IETF Logo Mail Archive

Re: [Curdle] Kathleen Moriarty's Yes on draft-ietf-curdle-ssh-dh-group-exchange-05: (with COMMENT)

denis bider <denisbider.ietf@gmail.com> Sat, 16 September 2017 10:46 UTC

Return-Path: <denisbider.ietf@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 625FB132705; Sat, 16 Sep 2017 03:46:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WK-0BWqvaCDe; Sat, 16 Sep 2017 03:46:12 -0700 (PDT)
Received: from mail-lf0-x231.google.com (mail-lf0-x231.google.com [IPv6:2a00:1450:4010:c07::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7995124B18; Sat, 16 Sep 2017 03:46:11 -0700 (PDT)
Received: by mail-lf0-x231.google.com with SMTP id k9so4387166lfe.10; Sat, 16 Sep 2017 03:46:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=f+mJlVs0m9hEQHa33qlm0EsEtm9da8dk2ABHyov8y3g=; b=DTfBEgE6P7qWKMCOWfzzEPOo0oi9uA3+ocZeAA4o6RU+m0zeWnvDh1vjZ5J2zFS5zM 3yBIb5MTSt3Fx8R+nvQG/aLb+/XmUeCPurTQFfooA/qTLqx9RYZLGgWgvxADA7Ilb4/l fWCb+LBRdHEYTO24tshmcnw5YoDzmFKVHeLI/mM0/hrpbKwpq0xaVWCnqRHDczNAHTAl 4fsXXNJg0v4DbhUSjHZLuSnEYjG4p15g/ybmAdmfx4L6rWuY938oSI9L4U+j2Y8u4j6q Cp9F8Mhpo5LjhbgwIgKpE4/Po9kMLFvdBDCOMPNJ0nsd2osAuF4cFwYCeMVeAL3KCx/X XY7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=f+mJlVs0m9hEQHa33qlm0EsEtm9da8dk2ABHyov8y3g=; b=VIYip1MjS+ZZ4c16dcxEaL4QWgsNMaPABqPMHH2+pg0uEms/kBCJntFagwfXloRkwO rOwWEj74ZGLreEDNVZTVc5JezhJ8P89vXAsrFG8Ku+trGEOW+QMHnFvKAG7EtsQSDylY dhzNlwedF1NT8057nrmlan/MEDGbCFQcqZaaCnAgLdbu07IZQePDoTA2akPSUtENHWZf YvBKXwzf15DFv+zZ5OfSizu9V6RVhXXCXAxUXsUau8QXlhvFhYuPWbzqFlah5HFlu8JU 2l2L4tHE0RgU9gUxqoCUUZHBt1CJm3Djxs1I98k+lebd7qsiGSErU9V2Pq92g/oig5HF Ln6Q==
X-Gm-Message-State: AHPjjUh46VGjLE0UX1nHsRcLECrRZ5zslzsWFVn/A34DnPJYB7kXHQuT sqLLBt64SFSc/ss8R7+tsKw6aM/kjjd/cpdfimw=
X-Google-Smtp-Source: AOwi7QBpmEZd3yDnWsFPYLwm+XupLqCQRQDianvpRiLK7Hmk8mXFSzAtu7WmEhQ0fFnnvH9HEiAYtNqV8TWvH4SKs20=
X-Received: by 10.46.93.215 with SMTP id v84mr3992069lje.8.1505558770203; Sat, 16 Sep 2017 03:46:10 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.179.27.209 with HTTP; Sat, 16 Sep 2017 03:46:09 -0700 (PDT)
In-Reply-To: <8D12EBA0-06FE-499E-BD29-ED83D30FA02B@akamai.com>
References: <150532612778.30489.12003202456500621755.idtracker@ietfa.amsl.com> <CAFDEUTdXRo4MG2=RR+gB0yYpnr1o229qpp+aOaMaDPc6qmnogg@mail.gmail.com> <CAKKJt-etZb1nnXuhxsDZVu2oRUaqUxyD3-xG_0gVVOaQZdZqbQ@mail.gmail.com> <7EAB674F-C7F9-41B1-B362-721F47B86914@gmail.com> <E44A4C52-F926-47FB-B6EA-788F0441A1B7@akamai.com> <B0BF79C2-D43D-429A-9089-0DD46CF74FBF@gmail.com> <8D12EBA0-06FE-499E-BD29-ED83D30FA02B@akamai.com>
From: denis bider <denisbider.ietf@gmail.com>
Date: Sat, 16 Sep 2017 04:46:09 -0600
Message-ID: <CADPMZDBu356SPMNR6qTHtf_18qVDW5uTYTh4HhZsuQRyp3Qyyg@mail.gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Cc: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, curdle <curdle@ietf.org>, draft-ietf-curdle-ssh-dh-group-exchange <draft-ietf-curdle-ssh-dh-group-exchange@ietf.org>, curdle <curdle-chairs@ietf.org>, Daniel Migault <daniel.migault@ericsson.com>, Loganaden Velvindron <logan@hackers.mu>, Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>, The IESG <iesg@ietf.org>
Content-Type: multipart/alternative; boundary="001a114a0ac0afc01a05594c3752"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/f3CXh0IAxCIpWCDj5_5zAq23Kro>
Subject: Re: [Curdle] Kathleen Moriarty's Yes on draft-ietf-curdle-ssh-dh-group-exchange-05: (with COMMENT)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Sep 2017 10:46:14 -0000

I think Mark has a more educated position on this than I do, but I can
respond to the following with a bit of practical information:

> Next, what's the explicit compatibility concern?  If your just waiting on
a key rollover
> or something along those lines, it's fine for this RFC to draw a hard
line.

One of the explicit compatibility concerns goes like this. More or less
directly taken from a real example:

- Organization X has a bunch of appliances (routers, etc) of model C.
- The appliances need to back up their log files.
- The appliances offer like two choices for backup, either plaintext FTP or
some old version of SSH+SFTP with only 1024-bit crypto, or only SHA-1, or
like that.
- The manufacturer no longer maintains the appliances. There are no updates
planned for SSH+SFTP on this hardware.
- Organization X wants to upgrade their SSH+SFTP server S on which they
receive the log files from the appliances.

Now the issue arises that a new RFC is out that says "MUST NOT support
1024-bit crypto" or "MUST NOT support SHA-1".

If it said "SHOULD NOT", then that's fine. Server S can come with 1024-bit
crypto and SHA-1 disabled by default, but users can enable if they want
compatibility with these old appliances.

But the spec says "MUST NOT". So now Server S, if it wants to be compliant,
cannot include 1024-bit crypto or SHA-1 at all. So now organization X
cannot update to a new version of server S because then they won't be able
to receive transfers from appliances that only support 1024-bit crypto or
SHA-1 or whatnot.

The organization is not throwing away the appliances also, because they
serve their purpose and are a big hardware investment. So as a result,
causal process goes like this:

idealist standards organization says "MUST NOT" support old stuff
=> new version of software cuts out support for old stuff
=> new version can't interoperate with old hardware
=> users don't upgrade to new version

Or alternately:

idealist standards organization says "MUST NOT" support old stuff
=> new version of software violates spec and supports it anyway
=> spec is toothless

Or alternately:

=> new version of software violates spec and supports "MUST NOT" algorithms
anyway
=> another type of user comes in and says "we can't use because you violate
spec"
=> two new versions of software must be released and maintained, one that
violates spec and one that doesn't

We must accept that hardware implementations exist which are set in stone.
"MUST NOT" for anything that was enabled by default, in new software, in
the last 10 years, is more or less a no-go.

With regard to key rollover, most users do not rollover keys in SSH. At all.


On Fri, Sep 15, 2017 at 10:28 AM, Salz, Rich <rsalz@akamai.com> wrote:

> ➢ Ok, so why can't that just be done the next time the deployed base is
> ready?  Is there a reason why the deployed base needs to be compliant with
> this RFC?  Or will making 2048 a MUST help to drive the change?
>
>
> That’s an excellent question; I think Dennis and other authors should
> reply ☺
>
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle
>

v2.23.0 | Report a Bug | By Email