[saag] Re: Side-meeting at IETF120 on improving SSH
David Schinazi <dschinazi.ietf@gmail.com> Fri, 07 June 2024 17:49 UTC
Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9DACC14F600; Fri, 7 Jun 2024 10:49:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TlVaaOIZPbPV; Fri, 7 Jun 2024 10:48:58 -0700 (PDT)
Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com [IPv6:2a00:1450:4864:20::62e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BBA5CC14F5E3; Fri, 7 Jun 2024 10:48:58 -0700 (PDT)
Received: by mail-ej1-x62e.google.com with SMTP id a640c23a62f3a-a68b54577aaso315016366b.3; Fri, 07 Jun 2024 10:48:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1717782536; x=1718387336; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=WcL7Vck67M1Y/svJHBYeX0FLPvt2syQIfjXg5v96C9Y=; b=YVyK/85gPHCpSbzt+qQvROtzFID2t0dcPb4AVT258cWLqm9FOf2/xDxKRzp57E7wpy Z5uL8dBjUqLJKAFb3ixYIlA/3UBgPAduFbd13S08heWY2wOFs3D1CSqMhfHzruRAlnZ+ qGuV7rQK7NZigj6pfCmPvoB+LjL6Ar8prgN5FIrZAdFRp4EYOq40MHUZq65lc8kbAguW lr6TyowbCIm7SXP0OzKFVvwx49A99+ePE4wakXJNPRQt5jPKwBxvl/7cKpcaHCff0uuk 5xbt4RcVt6ZxBr7mGso/ZAtoxPz0ZzsBglx3ueT4IdssnjXn51kcYufpwBkw6HkDxSLb 3Jyg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717782536; x=1718387336; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=WcL7Vck67M1Y/svJHBYeX0FLPvt2syQIfjXg5v96C9Y=; b=Yu7AXYZ/LqG7CFrBLqyNGpwkfKMilCDDChQSmgbSqL+RG+KgPH603uKl3EqtWeyVHE jMLfDsTT6qtH3WQW3Eg7I8h15/nia78c6cgy3R42ik3WmCy4kK21jZ6uGMA8v33XtUYg hWDFdjdY/6ZmZNsU3pIdFvmyD64g+Ka6edW0xldmtNTQbt4JFqa/O8lDads/OO0SqydI Sxf5tyoditZLG+7hYb+7WlAov6tieLD8+/F/yj43+2JJpNSiCOQCGCWFWFEvsdfvSG+A DUlVFmBh24CRKw5PCYvnLQXPB9U4N7wYZ0/MH1Bgh9y22vl/tW3HTKcac80AuIfCJ7ok 5fJA==
X-Forwarded-Encrypted: i=1; AJvYcCXHFN8+Ot+k+wjAFvGOUGhTyWKtsHJTcfBzT6v7BNeBwkrothzLV6e5WVWazQh6oKM0CnniGNeNi0rm+lVP
X-Gm-Message-State: AOJu0YzUPtELXnfsHsqVuON4wlmRj88QHifgVDts+wjI6Bj02n5pS00G 55WQuS+NAmNCJPftRx3Vla0dUv6+vfA6xQiWyxcoY831VdFJTlsI47n07IU/gHSvsKS5MkzVU66 xlub7dp73IRJYaXCwXLQ3Y31krZ4=
X-Google-Smtp-Source: AGHT+IFyv3G54h9r2URsYP1Q7aO0Go/V2jJQupngljmiSrzRAe+/aqABs3F2Ndbi5pVRkrPs9VrkLoeZn+c396rTmao=
X-Received: by 2002:a17:906:c048:b0:a6d:b66f:7b20 with SMTP id a640c23a62f3a-a6db66f7ff2mr164428966b.40.1717782536331; Fri, 07 Jun 2024 10:48:56 -0700 (PDT)
MIME-Version: 1.0
References: <GVXPR07MB967850C8D9262ABB1B4A2B2D89FB2@GVXPR07MB9678.eurprd07.prod.outlook.com>
In-Reply-To: <GVXPR07MB967850C8D9262ABB1B4A2B2D89FB2@GVXPR07MB9678.eurprd07.prod.outlook.com>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Fri, 07 Jun 2024 10:48:44 -0700
Message-ID: <CAPDSy+5v7D4ysnRxCD2y+3Zu1gCgtoomW1gwczTyH+eWj164iw@mail.gmail.com>
To: John Mattsson <john.mattsson@ericsson.com>
Content-Type: multipart/alternative; boundary="000000000000e127f1061a506987"
Message-ID-Hash: TU4WJXDDLUSYH3BVKB2IAHKH3CIVSSCI
X-Message-ID-Hash: TU4WJXDDLUSYH3BVKB2IAHKH3CIVSSCI
X-MailFrom: dschinazi.ietf@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-saag.ietf.org-0; header-match-saag.ietf.org-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "ssh@ietf.org" <ssh@ietf.org>, saag <saag@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [saag] Re: Side-meeting at IETF120 on improving SSH
List-Id: Security Area Advisory Group <saag.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/3vXG68tROxpDNgc1nrEoKuJdH-E>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Owner: <mailto:saag-owner@ietf.org>
List-Post: <mailto:saag@ietf.org>
List-Subscribe: <mailto:saag-join@ietf.org>
List-Unsubscribe: <mailto:saag-leave@ietf.org>
On Fri, Jun 7, 2024 at 1:50 AM John Mattsson <john.mattsson= 40ericsson.com@dmarc.ietf.org> wrote: > Hi, > > *François Michel wrote:* > > >We would like to gauge how many people would be interested in > participating > > > > I would be interested in participating remotely. > > > > *David Schinazi wrote:* > > >I have a clarifying question for you. Does Ericsson maintain its own > > >implementation of SSH? Or do you use an open-source one? > > >I'm mainly curious in terms of gaging implementer interest, in addition to > > >deployments. > > > > Ericsson maintains one SSH implementation that is open-source. We use this > in products written in erlang (ericsson language). Other products from > Ericsson use various other SSH libraries, which may or may not be > open-source. > > https://www.erlang.org/doc/apps/ssh/ssh.html > Thanks John, that's great to hear! I'm happy we have more implementations of SSH than the ones I knew about. David *François Michel wrote:* > > >This follows a presentation of a proposal for SSH + HTTP/3 at IETF 119 > > > > As I wrote on the SAAG mailing list after IETF 118, I think this is a > good idea to explore. This would solve all the main problems I see with > SSHv2 which is lack of formal verification, support of X.509, and alignment > with TLS algorithms. IJust like SSL 2.0 – TLS 1.2, SSHv2 is built on a > very shaky ground. > > > > https://mailarchive.ietf.org/arch/msg/saag/2B6HlBCsH2Pt3WhusIDkgxCcac4/ > > > > The SSHv2 protocol is in a weird spot were it is a IETF proposed standard > but modern SSH has turned into a de-facto standard mostly controlled by > OpenBSD's OpenSSH. > > > > Cheers, > > John > _______________________________________________ > saag mailing list -- saag@ietf.org > To unsubscribe send an email to saag-leave@ietf.org >
- [saag] Side-meeting at IETF120 on improving SSH François Michel
- [saag] Re: Side-meeting at IETF120 on improving S… David Schinazi
- [saag] Re: Side-meeting at IETF120 on improving S… Daniel Migault
- [saag] Re: Side-meeting at IETF120 on improving S… John Mattsson
- [saag] Re: Side-meeting at IETF120 on improving S… John Mattsson
- [saag] Re: Side-meeting at IETF120 on improving S… David Schinazi