[Curdle] Quantum Resistant SSH connections

Hubert Kario <hkario@redhat.com> Thu, 01 October 2020 14:50 UTC

Return-Path: <hkario@redhat.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6932D3A10B9 for <curdle@ietfa.amsl.com>; Thu, 1 Oct 2020 07:50:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.297
X-Spam-Level:
X-Spam-Status: No, score=-3.297 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JRZlZXQ4tjho for <curdle@ietfa.amsl.com>; Thu, 1 Oct 2020 07:50:57 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FB063A10AD for <curdle@ietf.org>; Thu, 1 Oct 2020 07:50:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1601563856; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=I5AloxZx/vxQv9dqJvbUiSW8phIoS+pKP+Snqvg/QNo=; b=cE4c0q9OnpkYRkCKMYMHsh+CQM6vbuCKL88pHvm+cKhEULc7u+TCmoOvQXMLaS+AojTDOE 4leL9c2WfUVQskhvu0taxdCFO0Jrqs4+7tquWOg6NfWGN7LdSt1UkGQORvgfjJh1wZ2I0N DiPlEUi6n0Gs+Dh1+9aSsdGwfVkK3OQ=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-287-GVF8mI5hNZyTZlqu8kng3A-1; Thu, 01 Oct 2020 10:50:32 -0400
X-MC-Unique: GVF8mI5hNZyTZlqu8kng3A-1
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D9A109CC03 for <curdle@ietf.org>; Thu, 1 Oct 2020 14:50:31 +0000 (UTC)
Received: from localhost (unknown [10.40.208.76]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 696381002C1C for <curdle@ietf.org>; Thu, 1 Oct 2020 14:50:31 +0000 (UTC)
From: Hubert Kario <hkario@redhat.com>
To: <curdle@ietf.org>
Date: Thu, 01 Oct 2020 16:50:29 +0200
MIME-Version: 1.0
Message-ID: <0132f221-44c7-40f0-a4f8-134379f4c6e5@redhat.com>
Organization: Red Hat
User-Agent: Trojita/0.7-git; Qt/5.13.2; xcb; Linux; Fedora release 31 (Thirty One)
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=hkario@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/kwrZOlPAuOXGzHthz2UXX8OdPKI>
Subject: [Curdle] Quantum Resistant SSH connections
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Oct 2020 14:50:59 -0000

Hi everybody,

As it's fairly easy, and common, to configure Kerberos infrastructure to be
resistant against quantum computers, I'd like to submit a new key exchange
for SSH that leverages that quantum resistance to make quantum resistant 
SSH
connections.

While we have gssapi key exchange methods already defined, they all use 
FFDH
or ECDH to derive the shared secret and use gssapi/Kerberos just to
authenticate the other side, not for encrypt the transmitted keying 
material.

This new key exchange uses gssapi to transmit keying material
and thus builds on quantum resistance of protocols like Kerberos.

Please check:
https://tools.ietf.org/html/draft-kario-gss-qr-kex-00
https://datatracker.ietf.org/doc/draft-kario-gss-qr-kex/
-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purky┼łova 115, 612 00  Brno, Czech Republic