Re: [Curdle] RFC 8308 on Extension Negotiation in the Secure Shell (SSH) Protocol

denis bider <> Thu, 22 March 2018 11:55 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 96D5E127873 for <>; Thu, 22 Mar 2018 04:55:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id b1UfB8jjuw3J for <>; Thu, 22 Mar 2018 04:55:16 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400d:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D5E3912420B for <>; Thu, 22 Mar 2018 04:55:15 -0700 (PDT)
Received: by with SMTP id h14so8813048qkj.11 for <>; Thu, 22 Mar 2018 04:55:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ugKfJ8DGxIu+CZfoaiMJ7laUKoX35mfMJM6gE+E7kfU=; b=ocTZ28z9kr7GZDsxDKLPosltYda/e5iHl2QFP1YH8IDMyLoDtX6lhwlhbHp2yjFQwi sB5eMrEkB9f8MBQeDTIGN91M+fNWGAlXMjisSr7qbclk4QodW1Bjo8iI4LF5W5a3rIJ6 +h3uEDwluL/sC+Y0b+yhkXqyukvsM3Dk/2EUfRG4ryrSSlV5YYWdtPvlQk8TZsgK4QJD HzERoeDQWnXUkShYu5RmONSjSprwo56iLBl5lEjl6NQMWqhyWtrC9AQQLEzk3cwA8WLl 2vnR3CR8rMZVSSdOVjRkeofFkfQaSuZS2aFSqKrzBPDen2o1LqhVP87+mthb/jcRCykQ CStA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ugKfJ8DGxIu+CZfoaiMJ7laUKoX35mfMJM6gE+E7kfU=; b=UmojZMIgga9rgwqGtI8kG90O83Id5tTguAm5MbHb4mXtX6aS/0VnKdtPpo4a3m+oTm qThesGT8WnbTbowRu59DepaLQ45YGnyCzVEL00tvYxyJ1QyzRRQFFYBg3blM9KaHtWi8 N/vcEhbR2NRwZyR2BNkRDvArxibLXg/5BKHVjbEkahappfqzLt1iaYjdpK8fhZV+avZL fRZ/xBA7jocJQ54TdKydYxfP/ci9LTvBCb3x6fmwCdh6w/jFp2VzjYeQ0tVvPoVJVHgR mFKU+JMzfv9HKJCmwGRdLfx7ZCKoOXRo+flbHAEcfRarNEnBK3wiVYiRDrI72iUwb5eh A8VA==
X-Gm-Message-State: AElRT7EfYehPU5xo3uRSvLqX5OhU+CSj3QpWHD5v4gex9fRMF9Kp0/t7 XY1Ik/ysZfQwzQ2tK6hd5+ZU+C9TEWRFS1sFcIE=
X-Google-Smtp-Source: AG47ELtQvo+ISMpUK/02oODcj6/ljgAJ3UHwwW47kFC/yxZ4dYu48JNawdh5YfiCItef4Au9niBUE9neXlQAp42OHfk=
X-Received: by with SMTP id p62mr34090469qka.74.1521719714986; Thu, 22 Mar 2018 04:55:14 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Thu, 22 Mar 2018 04:55:14 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <> <> <>
From: denis bider <>
Date: Thu, 22 Mar 2018 06:55:14 -0500
Message-ID: <>
To: Peter Gutmann <>
Cc: "" <>
Content-Type: multipart/alternative; boundary="001a114ab6f60f4cd10567fefbb8"
Archived-At: <>
Subject: Re: [Curdle] RFC 8308 on Extension Negotiation in the Secure Shell (SSH) Protocol
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 22 Mar 2018 11:55:17 -0000

Those sound like good ideas. I would like more people to try that. :)

If you want to test with Bitvise SSH Server, you can download it free of
charge from our website. It's easy to set up if you have a Windows
computer. You can also access it already set up here:

Port: 10739
User: test
Pass: test

If you want to test RSA authentication, the server will provide
instructions in the SSH authentication banner, or you can find them in
Welcome.txt after you are logged in.

If you want to test Bitvise SSH Client, you can also download it free of
charge from our website. It can be used free of cost in any environment.
You just need a Windows installation.

The real juice however would be in testing other implementations. I would
suggest setting up and trying the latest OpenSSH versions, both server and

On Thu, Mar 22, 2018 at 5:13 AM, Peter Gutmann <>

> denis bider <> writes:
> >Where I'm less comfortable is the hinges that are not yet widely
> deployed. As
> >long as a hinge is not in common use, it is in danger of rusting. These
> hinges
> >include:
> >
> >- EXT_INFO sent by client (only server sends it for "server-sig-algs").
> >- Extensions with binary extension-value (for example
> "delay-compression").
> I was going to try sending in extensions with undefined values, and binary
> data embdded in them, to see what happens.  If it's the same as previous,
> in
> some instances inadvertent, cases of sending unexpected data values then I
> expect all sorts of fireworks.
> >EXT_INFO with the "server-sig-algs" extension is widely deployed. It's
> well
> >tested with rsa-sha2-256 and rsa-sha2-512 signatures, and I have no
> concerns
> >about it. As far as I know, there are no compatibility issues to be
> >experienced by an implementation that follows the just-published spec.
> OK, that's good to know.
> Peter.