Re: [Curdle] I-D Action: draft-ietf-curdle-ssh-ed25519-ed448-01.txt
Daniel Migault <daniel.migault@ericsson.com> Mon, 06 August 2018 15:53 UTC
Return-Path: <mglt.ietf@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EFCB130EF6 for <curdle@ietfa.amsl.com>; Mon, 6 Aug 2018 08:53:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t8tt13zs0SSq for <curdle@ietfa.amsl.com>; Mon, 6 Aug 2018 08:53:06 -0700 (PDT)
Received: from mail-lj1-x229.google.com (mail-lj1-x229.google.com [IPv6:2a00:1450:4864:20::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 201A1130ED6 for <curdle@ietf.org>; Mon, 6 Aug 2018 08:53:06 -0700 (PDT)
Received: by mail-lj1-x229.google.com with SMTP id 203-v6so10965287ljj.13 for <curdle@ietf.org>; Mon, 06 Aug 2018 08:53:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=MQfQj8nqPEhVQo+FFL0ceE85u7LLzhwKaoN+nlMIWcg=; b=lsUmr7vua9q7GehMA0GkyKP7UUOuqdyF3JpXgD6h7vzrCDvOpfolK8WCZ0FvtXicnt oHig9eviK/nwz6yAMiw1pBeZuAzSxmBPgGtFYlIbq6zlazCIOcaV/hCzfvyu8n4r5jC3 tCGLgXUTaXIlqvlf2BWIzP932wnIOTDwFn4jtv0gPKUav/o0lwZ0reE/r3rdUPFMQfY3 vn4PF8a2JDd20icWXVGHm8PezKgq0Al6WrRehBH2nZTNT4PPNxlko4D2AhlguV9MYcR6 aDPPCe4kPnCc3SCUhiFmo9NclomXjrleWjg+FLe+3EwAbgZY1ditsujob7+Xcebyfawi xXBQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=MQfQj8nqPEhVQo+FFL0ceE85u7LLzhwKaoN+nlMIWcg=; b=SrSyatGhbggz43tjAfSKRJn9fQCPcUDLKsFZfi+SwiMHyyXD0JzcoiySM5W99/T826 wGGcWSkD3UqOnfXA4oLG/E/NU5MAULqnun832pfm7ZoefmwwCroBBvCUNIVdoLal6JTG pm25ip+WmXnooHvJk8UWTm1shYaconCF6IYoibELblsGJh74ML4EITa9ut6gPqr6nDgh dHgSqLou7rc3cAnB94qZ6Lblj3knI26xJblrzHRX3C7rRb5dVgc9jD1GuUlgTOOlEaen YmGMVRDa7edhJT33sX/nXH4F7L8SPZ3wzRIDiuavZ0hZtCEa2Lllkvj7gMEfnmeQezfR pC+A==
X-Gm-Message-State: AOUpUlEjrR/dvuG6u6uy9bO9S+4GRkDzsv6ph3/qVjvzdqf6qX5l/6EJ nymqsljDeuFm+vM5Tp1QnVIG1OInBYp/AqU7k9I=
X-Google-Smtp-Source: AAOMgpetJB2sm+OrN3F8ZUQZrA/uEjRVludpEPAQqjjVhzehjCDnmzrYcXHKRyY0q8x1TL2FFj6GlRGmlJuP1572aS8=
X-Received: by 2002:a2e:1d50:: with SMTP id d77-v6mr12945273ljd.104.1533570784297; Mon, 06 Aug 2018 08:53:04 -0700 (PDT)
MIME-Version: 1.0
Sender: mglt.ietf@gmail.com
Received: by 2002:a2e:5295:0:0:0:0:0 with HTTP; Mon, 6 Aug 2018 08:53:03 -0700 (PDT)
In-Reply-To: <83201.1530913429@eng-mail01.juniper.net>
References: <153052153971.27909.10469976224660738011@ietfa.amsl.com> <CADZyTk=VqZYP9eJTfdQdWKevTEwL143PfWB0VK5_RxEN9qX5Kw@mail.gmail.com> <83201.1530913429@eng-mail01.juniper.net>
From: Daniel Migault <daniel.migault@ericsson.com>
Date: Mon, 06 Aug 2018 11:53:03 -0400
X-Google-Sender-Auth: 2jo9YUg9ks5974Hnv6KYbng-3NA
Message-ID: <CADZyTknb-FV+SS4cE_Kb+aro0hDsfVAXxnGm0h0xq0atTioa6Q@mail.gmail.com>
To: "Mark D. Baushke" <mdb@juniper.net>
Cc: curdle <curdle@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d605b40572c645b7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/vAt_Flk4e2H6qZOj93lQEXU8G6c>
Subject: Re: [Curdle] I-D Action: draft-ietf-curdle-ssh-ed25519-ed448-01.txt
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Aug 2018 15:53:19 -0000
Hi,
In addition to Mark's comment, please find my review of the document.
Comments are indicative, so you may find better ways to address them than
what I suggest. Please update the next version by the end of August.
Yours,
Daniel
Ed25519 and Ed 448 public key algorithms for the Secure Shell (SSH)
protocol
draft-ietf-curdle-ssh-ed25519-ed448-01
[...]
1. Introduction
Secure Shell (SSH) [RFC4251] is a secure remote-login protocol. It
provides for an extensible variety of public key algorithms for
identifying servers and users to one another. Ed25519 [RFC8032] is a
digital signature system. OpenSSH 6.5 [OpenSSH-6.5] introduced
support for using Ed25519 for server and user authentication.
Compatible support for Ed25519 has since been added to other SSH
implementations. Ed448 [RFC8032] is another digital signature
system.
<mglt>
I am reading the sentence "Compatible support" as variants, and a such the
current document may describe on eor the other variant. I am not sure the
Ed448 sentence adds much information. I would rather propose the following
wording:
OLD:
OpenSSH 6.5 [OpenSSH-6.5] introduced
support for using Ed25519 for server and user authentication.
Compatible support for Ed25519 has since been added to other SSH
implementations. Ed448 [RFC8032] is another digital signature
system.
NEW:
OpenSSH 6.5 [OpenSSH-6.5] introduced
support for using Ed25519 for server and user authentication and was
then followed by other implementations.
</mglt>
This document describes the method implemented by OpenSSH and others,
and formalizes its use of the name "ssh-ed25519". Additionally, it
also describes the use of Ed448 and formalizes its use of the name
"ssh-ed448".
[TO BE REMOVED: Please send comments on this draft to
curdle@ietf.org.]
2. Conventions Used in This Document
3. Public Key Algorithm
4. Public Key Format
5. Signature Algorithm
6. Signature Format
7. Verification Algorithm
8. SSHFP DNS resource records
<mglt>
The main purpose of this section is the IANA registration for the "SSHFP RR
Types for public
key algorithms" registry. I would thus start the section as follows:
Usage and generation of SSHFP DNS resource record is described in RFC 4255.
The generation of SSHFP resource records for "ssh-ed25519" keys is
described in [RFC7479]. This section illustrates the generation of SSHFP
resource records for "ssh-ed448" keys and the document specifies the
corresponding Ed448 code point to the "SSHFP RR Types for public key
algorithms" IANA registry.
</mglt>
The generation of SSHFP resource records for "ssh-ed25519" keys is
described in [RFC7479].
The generation of SSHFP resource records for "ssh-ed448" keys is
described as follows.
Harris & Velvindron Expires January 3, 2019 [Page 3]
Internet-Draft Ed25519 for SSH July 2018
the SSHFP Resource Record for the Ed448 public key with SHA-256
fingerprint would be example be: ssh.hackers.mu IN SSHFP 5 2 (
a87f1b687ac0e57d2a081a2f2826723 34d90ed316d2b818ca9580ea384d924 01 )
<mglt>
probably having the DNS in a figure would ease the reading.
I believe it would also be nice to have the key used to generate the
example.
5 is 'To be defined' TBD
Maybe it would be good to also indicate that 2 indicates the SHA2 as a
complete example. (rfc6594).
</mglt>
9. IANA Considerations
This document augments the Public Key Algorithm Names in [RFC4250],
Section 4.6.2 [RFC4250].
IANA is requested to add to the Public Key Algorithm Names registry
[IANA-PKA] with the following entry:
<mglt>
It is also better to indicate the type of review. In this case the addition
of the code point requires an IETF review.
</mglt>
Public Key Algorithm Name Reference
------------------------- ----------
ssh-ed25519 This Draft
ssh-ed448 This Draft
IANA must add the following entry to the "SSHFP RR Types for public
key algorithms" registry:
<mglt>
is requested may be better ;-)
The registry got a Public Key Format column. This should also be mentioned
in this section.
</mglt>
+--------+-------------+------------+
| Value | Description | Reference |
+--------+-------------+------------+
| 5 | Ed448 | [this-draft] |
+--------+-------------+------------+
[TO BE REMOVED: This registration should take place at the following
location: <http://www.iana.org/assignments/ssh-parameters/ssh-
parameters.xhtml#ssh-parameters-19>]
<mglt>
Maybe that would be good to have the URL as an informational reference. The
reference is for the previous registry ( i.e. Public Key Algorithm name
reference.
The latest is
https://www.iana.org/assignments/dns-sshfp-rr-parameters/dns-sshfp-rr-parameters.xhtml
The review is also an IETF review.
Though 5 is the most likely value. It might be better to have it as TBD and
then suggest TBD to be 5 to the IANA.
</mglt>
10. Security Considerations
The security considerations in [RFC4251], Section 9 [RFC4251] apply
to all SSH implementations, including those using Ed25519 and Ed448.
<mglt>
RFC6469 may also be references here.
</mglt>
The security considerations in [RFC8032], Section 8 [RFC8032] apply
to all uses of Ed25519 and Ed448 including those in SSH.
On Fri, Jul 6, 2018 at 5:43 PM, Mark D. Baushke <mdb@juniper.net> wrote:
> The https://tools.ietf.org/html/draft-ietf-curdle-ssh-ed25519-ed448-01
> looks better than the -00 revision.
>
> A very minor correction should be the table in section 9 which adds the
> SSHFP RR Type value 5 for "Ed448" for SSHFP RR Types for public key
> algorithms.
>
> I believe there should be an informative reference to [IANA-SSHFP]
> https://www.iana.org/assignments/dns-sshfp-rr-parameters/dns-sshfp-rr-
> parameters.xhtml#dns-sshfp-rr-parameters-1
>
> which is the IANA.ORG parameter table that should be updated.
>
> Thank you,
> -- Mark
>
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle
>
- Re: [Curdle] I-D Action: draft-ietf-curdle-ssh-ed… Daniel Migault
- Re: [Curdle] I-D Action: draft-ietf-curdle-ssh-ed… Mark D. Baushke
- [Curdle] I-D Action: draft-ietf-curdle-ssh-ed2551… internet-drafts
- Re: [Curdle] I-D Action: draft-ietf-curdle-ssh-ed… Daniel Migault
- Re: [Curdle] I-D Action: draft-ietf-curdle-ssh-ed… Loganaden Velvindron