Re: [Curdle] WG status and extension negotiation
Румен Петров <pkixssh@roumenpetrov.info> Tue, 02 May 2017 18:10 UTC
Return-Path: <pkixssh@roumenpetrov.info>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5281B129B5C for <curdle@ietfa.amsl.com>; Tue, 2 May 2017 11:10:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.1
X-Spam-Level:
X-Spam-Status: No, score=0.1 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ax_3csX-RPMv for <curdle@ietfa.amsl.com>; Tue, 2 May 2017 11:10:05 -0700 (PDT)
Received: from rila.superhosting.bg (rila.superhosting.bg [91.196.125.212]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B6CF129B7E for <curdle@ietf.org>; Tue, 2 May 2017 11:07:03 -0700 (PDT)
Received: from [78.128.48.21] (port=59826 helo=[192.168.0.10]) by rila.superhosting.bg with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.87) (envelope-from <pkixssh@roumenpetrov.info>) id 1d5cCR-0039rt-Vl for curdle@ietf.org; Tue, 02 May 2017 21:06:59 +0300
Message-ID: <5908CAC4.2010705@roumenpetrov.info>
Date: Tue, 02 May 2017 21:07:00 +0300
From: Румен Петров <pkixssh@roumenpetrov.info>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:33.0) Gecko/20100101 Firefox/33.0 SeaMonkey/2.30
MIME-Version: 1.0
To: curdle <curdle@ietf.org>
References: <CADZyTkkd-JpsE89z=P10Y0esc1NCZydD5NqMTs8E5xUz-DMT_g@mail.gmail.com> <58F475B5.4090504@roumenpetrov.info> <CADPMZDBjgpzMKp1UJqWMC_xRZpfce=wOOsE51HwY2dEO73kKeA@mail.gmail.com> <CADPMZDBS3yFxWmioNRV+Vx-ThTPW636ydr1fz76vNP52DjAtZA@mail.gmail.com> <1778170c976e43569d34f051bba51f4c@ustx2ex-dag1mb1.msg.corp.akamai.com> <CADZyTknNkAWHUeqk-BQqYU_6jTGVgPurhqF7=Am7Xk7OT=D-gQ@mail.gmail.com> <CADZyTk=3pZb40upVHPuG8hYEWOCpu2hhdyBpiZ9t5+v2_AYzAQ@mail.gmail.com>
In-Reply-To: <CADZyTk=3pZb40upVHPuG8hYEWOCpu2hhdyBpiZ9t5+v2_AYzAQ@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - rila.superhosting.bg
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - roumenpetrov.info
X-Get-Message-Sender-Via: rila.superhosting.bg: authenticated_id: master78@roumenpetrov.info
X-Authenticated-Sender: rila.superhosting.bg: master78@roumenpetrov.info
X-Source:
X-Source-Args:
X-Source-Dir:
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/pHmwg5EHQVbQVf-LONNJmmsrTco>
Subject: Re: [Curdle] WG status and extension negotiation
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 May 2017 18:10:08 -0000
Hi, I would like to split my comments in two parts. First part is about extension negotiation (draft-ietf-curdle-ssh-ext-info-nn.txt) and subject of this email. I'm author of PKIX-SSH secure shell implementation that support X.509 certificate based publickey and hostbased algorithms. Goal is to find way transparently to users to switch from legacy algorithms to rfc6187 one. Legacy algorithms as defined in draft-ietf-secsh-transport-12.txt (31 Jan. 2002) are - x509v3-sign-rsa and - x509v3-sign-dss . Algorithms that correspond to same key type defined in rfc6187 are - x509v3-ssh-rsa and - x509v3-ssh-dss . Currently x509v3-rsa2048-sha256 ( rfc6187) is out of my scope. Daniel Migault wrote: > Hi, > > So far we have not received many inputs and I would like to make sure we > understand Romen's concern. My understanding of the concerned raised by > Romen is that specifying signature algorithms may complexity the ways > Public Key Algorithm registries are designated. However it looks to me one > reason is that we are moving from implicit signature scheme to explicit > ones. > > Romen please re-state your issues with the draft, clearly expose the issues > as well as the alternate you would fine acceptable. Let review be example following case - secure token (smart-card), RSA key and associated X.509 certificate. Which publickey algorithm to in public key authentication without to probe all listed below? - (1) x509v3-sign-rsa (legacy) - (2) x509v3-ssh-rsa (rfc6187) - (3) x509v3-rsa2048-sha256 (rfc6187 if applicable, perhaps will be implemented in PKIX-SSH) - (4) ssh-rsa (rfc4253) - (5) rsa-sha2-256 (upcoming) - (6) rsa-sha2-512 (upcoming) To find suitable algorithm we could use "software version" field (see rfc4253 4.2. Protocol Version Exchange). This solution is possible but requires up-to date database with information for vendor, version and supported ssh features. For such solution maintenance cost is too high. Another solution id peers to inform each other for supported functionality. So "extension negotiation mechanism"fail into this category. Denis, author of extension negotiation propose "server-sig-algs". Until now ssh related documents define publickey algorithm - see rfc4252, chapter 7. Public Key Authentication Method: "publickey") and hostbased (same rfc) and format of key and signature in with triplet : (I) public key algorithm name in USERAUTH_REQUEST message (rfc4252) (II) certificate or public key format identifier (rfc4253) (III) signature format identifier (as specified by the public key/certificate format) (rfc4253) For algorithms (1), (2) and (4) the triplet is : (1) x509v3-sign-rsa / --- (!?!) / x509v3-sign-rsa (2) x509v3-ssh-rsa / x509v3-ssh-rsa / ssh-rsa (4) ssh-rsa / ssh-rsa / ssh-rsa As is visible identifier of signature algorithm overlap two publickey algorithm. To avoid ambiguities in PKIX-SSH 10.1 I implement new extension (a) /"publickey-algorithms@roumenpetrov.info"/ . Thus PKIX-SSH could list all algorithms from above (3* if implemented) as "public key algorithm name" in unique. As of today client will chose algorithm (1) but in the near future (perhaps next version) rfc6187 algorithm(2) will be preferred chose. Extension (b) "server-sig-algs" is also announced by PKIX-SSH but with restriction - list only algorithms whose name match identifier of signature. This exclude automatically rfc6187 but could be used for compatibility with implementation like Bitvise and OpenSSH as they supports "algorithms whose name match identifier of signature". In connection to those servers PKIX-SSH will chose algorithm (5). In connection to server without extensions - client will try (1) and if not accepted (4). Above is part of PKIX-SSH feature called "/adaptive public key algorithm selection"/ - an automatic process. Manual configurations that impact /public key algorithm selection is out of scope to this mail ./ In conclusion : extension negotiation mechanism is valuable solution to resolve case above if propose an extension that allows in unique way to chose triplet for USERAUTH_REQUEST message. > Yours, > Daniel > [SNIP] Regards, Roumen Petrov
- [Curdle] WG status Daniel Migault
- Re: [Curdle] WG status Румен Петров
- Re: [Curdle] WG status Румен Петров
- Re: [Curdle] WG status denis bider
- Re: [Curdle] WG status denis bider
- Re: [Curdle] WG status Румен Петров
- Re: [Curdle] WG status Salz, Rich
- Re: [Curdle] WG status Daniel Migault
- Re: [Curdle] WG status Daniel Migault
- Re: [Curdle] WG status Jim Schaad
- Re: [Curdle] WG status Damien Miller
- Re: [Curdle] WG status and extension negotiation Румен Петров
- Re: [Curdle] WG status and rsa-sha2 as public key… Румен Петров
- Re: [Curdle] WG status and rsa-sha2 as public key… Daniel Migault
- Re: [Curdle] WG status and rsa-sha2 as public key… Румен Петров
- Re: [Curdle] WG status and rsa-sha2 as public key… denis bider
- Re: [Curdle] WG status and rsa-sha2 as public key… Daniel Migault
- Re: [Curdle] WG status and rsa-sha2 as public key… Mark D. Baushke
- Re: [Curdle] WG status and rsa-sha2 as public key… Румен Петров
- Re: [Curdle] WG status and rsa-sha2 as public key… denis bider
- Re: [Curdle] WG status and rsa-sha2 as public key… denis bider
- Re: [Curdle] WG status and rsa-sha2 as public key… denis bider
- Re: [Curdle] WG status and rsa-sha2 as public key… denis bider
- Re: [Curdle] WG status and rsa-sha2 as public key… Daniel Migault