or will making 2048 a MUST help to drive the change? > > > That’s an excellent question; I think Dennis and other authors should > reply ☺ > > _______________________________________________ > Curdle mailing list > Curdle@ietf.org > https://www.ietf.org/mailman/listinfo/curdle >
- [Curdle] Kathleen Moriarty's Yes on draft-ietf-cu… Kathleen Moriarty
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Loganaden Velvindron
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Spencer Dawkins at IETF
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Ben Campbell
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Kathleen Moriarty
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Salz, Rich
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Kathleen Moriarty
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Salz, Rich
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Mark D. Baushke
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Kathleen Moriarty
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Mark D. Baushke
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Kathleen Moriarty
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Spencer Dawkins at IETF
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Kathleen Moriarty
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… denis bider
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Mark D. Baushke
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Eric Rescorla
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Loganaden Velvindron
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Daniel Migault
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Eric Rescorla
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Loganaden Velvindron
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Kathleen Moriarty
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Loganaden Velvindron
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Loganaden Velvindron
- Re: [Curdle] Kathleen Moriarty's Yes on draft-iet… Kathleen Moriarty