Re: [Curdle] Genart last call review of draft-ietf-curdle-ssh-kex-sha2-14

"Mark D. Baushke" <mdb@juniper.net> Mon, 15 February 2021 18:54 UTC

Return-Path: <mdb@juniper.net>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 910DC3A0FDC; Mon, 15 Feb 2021 10:54:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.769
X-Spam-Level:
X-Spam-Status: No, score=-0.769 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.57, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=ImzlOXaH; dkim=pass (1024-bit key) header.d=juniper.net header.b=UQ1+97a0
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2O6V79AGgWFE; Mon, 15 Feb 2021 10:54:47 -0800 (PST)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EE443A0FDA; Mon, 15 Feb 2021 10:54:44 -0800 (PST)
Received: from pps.filterd (m0108156.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 11FIdN5G005128; Mon, 15 Feb 2021 10:54:43 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : cc : subject : in-reply-to : references : from : mime-version : content-type : content-id : date : message-id; s=PPS1017; bh=yGA17GyYw15AO/yYq9UF4Mnz8Sptje7nqbaQeCmczpU=; b=ImzlOXaHSi5vUgtc3CSo7t2WjnxoaJCJGlD7wQBlX0jXrvFHdLunA7a3fSYWlYqq1qUL ff5VVm9nlNBNNZIxq0QMl6mSNPh1/pUUE3Ad/+DbMv3n0vHVQTR40ihjCqzuAZvVgfMg S+UwQBgBCkg6/50A+uR4OlqGi0hp40Vyo+yV3SVitlghVSYzGRrrhHUbQGfNGzGONUBR DgEFisAeptU+9aXQzcDJxhJq0H7v87ml4sykLV5qUJImzjLw3mmQWzVEouM1rrSzRB/l 8umCkpyR/wb+4GdoBuBt6TR9W7j13NQTs5a587o6xfmf+W0bR/5+DEnyXuSrwXBpGrWq 8A==
Received: from nam02-cy1-obe.outbound.protection.outlook.com (mail-cys01nam02lp2054.outbound.protection.outlook.com [104.47.37.54]) by mx0a-00273201.pphosted.com with ESMTP id 36penuauwb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 15 Feb 2021 10:54:42 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZEIimwDq9n3pMbOhVcnuorrKLiOOcKp9d4wiG5J0x9sjtjEx9OUvnk4sp6p8YqsdrYRZj79qSBUzowxK01W2c888hdsgR5rgbKWh48X+RPhGORr+BNfkghcxENgbdugvxEsCXRpPI+K7w19a7HYT367OjzgdRhxbTFCLivAzkelvWgK9GBbq1y7+I6xh+c003iM78N9JQIGV96sHxk+kzY/hMiMd5w/6BmPsjniOr/LPlZdNntjgwsVKxur0OVSX7khdvvLTTekL6hATI/zDm+MI2FotT1HEogguczPRhCzT4uWRyeUsjpSXMn/g+4+ZkPAIi5Y0NWNP3oHForBNXw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yGA17GyYw15AO/yYq9UF4Mnz8Sptje7nqbaQeCmczpU=; b=IPu3MUQQ+E0FJVqgqtBshcREPMOMW30quhNshj5NP5cwWTxHaQfOV3t5Vrl/OU9Qh7FX+oboj3L7Z0sVsdAm1QfzqxXC0Fp+mRFafAfy77J8yvxV+0VtK0RVcXCcvJv7Gw9Xl9cqlf9nAZHEKDb86bb3vOicyH/BHUBc4bpRCFrAVtMH2EC1pZIZAxKA0OAhv+/SWHOVKogImod92dQI63OLyt0wLM6CJ72XGOgcCGv6oJbOeMFCSEjZZp6M3+0fakqqq9xHXnLNcwT1pSOyfsG2j26Spm5AzHaiE+2fvsmny+KzRMBOklcG3E5DdnTGwkWpMmyEI1CT6EYe8l6Chw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip is 66.129.239.12) smtp.rcpttodomain=ietf.org smtp.mailfrom=juniper.net; dmarc=fail (p=reject sp=reject pct=100) action=oreject header.from=juniper.net; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yGA17GyYw15AO/yYq9UF4Mnz8Sptje7nqbaQeCmczpU=; b=UQ1+97a0UpC5lDZUoM+wqM/FoJNkeBT9tkqDesKBxyzBYwdk11QCjGQCOayIrKye9Xvl+OD4v5kUJESc8vPcMH98N9l7YtT8FGsn2zl8sTBDtL3mSRte6kbWdzUP/MdWh3FXVgiPT+5bR6MRHpoAHkShiE2dEzLlDVVkTwm2PxQ=
Received: from CO2PR18CA0043.namprd18.prod.outlook.com (2603:10b6:104:2::11) by PH0PR05MB7996.namprd05.prod.outlook.com (2603:10b6:510:77::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3868.11; Mon, 15 Feb 2021 18:54:41 +0000
Received: from MW2NAM12FT030.eop-nam12.prod.protection.outlook.com (2603:10b6:104:2:cafe::4b) by CO2PR18CA0043.outlook.office365.com (2603:10b6:104:2::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3846.25 via Frontend Transport; Mon, 15 Feb 2021 18:54:41 +0000
X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is 66.129.239.12) smtp.mailfrom=juniper.net; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=fail action=oreject header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender)
Received: from P-EXFEND-EQX-01.jnpr.net (66.129.239.12) by MW2NAM12FT030.mail.protection.outlook.com (10.13.181.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3868.20 via Frontend Transport; Mon, 15 Feb 2021 18:54:40 +0000
Received: from P-EXBEND-EQX-02.jnpr.net (10.104.8.53) by P-EXFEND-EQX-01.jnpr.net (10.104.8.54) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 15 Feb 2021 10:54:40 -0800
Received: from p-mailhub01.juniper.net (10.104.20.6) by P-EXBEND-EQX-02.jnpr.net (10.104.8.53) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Mon, 15 Feb 2021 10:54:40 -0800
Received: from svl-bsdx-06.juniper.net (svl-bsdx-06.juniper.net [10.160.3.21]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id 11FIsdjV005426; Mon, 15 Feb 2021 10:54:39 -0800 (envelope-from mdb@juniper.net)
To: Roni Even <ron.even.tlv@gmail.com>
CC: <gen-art@ietf.org>, <last-call@ietf.org>, <curdle@ietf.org>, <draft-ietf-curdle-ssh-kex-sha2.all@ietf.org>
In-Reply-To: <161338412196.6190.4594634347573267176@ietfa.amsl.com>
References: <161338412196.6190.4594634347573267176@ietfa.amsl.com>
Comments: In-reply-to: Roni Even via Datatracker <noreply@ietf.org> message dated "Mon, 15 Feb 2021 02:15:21 -0800."
From: "Mark D. Baushke" <mdb@juniper.net>
X-Phone: +1 408 745-2952 (Office)
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
X-Face: #8D_6URD2G%vC.hzU<dI&#Y9szHj$'mGtUq&d=rXy^L$-=G_-LmZ^5!Fszk:yXZp$k\nTF? 8Up0!v/%1Q[(d?ES0mQW8dRCXi18gK)luJu)loHk, }4{Vi`yX?p?crF5o:LL{6#eiO:(E:YMxLXULB k|'a*EjN.B&L+[J!PhJ*aX0n:5/
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <13526.1613415279.1@svl-bsdx-06.juniper.net>
Date: Mon, 15 Feb 2021 10:54:39 -0800
Message-ID: <13529.1613415279@svl-bsdx-06.juniper.net>
X-EXCLAIMER-MD-CONFIG: e3cb0ff2-54e7-4646-8a04-0dae4ac7b136
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: e33b961e-23fb-4166-25df-08d8d1e326ac
X-MS-TrafficTypeDiagnostic: PH0PR05MB7996:
X-Microsoft-Antispam-PRVS: <PH0PR05MB7996AAE9FC1D39436B89DC34BF889@PH0PR05MB7996.namprd05.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 0jhkLRy/Yzf1tKshG0+A85r5MG/NvdTMZFpjQMaapnOpocPLtKU0ChGuFWFkOW4vhFilgIS6XwbhmRM6JId2k5Jid2aP9mAgQo3MzccEcnsB4y9qziAjYAHPj3PfnqHwLesWXvnPVFszs/oWrc3uy7YXx7/omPpXTTiSk+AW1mDQO7QxpinEk/ZLZ9qMqG2AsgmB1JUdh7ymTcX7KScJQkZB2J9d5zOiBJc8vAEUq8jxHI7Mf0mVe54EjmWIervlKSHEwxeBJTX5j5/pBlah2ASTKBEyhLc4zUtNu6bH66J7FG+Msgp4nwqZHtrrETC3wVWREuWypXSTm+DEIbxfcmCNZUU45tY2Zs9mQB+qQC6LLx9330jBXRJKAkjxiOgOdyvGdYTpK3GFXMWvwcY6JnboZjJL9lgN49iw9E9JSEQNrm0ho4vz1ZayccmtcUSeNtCPa4Es46ixHVl8r6YHNeDb1VVFdm//IHRrawfQ0unDfogJigxYr2lPZgEt/97SfKCsHLu55rJu10sksc4PJIfKD+SxhYeUVgVSJbgZO/IYgWE3heCZ/uRGd1oDtsHODK1v4EKqxjq9GMsymNBYRbazs7SxMQ46SQ7g+kr4RdphvjerwMfmuma+sD0009HD56Rvndj/N/8dGkpnSMUCUaSQ84ic28DNT83qxFLMFX61ZZjLpD7vb22hzdec8cgS
X-Forefront-Antispam-Report: CIP:66.129.239.12; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:P-EXFEND-EQX-01.jnpr.net; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(4636009)(396003)(376002)(39860400002)(136003)(346002)(36840700001)(46966006)(83380400001)(26005)(54906003)(8936002)(70206006)(336012)(86362001)(70586007)(426003)(7696005)(36860700001)(186003)(82310400003)(4326008)(2906002)(478600001)(5660300002)(81166007)(82740400003)(316002)(6916009)(356005)(8676002)(47076005)(36900700001); DIR:OUT; SFP:1102;
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Feb 2021 18:54:40.8473 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: e33b961e-23fb-4166-25df-08d8d1e326ac
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[P-EXFEND-EQX-01.jnpr.net]
X-MS-Exchange-CrossTenant-AuthSource: MW2NAM12FT030.eop-nam12.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR05MB7996
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.761 definitions=2021-02-15_14:2021-02-12, 2021-02-15 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 mlxscore=0 suspectscore=0 clxscore=1011 lowpriorityscore=0 malwarescore=0 mlxlogscore=999 priorityscore=1501 phishscore=0 spamscore=0 adultscore=0 bulkscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2102150144
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/zmdl7nLpwOGVlbAGSAFi24TUZ-A>
Subject: Re: [Curdle] Genart last call review of draft-ietf-curdle-ssh-kex-sha2-14
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Feb 2021 18:54:49 -0000

Hi Roni,

> Minor issues:
> It is not clear what is the backward interoperability is, I noticed
> that only rsa1024-sha1 is deprecated. It would be good to add some
> text maybe in section 4 that will explain it and maybe have some
> recommendations for client and server side.

The simple answer is that because a server and client always present a
list of possible key exchanges to be negotiated. The loss of one or two
should not cause any interoperability issues.

The inclusion of the original diffie-hellman-group14-sha1 key exchange
name somewhere in the list or the new "MUST"
diffie-hellman-group14-sha256 key exchange should guarantee that
interoperability will be maintained.

Background for the reviewer:

    The only Mandatory-to-Implement (MTI) Key Exchanges in any of the
    current set of standards are specified in RFC 4253 Section 6.5 are
    these:
    
       diffie-hellman-group1-sha1 REQUIRED
       diffie-hellman-group14-sha1 REQUIRED
    
    Additional key exchange methods may be added using the methods
    provided in RFC 4250.
    
    All of the other key exchange algorithms are provided in other RFCs
    are optionally added to the pool of possible key exchanges to be
    implemented.
    
    The existence of rsa1024-sha1 in RFC 4432 was not uniformly adopted
    by implementations of the secure shell and the mitigation has always
    been that the client and the server would offer the algorithms that
    they are willing to accept. In fact, there are only a handful of
    implementations supporting this key exchange.
    
    This RFC deprecates the original two MTI key exchanges by moving
    them from the "MUST" be implmeneted to "SHOULD NOT" and "MAY"
    respectively and promoting diffie-hellman-group14-sha256 to the only
    mandatory to implement algorithm.

Suggestion to the reviewer of replacement paragraphs before the table in
section 4 "Summary Guidance for Key Exchange Method Names Implementations"

    This RFC provides guidance to users and implementors as to which key
    exchanges are mandatory-to-implmement (MTI) -- MUST be implemented,
    as well as what current cryptographic key exchange methods SHOULD be
    implemented and MAY be implemented.

    The ordering of the default negotiation list is at the discretion of
    the implementor with the ability of the local adminitrator to
    configure the server in accordance with local policies and the users
    to configure the client with key exchanges that meet their needs.

    It is suggested that the MUST and SHOULD key exchange method names
    come in the preference list before the SHOULD NOT and MUST NOT
    names.

    It is suggested that SHOULD NOT and MUST NOT key exchange method
    names not be in the default negotation list provided by
    implementors, or that they be provided only at the very end of the
    negotation list.
    
    It is suggested that the MUST NOT key exchange method code be
    removed from the any implementations using them.

    The Implement column is the current recommendations of this RFC. Key
    Exchange Method Names are listed alphabetically. This is ordering is
    not intended to be the order used in either the server or client
    negotiation lists.


Please let me know if this addresses the issues raised. I wrote the
above rather quickly, so an editors touch to make it easier to read may
be desirable.

	Be safe, stay healthy,
	-- Mark