Re: [Curdle] Second AD Review: draft-ietf-curdle-ssh-curves.
"Mark D. Baushke" <mdb@juniper.net> Tue, 30 July 2019 22:23 UTC
Return-Path: <mdb@juniper.net>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 170F41201C9; Tue, 30 Jul 2019 15:23:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9wfFI878BWHr; Tue, 30 Jul 2019 15:23:28 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A2A401201C7; Tue, 30 Jul 2019 15:23:28 -0700 (PDT)
Received: from pps.filterd (m0108156.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x6UMJVsN014904; Tue, 30 Jul 2019 15:23:27 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : cc : subject : in-reply-to : references : from : mime-version : content-type : content-id : content-transfer-encoding : date : message-id; s=PPS1017; bh=gg4VyOToXNFivPO638v7q9A4P38AMoPZ/batDBBzSnM=; b=gKQ5kv/fsgc3jBmz8l/xi97YxnR7la/X+WjsP04IMCRYzF0clupyfWO1FiQP81XhHBMb XCILF3/n7uDriOaRK/PlomdK0gTaEPR1HbF7T38IjQ28WTQr9pmsfxLPeF5MBHruSBtL x/MTIX4v+qpNg1wragIKjxjKADOZ1nWxqoVAspBuij8EBCkdd9yWvGwlhbAmQ+/jr2jh e09opMlFI7kxKyglyo7N/jFMhPhOaDqM++zdyq6HCi1Jt181v7T60FuF8HUPBD2NJ4he 94BSh+kT3UJiC/Ed0gg3DLx9abw2DQ1XjvAkud8pG9r/LpK5BvgjJNoV8Rn+Htgbe0Ud MQ==
Received: from nam03-co1-obe.outbound.protection.outlook.com (mail-co1nam03lp2057.outbound.protection.outlook.com [104.47.40.57]) by mx0a-00273201.pphosted.com with ESMTP id 2u2uwy092v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 30 Jul 2019 15:23:27 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=R/Qx9sZf6A8VFk+gchc3xt5cDwmB1LyQfsqQ0nQ4/ShUtYIsdLPHUr6CZsjCa0wr/ovgfjlWyoc+uj6m/KbjHdA3foQFyJPuNDH6N7E85xM90DDQBEMbAiSwR4oXAOMv3VsOpxHJl7zEOFqjB4wKAYu0lOdpdxmZA6Ec2SQItvEybRcybWI57njm1JYz+rlUzB3tW2fKQyF68XA0BBCvm2TooQ/0qUBN+eyJ6F/bfHky5sYz79FsVOUFigzQR+PB5rwUDHzQJDc4KYnIJsNAqm8Askeo2l/KoebQGExbtxe7mVzQPRWTsqAt1rTcvqyNV+tXPQIInQBx5cBBwqTMzQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gg4VyOToXNFivPO638v7q9A4P38AMoPZ/batDBBzSnM=; b=YUyKq3d4b/36yFN3tl21NRoIoe7oEEiFv8XMM9DM6IKEDcyihFJzlR5t9FIDRSYtIVb5KJ6urEYV0PUHfp2tOlg5rggqr6r96T5g1I35EwHhGcIsSOYhhArdzRkbHlLkdKwxz59n3MPIo9HKVom7h0JaN5gPFqJMaCaKvB39K2lavjFNO03H5AoNlUohMlNjay/LVI/H1Qeu1GdMa454czGvRxmQOMC8YIhzL2XuO713AqCnWxailgD78MDq9GgLyOpdunlbnv3NlhJCbozReelI8HGfRmbecNN24hCLR99anjVUe47AOdA+h9914qaQlN/IGoYsoH6KEfs3XixYLg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip is 66.129.239.12) smtp.rcpttodomain=ietf.org smtp.mailfrom=juniper.net;dmarc=fail (p=reject sp=quarantine pct=100) action=oreject header.from=juniper.net;dkim=none (message not signed);arc=none
Received: from BN3PR05CA0036.namprd05.prod.outlook.com (2603:10b6:400::46) by BN7PR05MB4276.namprd05.prod.outlook.com (2603:10b6:406:f6::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.9; Tue, 30 Jul 2019 22:23:25 +0000
Received: from CO1NAM05FT031.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e50::205) by BN3PR05CA0036.outlook.office365.com (2603:10b6:400::46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.7 via Frontend Transport; Tue, 30 Jul 2019 22:23:25 +0000
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender)
Received: from P-EXFEND-EQX-01.jnpr.net (66.129.239.12) by CO1NAM05FT031.mail.protection.outlook.com (10.152.96.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2136.7 via Frontend Transport; Tue, 30 Jul 2019 22:23:24 +0000
Received: from P-EXBEND-EQX-02.jnpr.net (10.104.8.53) by P-EXFEND-EQX-01.jnpr.net (10.104.8.54) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Tue, 30 Jul 2019 15:23:24 -0700
Received: from P-EXBEND-EQX-01.jnpr.net (10.104.8.52) by P-EXBEND-EQX-02.jnpr.net (10.104.8.53) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Tue, 30 Jul 2019 15:23:24 -0700
Received: from p-mailhub01.juniper.net (10.104.20.6) by P-EXBEND-EQX-01.jnpr.net (10.104.8.52) with Microsoft SMTP Server (TLS) id 15.0.1367.3 via Frontend Transport; Tue, 30 Jul 2019 15:23:23 -0700
Received: from contrail-ubm16-mdb.svec1.juniper.net ([10.163.18.199]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id x6UMNMd9014872; Tue, 30 Jul 2019 15:23:23 -0700 (envelope-from mdb@juniper.net)
To: Benjamin Kaduk <kaduk@mit.edu>
CC: draft-ietf-curdle-ssh-curves.all@ietf.org, curdle <curdle@ietf.org>
In-Reply-To: <20190730214702.GS47715@kduck.mit.edu>
References: <CABcZeBM1xaLR2RqYo8_VmO1ue2qr3rn_52MhSDHagKhNF-AYQA@mail.gmail.com> <20190730214702.GS47715@kduck.mit.edu>
Comments: In-reply-to: Benjamin Kaduk <kaduk@mit.edu> message dated "Tue, 30 Jul 2019 16:47:02 -0500."
From: "Mark D. Baushke" <mdb@juniper.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <31256.1564525402.1@contrail-ubm16-mdb.svec1.juniper.net>
Content-Transfer-Encoding: quoted-printable
Date: Tue, 30 Jul 2019 15:23:22 -0700
Message-ID: <31257.1564525402@contrail-ubm16-mdb.svec1.juniper.net>
X-EXCLAIMER-MD-CONFIG: e3cb0ff2-54e7-4646-8a04-0dae4ac7b136
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:66.129.239.12; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(4636009)(39860400002)(396003)(136003)(376002)(346002)(2980300002)(199004)(189003)(46406003)(97756001)(54906003)(97876018)(356004)(8676002)(336012)(81166006)(316002)(47776003)(229853002)(8936002)(8746002)(81156014)(26005)(70586007)(4326008)(70206006)(86362001)(7696005)(476003)(6916009)(2171002)(69596002)(126002)(305945005)(6246003)(446003)(53936002)(11346002)(426003)(2906002)(76176011)(478600001)(5660300002)(186003)(23726003)(14444005)(50466002)(117636001)(486006)(68736007)(62816006); DIR:OUT; SFP:1102; SCL:1; SRVR:BN7PR05MB4276; H:P-EXFEND-EQX-01.jnpr.net; FPR:; SPF:SoftFail; LANG:en; PTR:InfoDomainNonexistent; A:1; MX:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: d77e13dd-59aa-4faa-8185-08d7153c89cd
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(4710121)(4711136)(1401327)(2017052603328); SRVR:BN7PR05MB4276;
X-MS-TrafficTypeDiagnostic: BN7PR05MB4276:
X-Microsoft-Antispam-PRVS: <BN7PR05MB427640562307E45128AF8051BFDC0@BN7PR05MB4276.namprd05.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-Forefront-PRVS: 0114FF88F6
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: AP0lXzduHKCpTZuWfiNx246J0esMnOWZRLE2x5ZNoU3olqqsMRTjAxJqMQpQZ2v/lfo4jHnEVd3co2DY2Ujkt87H+aIUIzrTq9a4hkEG5tRcKiE7+5PG+7oZHmiRy4ZZZfR/Qo+Z17a432pzFHLxTJ5LoHi1df+FLM9odq6UmGIVRoo04U4maseTKWzpB9S+goJlKQzNLwQ1sQ3VhAzWO71HvtQMhNu0JLpb6MuJfqSSn0pVCmUipTf8zNQACkGOJAg5Z8mgX+1aV2kWszLJ5S4SH4CaUArvXc8lGwprJc9SsUv7RueWb7E3I5YAz1pV9eJ+i3jq00yzfJr4azIyOBy3b2ULQgomE4JodlEN6SIuFtq+HdDmmFbA1nF1UXVbY3xourFi7SYAcTCIGMtUdvkTYOW7cGzfw6LTdJ+5kyg=
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Jul 2019 22:23:24.8520 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: d77e13dd-59aa-4faa-8185-08d7153c89cd
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[P-EXFEND-EQX-01.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR05MB4276
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-30_10:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=774 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1906280000 definitions=main-1907300223
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/oeVZ0wlmgdBkwQTfRNJ6vD9_l7M>
Subject: Re: [Curdle] Second AD Review: draft-ietf-curdle-ssh-curves.
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jul 2019 22:23:30 -0000
Benjamin Kaduk <kaduk@mit.edu> writes: > I took over as responsible AD for this draft from Eric, but I don't > see any response to this second round of review comments. Luckily there's > mot much left, so hopefully we can get a new rev out quickly and move the > document forward. I do owe the AD a response to the comments and a new draft. I regret that other commitments have prevented me from this. -- Mark > Thanks, > > Ben > > On Mon, Dec 24, 2018 at 02:16:24PM -0800, Eric Rescorla wrote: > > Thanks for addressing my comments. > > > > IMPORTANT > > S 3. > > > > > received public keys are not the expected lengths, or if the > > > derived shared secret only consists of zero bits. No further > > > validation is required beyond what is discussed in [RFC7748]. > > > The derived shared secret is 32 bytes when Curve25519 is used > > > and 56 bytes when Curve448 is used. The encodings of all > > > values are defined in [RFC7748]. The hash used is SHA-256 for > > > Curve25519 and SHA-512 for Curve448. > > > > This is true if you use the 7748 algorithm, but not necessarily > > otherwise. > > > > Here is some OK language (from tcpcrypt) > > > > Key-agreement schemes ECDHE-Curve25519 and ECDHE-Curve448 perform > > the Diffie-Helman protocol using the functions X25519 and X448, > > respectively. Implementations SHOULD compute these functions > > using the algorithms described in [RFC7748]. When they do so, > > implementations MUST check whether the computed Diffie-Hellman > > shared secret is the all-zero value and abort if so, as described > > in Section 6 of [RFC7748]. Alternative implementations of these > > functions SHOULD abort when either input forces the shared secret > > to one of a small set of values, as discussed in Section 7 of > > [RFC7748]. > > > > COMMENTS > > S 1. > > > key exchange protocol described in [RFC4253] supports an extensible > > > set of methods. [RFC5656] describes how elliptic curves are > > > integrated in SSH, and this document reuses those protocol messages. > > > > > > This document describes how to implement key exchange based on > > > Curve25519 and Ed448-Goldilocks [RFC7748] in SSH. For Curve25519 > > > > 7748 calls this Curve448 and you do so later, so please be consistent. -- Mark
- [Curdle] Second AD Review: draft-ietf-curdle-ssh-… Eric Rescorla
- Re: [Curdle] Second AD Review: draft-ietf-curdle-… Benjamin Kaduk
- Re: [Curdle] Second AD Review: draft-ietf-curdle-… Mark D. Baushke
- Re: [Curdle] Second AD Review: draft-ietf-curdle-… Benjamin Kaduk
- Re: [Curdle] Second AD Review: draft-ietf-curdle-… Daniel Migault
- Re: [Curdle] Second AD Review: draft-ietf-curdle-… Mark Baushke
- Re: [Curdle] Second AD Review: draft-ietf-curdle-… Ron Frederick
- Re: [Curdle] Second AD Review: draft-ietf-curdle-… Benjamin Kaduk
- Re: [Curdle] Second AD Review: draft-ietf-curdle-… Mark D. Baushke
- Re: [Curdle] Second AD Review: draft-ietf-curdle-… Benjamin Kaduk