Re: [Curdle] Comments on draft-ietf-curdle-ssh-ext-info
Peter Gutmann <pgut001@cs.auckland.ac.nz> Thu, 06 April 2017 12:04 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B90141201F8 for <curdle@ietfa.amsl.com>; Thu, 6 Apr 2017 05:04:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F0gOhNVc88CW for <curdle@ietfa.amsl.com>; Thu, 6 Apr 2017 05:04:34 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 798D7129461 for <curdle@ietf.org>; Thu, 6 Apr 2017 05:04:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1491480272; x=1523016272; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=jaMUm5N8h0r2ijyIddZmeQ9NtMuejgE72S1uYjtN+k8=; b=t1bVnPy04SobfM8dsWGvK07Yml7eJNLf+ohg3qt0BazZLPsYUPQZTW0o yFL8xmehSNdwZdM8EbRBTWpT8Pw632o+0z2cyVxWTp48OvUo813dxOGj0 s3O1YP7AAGO3cB9HFXmqbz7twMuUc3yDZX4yZFcAIjLRac5mihttsgYs/ TpaiRL4r2NRGS741xJJ+NhIyYrnBWrfoTWLms/sXFywORTAiCUfXCxEH/ 3ymlC4YjjYGKyRENJgMKsiDQy2yzcVkNwqJdmyWovEccTf87x8Z06k8uU uYMYaSQPMAtWjUy5/4BDC72fh5tRW2TTo5kRYqa1LJD29e7dMCMiyjSgM A==;
X-IronPort-AV: E=Sophos;i="5.37,159,1488798000"; d="scan'208";a="148258507"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.2.8 - Outgoing - Outgoing
Received: from uxcn13-ogg-e.uoa.auckland.ac.nz ([10.6.2.8]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 07 Apr 2017 00:04:29 +1200
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-ogg-e.UoA.auckland.ac.nz (10.6.2.8) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Fri, 7 Apr 2017 00:04:28 +1200
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) with mapi id 15.00.1263.000; Fri, 7 Apr 2017 00:04:28 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "denis bider (Bitvise)" <ietf-ssh3@denisbider.com>, Daniel Migault <daniel.migault@ericsson.com>, curdle <curdle@ietf.org>
Thread-Topic: [Curdle] Comments on draft-ietf-curdle-ssh-ext-info
Thread-Index: AQHSn+vj75AP59wDbUy5ryRiOFPQYKGb4DhQgAWgX4CAA91Jyf//yxWAgBMy0Xk=
Date: Thu, 06 Apr 2017 12:04:27 +0000
Message-ID: <1491480250094.74577@cs.auckland.ac.nz>
References: <2DD56D786E600F45AC6BDE7DA4E8A8C118BA5A70@eusaamb107.ericsson.se> <1489827654266.43895@cs.auckland.ac.nz>, <50977E6A3D174856B8DAF264C3CB81E8@Khan> <1489914378158.63423@cs.auckland.ac.nz>, <74B4C5B2AFD644748A0E1B0957A22C96@Khan> <1490436136828.60577@cs.auckland.ac.nz>, <76BA84F1D47F476A8DB5C8CC42AA1B57@Khan>
In-Reply-To: <76BA84F1D47F476A8DB5C8CC42AA1B57@Khan>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/xaWIVXeI6wrTeUyHahNIFcku4Ok>
Subject: Re: [Curdle] Comments on draft-ietf-curdle-ssh-ext-info
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Apr 2017 12:04:37 -0000
denis bider (Bitvise) <ietf-ssh3@denisbider.com> writes: >Can you point out some of these subtle problems that could occur in this >regard in SSH? I was thinking of the problem that it's essentially impossible to safely do n- RTT, n < 1, for TLS, which meant that doing the same thing for SSH wasn't going to be any better. I was reasoning by analogy from TLS rather than sitting down and drawing diagrams for SSH to try and figure out all the possible issues. >Under the assumption that such an extension were defined, can you point out >at least one way that sending this info right after NEWKEYS can help an >attacker? It depends on the extension. Without one defined, there's no way to tell at the moment. I could invent something that works out badly, but that'd be creating a strawman... my concern is that in the future someone may define a problematic extension without realising that they're creating a problem. Perhaps adding an implementation note to say that at this point the crypto hasn't been confirmed yet and so you may want to be careful about what you put into your extension data would be useful? >But the extension value field is generically a string (it must be same type >for all extensions, so unsupported extensions can be decoded and ignored). >"p" and "s" are therefore fitting ways to express this boolean. Wouldn't "true" and "false" be a better way to express a boolean? I realise this is kinda bikeshedding, but having to look up the spec just to figure out what mysterious magic values in a boolean field specify seems a bit awkward. >Properly implemented flow control is superior. However, this extension is a >nod to that not everyone will be using an SSH library that does this right, >and "no-flow-control" is a better option if your needs are simple, and you >don't have a few years to get this right. Given that there are a nonzero number of implementations that send a window size of ~0 to indicate no flow control, it may be useful to add an implementation note to point this out. I enabled some diagnostic code to throw an exception in my code if it found this from another implementation (other than mine) and got, uh, feedback from beta-testers about it, so at least some implementations are using a pseudo-infinite window size to indicate no flow control. I'm not saying it should be adopted as an alternative to "no-flow-control", but merely to alert implementers about the practice, e.g. a certain big iron vendor whose device would crash and reboot as it tried to allocate ~0 bytes of memory to match the widow size. Peter.
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… Eric Rescorla
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… denis bider
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… denis bider
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… Peter Gutmann
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… Peter Gutmann
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… Peter Gutmann
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… denis bider
- [Curdle] Multiple WGLC Daniel Migault
- Re: [Curdle] Multiple WGLC Peter Gutmann
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… denis bider (Bitvise)
- Re: [Curdle] Multiple WGLC Mark D. Baushke
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… Benjamin Kaduk
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… Peter Gutmann
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… denis bider (Bitvise)
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… Peter Gutmann
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… denis bider (Bitvise)
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… Peter Gutmann
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… denis bider
- Re: [Curdle] Comments on draft-ietf-curdle-ssh-ex… Eric Rescorla