Re: [Curdle] Quantum Resistant SSH connections

"Mark D. Baushke" <mdb@juniper.net> Thu, 01 October 2020 16:07 UTC

Return-Path: <mdb@juniper.net>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 879AC3A10E7 for <curdle@ietfa.amsl.com>; Thu, 1 Oct 2020 09:07:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.297
X-Spam-Level:
X-Spam-Status: No, score=-3.297 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=QwlszA7X; dkim=pass (1024-bit key) header.d=juniper.net header.b=jOiqpKN1
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yUpv9dZGWUBH for <curdle@ietfa.amsl.com>; Thu, 1 Oct 2020 09:07:07 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC5893A10E6 for <curdle@ietf.org>; Thu, 1 Oct 2020 09:07:06 -0700 (PDT)
Received: from pps.filterd (m0108160.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 091G2cjj022897; Thu, 1 Oct 2020 09:07:06 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : cc : subject : in-reply-to : references : from : mime-version : content-type : content-transfer-encoding : date : message-id; s=PPS1017; bh=4r3O+Ht0IoQA5+/IgNO5TeY2hQK2Gr00fae/KvxXIqI=; b=QwlszA7XI7mqGlx8fYOWBpTsNLmMXlxdeZX5Dry+nNlAMXxZd8pYnP/pcpSU6+MllBQS WPpyDXpzLWa2xOW9wOJuJ2538NhPjOLqMyHylDb8r8tE18me8/eQiAtpY/vNy2mevBa3 lVPXIRyOj9pha1s2BzsQWxHew+grLrNUNQUmh9iclOF+UyJWGES4Qyw7/F4x7OpllBcQ JF1V6ifkOkqi4WZSkVV/ZHhDsjvu3fwV9+06wnh6mIVelRItfhqWWdLEZ5uSYw0bakpJ oDKbHtdpgAFDy0YC8eJ6HavAk/dQEjJljm3+6tRC7m9QEl1wJzqaveLCBTWKLFEpJbzQ 3A==
Received: from nam12-bn8-obe.outbound.protection.outlook.com (mail-bn8nam12lp2168.outbound.protection.outlook.com [104.47.55.168]) by mx0b-00273201.pphosted.com with ESMTP id 33vx859xad-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 01 Oct 2020 09:07:06 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kZViPA5zZt2bevyWF2VJ+Kep0hMT7CLGVD2YyAs0qL9Q5Z+jEx4j7e/o7o+RQ+eNE+Cd1Qui3fzUG2Y7IV4Zu2/zWZ/tl90hUkvTZF/3nYjwzJRb5pifBIrBaiWmsMrZepYFUhGScTGrYcT+BXroM/eNW5rWYKEkwNsYv0zb8qZvaPFG0zqKQxF4srGnULrQr0WVLXnPnk7Is3+L96935dpboyldmr/Gsm0qctmcht0WNxTzVtUOxeV9BVeroploS3b39Iq3zr38wxYAh8U5qOP6ziURg5ceYxtn67BQHO9koojUhdyzUSoP0rpB+lhZR/9BcqBbOLEvjocgVVihIQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4r3O+Ht0IoQA5+/IgNO5TeY2hQK2Gr00fae/KvxXIqI=; b=AyuUSzn4tagLp1D+2Ln05ugOtVXNm05YzdjJ4zS/UkrCExejzIt+cFNLoNSe1r5zTpUOZwXq2dcTdp0o01WGeV+Lxogql7IwMyeuzjZd1U7P2Qgq9GPcG9bUE/0nmu3Zo67MSscSrM7rJbZEX7xfaY9CDbY6ndjLAXte320rdViV5vxJbWzcoBIsgld+zplTta8kEcGtSaMgVS1Q9sme9Zu8WKkgQeY4UUipbFx8yC2HrRqevLVhmxENLFTPXb4x04DOMUtan6z/JmGTWPVGmHStbootMKx17+TkWq8a7DBZD9Qbpj66ZHuJ3pGAKxYlDJmIpHtcGnSrJPM1XGirfQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip is 66.129.242.13) smtp.rcpttodomain=ietf.org smtp.mailfrom=juniper.net; dmarc=fail (p=reject sp=reject pct=100) action=oreject header.from=juniper.net; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4r3O+Ht0IoQA5+/IgNO5TeY2hQK2Gr00fae/KvxXIqI=; b=jOiqpKN1JawlIbpsPcCQFXUDQEC769ONs4oE+pjlFVbF9fg7/XCzJTg6biwz8MTYcWixPK2Bkh+Bp8sC8BAC0sNesqHqxst3y6nvBQW488lrWHrnTrRMbLP3XS+QnDq5iureR04uBY6AcffDYKs/L7l5c8+qgnth/Y1TVUs82Gk=
Received: from DM5PR08CA0059.namprd08.prod.outlook.com (2603:10b6:4:60::48) by DM6PR05MB3993.namprd05.prod.outlook.com (2603:10b6:5:82::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3433.14; Thu, 1 Oct 2020 16:07:02 +0000
Received: from DM3NAM05FT006.eop-nam05.prod.protection.outlook.com (2603:10b6:4:60:cafe::ef) by DM5PR08CA0059.outlook.office365.com (2603:10b6:4:60::48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3433.38 via Frontend Transport; Thu, 1 Oct 2020 16:07:02 +0000
X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is 66.129.242.13) smtp.mailfrom=juniper.net; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=fail action=oreject header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.242.13 as permitted sender)
Received: from P-EXFEND-EQX-02.jnpr.net (66.129.242.13) by DM3NAM05FT006.mail.protection.outlook.com (10.152.98.111) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3455.13 via Frontend Transport; Thu, 1 Oct 2020 16:07:02 +0000
Received: from P-EXBEND-EQX-01.jnpr.net (10.104.8.52) by P-EXFEND-EQX-02.jnpr.net (10.104.8.55) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 1 Oct 2020 09:07:02 -0700
Received: from P-EXBEND-EQX-02.jnpr.net (10.104.8.53) by P-EXBEND-EQX-01.jnpr.net (10.104.8.52) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 1 Oct 2020 09:06:58 -0700
Received: from p-mailhub01.juniper.net (10.104.20.6) by P-EXBEND-EQX-02.jnpr.net (10.104.8.53) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Thu, 1 Oct 2020 09:06:58 -0700
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [10.160.0.88]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id 091G6vi6013666; Thu, 1 Oct 2020 09:06:57 -0700 (envelope-from mdb@juniper.net)
To: Hubert Kario <hkario@redhat.com>
CC: <curdle@ietf.org>
In-Reply-To: <0132f221-44c7-40f0-a4f8-134379f4c6e5@redhat.com>
References: <0132f221-44c7-40f0-a4f8-134379f4c6e5@redhat.com>
Comments: In-reply-to: Hubert Kario <hkario@redhat.com> message dated "Thu, 01 Oct 2020 16:50:29 +0200."
From: "Mark D. Baushke" <mdb@juniper.net>
X-Phone: +1 408 745-2952 (Office)
X-Mailer: MH-E 8.6+git; nmh 1.6; GNU Emacs 26.3
X-Face: #8D_6URD2G%vC.hzU<dI&#Y9szHj$'mGtUq&d=rXy^L$-=G_-LmZ^5!Fszk:yXZp$k\nTF? 8Up0!v/%1Q[(d?ES0mQW8dRCXi18gK)luJu)loHk, }4{Vi`yX?p?crF5o:LL{6#eiO:(E:YMxLXULB k|'a*EjN.B&L+[J!PhJ*aX0n:5/
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Date: Thu, 1 Oct 2020 09:06:57 -0700
Message-ID: <8817.1601568417@eng-mail01.juniper.net>
X-EXCLAIMER-MD-CONFIG: e3cb0ff2-54e7-4646-8a04-0dae4ac7b136
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: cbc59e79-d143-4566-ca68-08d8662408e2
X-MS-TrafficTypeDiagnostic: DM6PR05MB3993:
X-Microsoft-Antispam-PRVS: <DM6PR05MB3993ED28C1670A5276DF40E3BF300@DM6PR05MB3993.namprd05.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: t39VERHJ7WUGTfY0WTY2kwRPiiok4xt3t7/mM3xqRN5QdwglMGMs4wEyHZaGoWIo+I5vSIL+OQX7FdnSD3WJ6+OZFjSpBMgVVrQ53ZUwboytU286/Txe/e8MZ1noNR4TjXS/PZZhx6hL9Us8ufAWS7i64vIAUDukmHMRqdF/O6LELfmeDujrWLflQPQ+wm45YUMEvMmG/MgQpRQ3VqhRNCUVf8YqHEQrrvG4UkxbdSj/w++I9jPBgeKLu2Gob+6KnupoSabQuLwyBkzGYCCSZ2yeOnM4RpwTiieUQt9CZ0LHqa1k6ghnfLs2eqxEnY2LoyUidFdW/MTa0gPJSduUvE4GARBvSA9JStrI6lMt4ZDrIcbUepDG5Zhg9W63ygrSFh8zL+uTbE2MgasmvHrjD7IiLQVpVVPUwUoSldTbjChXm7OmAqm6R/4JJof9f+nmMPAHjFo/9tbUvHvNwV+Dc+h6xZjuIuSP3ynqgDijnAg=
X-Forefront-Antispam-Report: CIP:66.129.242.13; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:P-EXFEND-EQX-02.jnpr.net; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(4636009)(346002)(136003)(39860400002)(396003)(376002)(46966005)(6916009)(426003)(5660300002)(2906002)(336012)(70206006)(70586007)(7696005)(82740400003)(8936002)(86362001)(83080400001)(47076004)(478600001)(81166007)(8676002)(356005)(83380400001)(66574015)(82310400003)(15974865002)(4326008)(966005)(26005)(186003)(316002); DIR:OUT; SFP:1102;
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Oct 2020 16:07:02.5452 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: cbc59e79-d143-4566-ca68-08d8662408e2
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.242.13]; Helo=[P-EXFEND-EQX-02.jnpr.net]
X-MS-Exchange-CrossTenant-AuthSource: DM3NAM05FT006.eop-nam05.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR05MB3993
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-10-01_05:2020-10-01, 2020-10-01 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 phishscore=0 mlxscore=0 spamscore=0 priorityscore=1501 impostorscore=0 suspectscore=0 lowpriorityscore=0 mlxlogscore=557 malwarescore=0 adultscore=0 clxscore=1011 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2010010134
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/hB_aijFQyfjFq3iPN46aLw1RXVY>
Subject: Re: [Curdle] Quantum Resistant SSH connections
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Oct 2020 16:07:09 -0000

Hi Hubert,

Hubert Kario <hkario@redhat.com> writes:

> Hi everybody,
> 
> As it's fairly easy, and common, to configure Kerberos infrastructure
> to be resistant against quantum computers, I'd like to submit a new
> key exchange for SSH that leverages that quantum resistance to make
> quantum resistant SSH connections.
> 
> While we have gssapi key exchange methods already defined, they all use
> FFDH
> or ECDH to derive the shared secret and use gssapi/Kerberos just to
> authenticate the other side, not for encrypt the transmitted keying
> material.
> 
> This new key exchange uses gssapi to transmit keying material
> and thus builds on quantum resistance of protocols like Kerberos.
> 
> Please check:
> https://tools.ietf.org/html/draft-kario-gss-qr-kex-00
> https://datatracker.ietf.org/doc/draft-kario-gss-qr-kex/
> --
> Regards,
> Hubert Kario
> Senior Quality Engineer, QE BaseOS Security team
> Web: www.cz.redhat.com
> Red Hat Czech s.r.o., Purky┼łova 115, 612 00  Brno, Czech Republic

Thank you for the pointers.

Related to Quantum-Resistant and Quantum-Safe algorithms, you may find
these pointers useful as well:

There is a github project under an MIT licesnse:

    https://github.com/open-quantum-safe/liboqs

which provides for various Quantum-Safe cryptographic algorithms.

There is also a paper published last year:

    Prototyping post-quantum and hybrid key exchange and authentication in
    TLS and SSH
    by Eric Crockett and Christian Paquin and Douglas Stebila
    URL: https://eprint.iacr.org/2019/858

which may be of interest as a hybrid mechanism may be more acceptable as
a transition to PQ than a direct move for some implementers.

	Be safe, stay healthy,
	-- Mark