IETF Logo Mail Archive

Re: [Curdle] SSH/QUIC draft

Benjamin Kaduk <kaduk@mit.edu> Tue, 04 August 2020 21:40 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 183743A1189 for <curdle@ietfa.amsl.com>; Tue, 4 Aug 2020 14:40:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id blsT-Q6tc_KV for <curdle@ietfa.amsl.com>; Tue, 4 Aug 2020 14:40:47 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D30083A1163 for <curdle@ietf.org>; Tue, 4 Aug 2020 14:40:46 -0700 (PDT)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 074LedaR001049 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 4 Aug 2020 17:40:41 -0400
Date: Tue, 04 Aug 2020 14:40:38 -0700
From: Benjamin Kaduk <kaduk@mit.edu>
To: denis bider <denisbider.ietf@gmail.com>
Cc: Ilari Liusvaara <ilariliusvaara@welho.com>, curdle <curdle@ietf.org>
Message-ID: <20200804214038.GV92412@kduck.mit.edu>
References: <CADPMZDDEYZ7aTv=NUY+4+BmMnN=JxFUHUwM7=SYq=EK5v_r1oA@mail.gmail.com> <20200711193524.GA239102@LK-Perkele-VII> <CADPMZDDz-_KDY1NbhakTkP3CKhCOTKGUzaQZHYA=nn+-8X7X2Q@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CADPMZDDz-_KDY1NbhakTkP3CKhCOTKGUzaQZHYA=nn+-8X7X2Q@mail.gmail.com>
User-Agent: Mutt/1.12.1 (2019-06-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/iHTRTd86-68SOWG4JgP1tgdy-OU>
Subject: Re: [Curdle] SSH/QUIC draft
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Aug 2020 21:40:48 -0000

On Sat, Jul 11, 2020 at 09:02:50PM -0500, denis bider wrote:
> Ilari:
> 
> 
> > I presume server authentication should be done using the TLS server
> certificate.
> 
> Server authentication needs to happen using existing SSH host keys with no
> change for users. Users should be able to update to new SSH software
> versions that support SSH/QUIC and everything should work out of the box
> without the user noticing a difference. Server admins may need to open a
> UDP port in the firewall, and that's it.
[...]
> 
> > For client authentication, one probably should use SSH-layer mechanisms
> 
> For client authentication, we use the exact same mechanisms currently used
> in SSH.  Anything less than "no change for the user" does not fly.

I'd be interested in hearing what (if anything) Ilari has to say about the
potential for cross-protocol attacks when reusing ssh host and client keys
for this related-but-not-exactly-the-same protocol.  On the face of it it
seems like something that "requires careful analysis" and quickly skimming
draft-bider-ssh-quic didn't give me enough context to be able to say
anything useful.

-Ben

v2.23.0 | Report a Bug | By Email