IETF Logo Mail Archive

Re: [Curdle] Ben Campbell's Discuss on draft-ietf-curdle-ssh-ext-info-12: (with DISCUSS and COMMENT)

denis bider <denisbider.ietf@gmail.com> Thu, 14 September 2017 04:47 UTC

Return-Path: <denisbider.ietf@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F29112895E; Wed, 13 Sep 2017 21:47:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dv9V_0G5AuHa; Wed, 13 Sep 2017 21:47:11 -0700 (PDT)
Received: from mail-lf0-x235.google.com (mail-lf0-x235.google.com [IPv6:2a00:1450:4010:c07::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C25A12422F; Wed, 13 Sep 2017 21:47:11 -0700 (PDT)
Received: by mail-lf0-x235.google.com with SMTP id l196so5406291lfl.1; Wed, 13 Sep 2017 21:47:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=XkL75XMMIh1LdemtSHIdSrnsH4pV614FqK9x025K5ro=; b=hwlRUTMzYcwcKoJsuNbb2R61cRfupUY17DoZqmP2qq1IzZJeWLhGJ7aF/t97R8pi+Q Ah9vHlz/OtaiBZWrpf9A7JqiW8pKEGPq/9p0rs8xMWHLFj0Py8NgqiL+MJgGWQtWXrff S9jyLoSjxwDFm1w3PE4Pgm3OCxMe4Hl6GYNNU8Uk9FMNtrIlmqWhlm6rLbzNRDhkrAn+ i3OLuaYMX991YQ3KtCu5CIw3zJ+Bv/UrNMi9J9VmnmMLFf/vEYlPqbgVJW9ttOmv4Mv1 1mwAR88G4pR3x8aZ3wtRwvZJKJuYPM4xPFGwLJ/m6FbgjavONChPwUtCFLVcrbaIpZdl i+yQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=XkL75XMMIh1LdemtSHIdSrnsH4pV614FqK9x025K5ro=; b=drX/nPk62kZu23PQf6NRiZewL9BPHHQ8W3ktx8x5RW4xPpnh8gOTvmocosrBuNv5mZ sX2T5Kqjzl6BBSeWE7kBQHZUYWRnlycTiw9wH2iS10GLRN477/bzHLz9fF++iYQCS4Vy ncxlXAuPNe2PkRoWndWSK6GyY0SCmUtMu7IwgtU8mEXfL97sTD/iahm/vqLHUfBNftq7 0dHvoz6MKTknvqC1a5PP7zKaZj3N5wMdDEx8SNM3td8RGtjMUHfKcTXUXGPAtEpg+uQ/ WuaUyyFr0hcUU3ZuxeFFfd1QMSvUiF9gfWfx7r6THS5JiDSLeBSyQiyY0Wr3lXrc5AkU nJcA==
X-Gm-Message-State: AHPjjUgVl+3pG9LTbgxxlEZjUWrWcvDKW4731t6kYBGePHXnuPY8FXgj CCwO+aHNT1VEuocE5UeZVVw6E+eBMJti7WA2g/M+Rw==
X-Google-Smtp-Source: AOwi7QC9OD90wPdyWLEFWQ8mYcI8RcZnZv2qAxTtGB9xNzU2hfqikpZT9FrWHDN3dDnC1GkRSt1GjNMhyGia8Rvv5wg=
X-Received: by 10.46.88.20 with SMTP id m20mr1822071ljb.72.1505364429469; Wed, 13 Sep 2017 21:47:09 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.179.27.209 with HTTP; Wed, 13 Sep 2017 21:47:08 -0700 (PDT)
In-Reply-To: <255F9E42-377B-43AF-AFA1-B67C9BC0F714@nostrum.com>
References: <150533102741.30467.13878869431655356929.idtracker@ietfa.amsl.com> <CADPMZDD1ApUzELbNcG-WM3-EoSxGNppWP6mA6FoFr1Ga=a7x8A@mail.gmail.com> <255F9E42-377B-43AF-AFA1-B67C9BC0F714@nostrum.com>
From: denis bider <denisbider.ietf@gmail.com>
Date: Wed, 13 Sep 2017 22:47:08 -0600
Message-ID: <CADPMZDB7nS19=vzkaGa3uKnh4DSxEOVstNhopURLGMrGWXRxYQ@mail.gmail.com>
To: Ben Campbell <ben@nostrum.com>
Cc: The IESG <iesg@ietf.org>, Daniel Migault <daniel.migault@ericsson.com>, curdle-chairs <curdle-chairs@ietf.org>, curdle <curdle@ietf.org>, draft-ietf-curdle-ssh-ext-info@ietf.org
Content-Type: multipart/alternative; boundary="f4030438d534137d0605591ef889"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/yI0E-ngQBSC-Ndzt6ZkMyWnEmvI>
Subject: Re: [Curdle] Ben Campbell's Discuss on draft-ietf-curdle-ssh-ext-info-12: (with DISCUSS and COMMENT)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Sep 2017 04:47:14 -0000

> I do not see a response to my comment on the “*” note in section 2.4.
> Did that change as part of the rewrite of that section that you mention
below?

Aye, sorry for not mentioning that. Most of the text was kept, but it was
slightly rearranged. The sentence containing the inappropriate MUST was
replaced with:

"The timing of the second opportunity is chosen for the following reasons."


> Don’t get me started on center embedding in English :-)

:D


> The issue is redundant normative language, where it becomes
> ambiguous which piece of text is authoritative.

Aye - it does violate the one-definition rule.

I have changed the first mention as follows:

"Implementers' attention is called to Section 2.5., in particular the
requirement to tolerate any sequence of bytes - including null bytes at any
position - in an unknown extension's extension-value."


I have previously contemplated whether to add explicit mention of the
OpenSSH behavior up to 7.5. On the one hand, it is poor practice to
reference individual implementations. But on the other hand, this is a
widespread implementation that everyone will want to interoperate with. If
we provide no guidance about how to handle this bug, it will throw
implementers for a spin, and worse, the compatibility workarounds may not
be ideal. (E.g. people may avoid sending binary extension-values to ANY
version of OpenSSH, instead of just versions up to 7.5.)

For this reason, I have provisionally added the following section under the
"delay-compression" extension:


3.2.3.  Compatibility Note: OpenSSH up to 7.5

  This extension uses a binary extension-value encoding. OpenSSH clients
  up to and including version 7.5 advertise support to receive
  SSH_MSG_EXT_INFO, but disconnect on receipt of an extension-value
  containing null bytes. This is an error fixed in OpenSSH version 7.6.

  Implementations that wish to interoperate with OpenSSH 7.5 and earlier
  are advised to check the remote party's SSH version string, and omit
  this extension if an affected version is detected. Affected versions
  do not implement this extension, so there is no harm in omitting it.
  The extension SHOULD NOT be omitted if the detected OpenSSH version is
  7.6 or higher. This would make it harder for the OpenSSH project to
  implement this extension in a higher version, if they so choose.


This might be unusual, but since the bug exists in current versions, it
will stay relevant for 5+ years. I think it may be worthwhile to ensure
everyone's workarounds are consistent.

The alternative would be to change the spec to disallow binary
extension-values, but I think this is long-term inferior (especially since
OpenSSH has committed to fixing the bug).

denis






On Wed, Sep 13, 2017 at 10:22 PM, Ben Campbell <ben@nostrum.com> wrote:

> Hi,
>
> Thanks for the response. Comments inline. I deleted sections that do not
> seem to need further discussion.
>
> I do not see a response to my comment on the “*” note in section 2.4. Did
> that change as part of the rewrite of that section that you mention below?
>
> Thanks!
>
> Ben.
>
>
> > On Sep 13, 2017, at 11:05 PM, denis bider <denisbider.ietf@gmail.com>
> wrote:
> >
> > > I don't think allowing specific extensions
> > > to add ordering requirement works.
> >
> > OK, fair point.
> >
> > That makes two votes against this. There is currently no known extension
> that needs this, and if one does arise, there exist other possible
> approaches for what is required. I have removed.
>
> Thanks! I will clear my discuss.
>
> […]
>
> >
> >
> > > -2.1, first paragraph: "Applications implementing this mechanism
> > > MUST add to the field "kex_algorithms", in their KEXINIT packet
> > > sent for the first key exchange, one of the following indicator names:"
> > > That's hard to parse.
> >
> > I'm guessing you're not a German speaker. :)
>
> Don’t get me started on center embedding in English :-)
>
> > The issue raised here seems to be that one needs to read to the end of
> the sentence to fully understand what is being added ("one of the following
> indicator names").
> >
> > No problem, rearranged sentence.
> >
> >
> > > -2.5, 2nd to last paragraph: "... applications MUST tolerate
> > > any sequence of bytes; including null bytes at any position;
> > > in an unknown extension’s extension-value."
> > > Redundant to similar normative statement in 2.3.
> >
> > Aye, this is redundant on purpose. If this is not followed, it is
> devastating to compatibility. OpenSSH in particular has this issue in
> currently released versions (including 7.5, the latest). They stated
> they'll fix this for 7.6, but a workaround is required to NOT send
> extension-values containing null bytes to OpenSSH servers.
> >
> > The bug is not on purpose, it's because they have multiple functions to
> decode an SSH string - some that allow for binary data, some that don't.
> They accidentally used the one that doesn't allow binary data to decode
> extension-values.
> >
> > That's bad - and easy to proliferate as long as the most commonly used
> extensions don't exercise binary data. Fortunately, OpenSSH doesn't hide
> its version string, so the compatibility workaround is straightforward.
> That's not the case for all implementations.
> >
> > This is super important not to miss. The spec is somewhat big, and
> implementers might read one part at one time, and another part at another.
> I would prefer that this is not missed by anyone.
>
> I have no objection to reinforcing a requirement. The issue is redundant
> normative language, where it becomes ambiguous which piece of text is
> authoritative. It’s not a real issue here because the statements are
> consistent (which is why I marked that as “editorial”. ), but it can become
> a maintenance issue in the future if the resulting RFC is updated or
> obsoleted.
>
> So my suggestion, which you can freely ignore, is to change one of the
> occurrences to use descriptive (that is, non 2119)  language.
>
> >
> > denis
> >
> >
> >
> > On Wed, Sep 13, 2017 at 1:30 PM, Ben Campbell <ben@nostrum.com> wrote:
> > Ben Campbell has entered the following ballot position for
> > draft-ietf-curdle-ssh-ext-info-12: Discuss
> >
> > When responding, please keep the subject line intact and reply to all
> > email addresses included in the To and CC lines. (Feel free to cut this
> > introductory paragraph, however.)
> >
> >
> > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.
> html
> > for more information about IESG DISCUSS and COMMENT positions.
> >
> >
> > The document, along with other ballot positions, can be found here:
> > https://datatracker.ietf.org/doc/draft-ietf-curdle-ssh-ext-info/
> >
> >
> >
> > ----------------------------------------------------------------------
> > DISCUSS:
> > ----------------------------------------------------------------------
> >
> > I plan to ballot "yes", but I want to discuss one point first. Alexey
> mentioned
> > this in his comments, but I think it's discuss worthy. Hopefully it's an
> easy
> > fix, and it may well be because I've missed something obvious. If people
> think
> > it really, really needs to be this way, I will clear--but I want to
> discuss it
> > first:
> >
> > - 2.5: The relative order in which extensions appear in an
> >   EXT_INFO message MUST be ignored by default; but an extension MAY
> >   specify that the order matters for that extension, in a specific way.
> >
> > I don't think allowing specific extensions to add ordering requirement
> works.
> > It opens up the possibility of incompatible ordering requirements across
> > extensions. As far as I can tell, the only control over this is the "IETF
> > Consensus" requirement for adding new extensions. I'm open to arguments
> that
> > this is good enough, but my knee-jerk response is that it puts an undue
> burden
> > on the consensus process for little return.
> >
> >
> > ----------------------------------------------------------------------
> > COMMENT:
> > ----------------------------------------------------------------------
> >
> > Substantive:
> >
> > -2.3: "This message is sent immediately after SSH_MSG_NEWKEYS, without
> delay."
> > That seems to be contradicted in section 2.4, which talks about two other
> > potential times.
> >
> > -2.4, last paragraph (asterisk note): "The message MUST be sent at this
> point
> > for the following reasons:" That's a confusing use of MUST. Do you mean
> that
> > the message MUST NOT be sent unless the reasons are true? Or that if the
> > reasons are true, the message MUST be sent? Or is this just a statement
> of
> > fact, in which case the 2119 keyword is not appropriate?
> >
> > -2.5, 2nd paragraph: "or it MAY be sufficient that only one party
> includes it"
> > That seems like a statement of fact rather than a grant of permission.
> If so,
> > the 2119 MAY is not appropriate.
> >
> > Editorial:
> >
> > -2.1, first paragraph: "Applications implementing this mechanism MUST
> add to
> > the field
> >   "kex_algorithms", in their KEXINIT packet sent for the first key
> >   exchange, one of the following indicator names:"
> >
> > That's hard to parse.  Suggestion:
> > "Applications implementing this mechanism MUST add one of the
> >  following indicator names to the "kex_algorithms" field for the first
> >  key exchange:"
> >
> > -2.5, 2nd to last paragraph: "... applications MUST
> >   tolerate any sequence of bytes; including null bytes at any position;
> >   in an unknown extension’s extension-value."
> >
> > Redundant to similar normative statement in 2.3.
> >
> >
> > _______________________________________________
> > Curdle mailing list
> > Curdle@ietf.org
> > https://www.ietf.org/mailman/listinfo/curdle
> >
>
>

v2.23.0 | Report a Bug | By Email