Re: [Curdle] Multiple WGLC
Peter Gutmann <pgut001@cs.auckland.ac.nz> Sat, 18 March 2017 09:01 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B359124BFA for <curdle@ietfa.amsl.com>; Sat, 18 Mar 2017 02:01:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dauEQ2xFoQM2 for <curdle@ietfa.amsl.com>; Sat, 18 Mar 2017 02:01:09 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB0B4120724 for <curdle@ietf.org>; Sat, 18 Mar 2017 02:01:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1489827668; x=1521363668; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=AC/v8779tID/Eq8Jdipxsq2kjIodRuG7nw7QD09psyY=; b=bz+z1ShR/U8mnr5xoVcciHlEWWx2S/IY8c7i1CoMlPhJN1Iw0llxHxY1 ij0Bbf7xzNXtozDFnksxERbw7ZQtFeB4THv/LLzTHKtXyzuM/W11vEUFP PkT22ybG/Qo7r6o45G3BqH7R8QXZ7PTAMjX2xDdpsJBJl41uPjW3jZwPq FlojmQJFNFWQxX/qprzUweoKXTggqGmgxTv48P/n5FSKhwo+SoHZATiKw tksx5EbVULj0FHs3flITppgYFvsfugjmw1GlJEVCsmEd/nkZBR1MyNMwF KI41D3yjWUI7Q/mAnjsQQ6+3XQzPDw6IvUj5wjgN+LjO+YPp+ayzIcCgC A==;
X-IronPort-AV: E=Sophos;i="5.36,181,1486378800"; d="scan'208";a="143788723"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.3.2 - Outgoing - Outgoing
Received: from smtp.uoa.auckland.ac.nz (HELO uxcn13-tdc-a.UoA.auckland.ac.nz) ([10.6.3.2]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 18 Mar 2017 22:01:06 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-tdc-a.UoA.auckland.ac.nz (10.6.3.2) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Sat, 18 Mar 2017 22:01:05 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) with mapi id 15.00.1178.000; Sat, 18 Mar 2017 22:01:05 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Daniel Migault <daniel.migault@ericsson.com>, curdle <curdle@ietf.org>
Thread-Topic: [Curdle] Multiple WGLC
Thread-Index: AdKcoRzefuKObAUvSL+sk19Vkzo63gDJMroH
Date: Sat, 18 Mar 2017 09:01:05 +0000
Message-ID: <1489827654266.43895@cs.auckland.ac.nz>
References: <2DD56D786E600F45AC6BDE7DA4E8A8C118BA5A70@eusaamb107.ericsson.se>
In-Reply-To: <2DD56D786E600F45AC6BDE7DA4E8A8C118BA5A70@eusaamb107.ericsson.se>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/mQIeUPvJ_0Rc6BTXACMuuhM2mmQ>
Subject: Re: [Curdle] Multiple WGLC
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Mar 2017 09:01:11 -0000
Daniel Migault <daniel.migault@ericsson.com> writes: >This emails starts a WGLC on the following drafts: > > - draft-ietf-curdle-rsa-sha2-03 [1] > - draft-ietf-curdle-ssh-ext-info-02 [2] > - draft-ietf-curdle-ssh-kex-sha2-05 [3] > - draft-ietf-curdle-ssh-modp-dh-sha2-02 [4] > >Please provide your comments by March 28 on the mailing list. draft-ietf-curdle-ssh-modp-dh-sha2-02: Section 5, "Many users seem to be interested in the perceived safety of using larger MODP groups and hashing with SHA2-based algorithms", should that text be there? It seems rather out of place, orphaned between Figure 2 and the References section. draft-ietf-curdle-ssh-ext-info-02.txt: Section 2.3, "This message is sent without delay", I'm not really sure what to do with this requirement, why would there be a delay, necessitating a need to say that it's sent without delay? Section 2.3: "and immediately after SSH_MSG_NEWKEYS", whose NEWKEYs? Logic would seem to indicate that it's after both sending and receiving NEWKEYs to confirm that the connection is secured, but the text is ambiguous. Section 2.4: "If the client sent "ext-info-c", the server MAY send, but is not obligated to send, an SSH_MSG_EXT_INFO message immediately before SSH_MSG_USERAUTH_SUCCESS, as defined in [RFC4252]", I've already commented on this before, this just seems weird, the client sends its SSH_MSG_USERAUTH_REQUEST and instead of getting back SSH_MSG_USERAUTH_SUCCESS or SSH_MSG_USERAUTH_FAILURE it gets this odd out-of-place extension message packed in front of the success/failure indication that it's actually interested in. Section 3.1, "a client SHALL NOT", given that the rest of the document uses MUST or SHOULD it'd be better to use that form as well here to save people having to look up whether MUST or SHOULD is intended. Section 3.2, "Former versions of this document defined extensions with names enumerated in this heading. These proposals are removed due to current lack of implementation", isn't that an oxymoron? If it's not in a published RFC, people will be reluctant to implement it, or enable it if it's implemented. I'm certainly ready to go with "no-flow-control", but haven't enabled it because I don't know what'll change, or break, before the spec is finalised. Peter.
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… Eric Rescorla
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… denis bider
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… denis bider
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… Peter Gutmann
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… Peter Gutmann
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… Peter Gutmann
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… denis bider
- [Curdle] Multiple WGLC Daniel Migault
- Re: [Curdle] Multiple WGLC Peter Gutmann
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… denis bider (Bitvise)
- Re: [Curdle] Multiple WGLC Mark D. Baushke
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… Benjamin Kaduk
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… Peter Gutmann
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… denis bider (Bitvise)
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… Peter Gutmann
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… denis bider (Bitvise)
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… Peter Gutmann
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… denis bider
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… Eric Rescorla