IETF Logo Mail Archive

Re: [saag] SSH & Ntruprime

Simon Josefsson <simon@josefsson.org> Tue, 26 March 2024 12:49 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2DB0C14CF0C; Tue, 26 Mar 2024 05:49:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=josefsson.org header.b="nkIVj6gq"; dkim=pass (2736-bit key) header.d=josefsson.org header.b="SoVyubJs"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0g-spGiUCWHQ; Tue, 26 Mar 2024 05:49:06 -0700 (PDT)
Received: from uggla.sjd.se (uggla.sjd.se [IPv6:2001:9b1:8633::107]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA5B4C14CF09; Tue, 26 Mar 2024 05:49:03 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=ed2303; h=Content-Type:MIME-Version:Message-ID:In-Reply-To :Date:References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding :Content-ID:Content-Description; bh=DXWtH/+eO7RGQMVmdZdYc+h5ZKOVoTgvsRXGGfzSUhw=; t=1711457335; x=1712666935; b=nkIVj6gqXnU+p+V3OrxWYJsFy4Oy0sD3lH3PPvfQ4uQFx5CY1Mvs3wXfSnEz+pC5NkXbR1dQW34 RWyzGjzcODg==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=rsa2303; h=Content-Type:MIME-Version:Message-ID: In-Reply-To:Date:References:Subject:Cc:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=DXWtH/+eO7RGQMVmdZdYc+h5ZKOVoTgvsRXGGfzSUhw=; t=1711457335; x=1712666935; b=SoVyubJs3Z673fBHdkuwJpg/poGGopB4I8sW29q6ob8evtaX83ZgzE/gskWH7/VfQOUmhvn27T/ QJNDn0RIR+DGzFa6vcfCIW5DkYhWUUs3P6ZqC0uJMCDgMTi9T18FWG23e9D3DFxOZg3vbMerJSnu5 j/hrVTqq0eZz1+02dNY04Houj8alRBm+K7yVj4kSfpchuNqb6z9GHJkA/9W2K1rdae/u0Tx0WHEl1 N7HhOTgJOzExk7otOaQC7lwxZavfHsmL3Upzm3jxVLf6jM8/cpY7mxiuqff8Ucox17nqD/Vdsws9k nDuAbxEnonY/ULYvE0/WW9H/eo62c78KkMgSIcjNPmhApKAKOcu3FIGu4zbg/nm8XLbp4AM+nLpg7 qtri/JEcAO49BlLHxF9ozuuYx+5oVbhq8iqMaJyQrDlL+stl16t15nD20yV7h6ygHgmltPToc;
Received: from [2001:9b1:41ac:ff00:823f:5dff:fe09:16ac] (port=45516 helo=kaka) by uggla.sjd.se with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <simon@josefsson.org>) id 1rp6ET-006sTs-TV; Tue, 26 Mar 2024 12:48:49 +0000
From: Simon Josefsson <simon@josefsson.org>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Eliot Lear <lear@lear.ch>, Mark D Baushke <mdb@sonic.net>, Paul Wouters <paul.wouters=40aiven.io@dmarc.ietf.org>, saag <saag@ietf.org>
References: <CABcZeBPWjXvLh06-DBO3Z0sfeb2hgzqzaSZ-J2-TZ7qesrSraA@mail.gmail.com> <D0CD341B-523B-48A0-8954-EE7F89113241@aiven.io> <AF7B6F32-9EE6-4810-A99A-833DEA917FA9@sonic.net> <CABcZeBPfXQckpZageogUxTYgX2j_Nr_O3bvf-a-x0S_82BHMxg@mail.gmail.com> <079A0AA3-FA02-440F-ABA0-6AF897570E86@sonic.net> <CABcZeBOxfYR+=61DV1XN0F9nrmbzLR2zq_ZvADw4UUy1uFafzw@mail.gmail.com> <8caa2d4d-bc80-4fcf-b8bc-839052371730@lear.ch> <CABcZeBMABJ89T0qY0-9C3xxd=mFfGyCh7_9GKbEUBm6JtR+_ng@mail.gmail.com>
OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt
X-Hashcash: 1:23:240326:ekr@rtfm.com::m6ExA4FCAkZP4tra:8Nf
X-Hashcash: 1:23:240326:saag@ietf.org::smQBVOjU6CtloCrC:AjJg
X-Hashcash: 1:23:240326:mdb@sonic.net::0MsVmu7F27xo32B1:Y+pP
X-Hashcash: 1:23:240326:paul.wouters=40aiven.io@dmarc.ietf.org::fLsI1IV9VzRxd9Kb:0ICUq
X-Hashcash: 1:23:240326:lear@lear.ch::GEMIiLMH54Rbu+wr:0KBGy
Date: Tue, 26 Mar 2024 13:48:44 +0100
In-Reply-To: <CABcZeBMABJ89T0qY0-9C3xxd=mFfGyCh7_9GKbEUBm6JtR+_ng@mail.gmail.com> (Eric Rescorla's message of "Mon, 25 Mar 2024 06:46:30 -0700")
Message-ID: <87sf0dupjn.fsf@kaka.sjd.se>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/499t7RwTDQ82yaD0Jb_U0efK8sE>
Subject: Re: [saag] SSH & Ntruprime
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Mar 2024 12:49:12 -0000

Eric Rescorla <ekr@rtfm.com> writes:

> Do you have any concrete examples of when an algorithm has been specified
> by ID and then someone has been confused about how to implement it?

I believe there are plenty of examples of that, with confusion
interacting at different levels between implementation, deployment and
early drafts.

Blocking publication of specifications for a protocol pending some
unspecified "future discussion" usually amount to eventually
documentating the infected community history; creating something else
that is incompatible; or giving up.  Some examples I recall myself:

* Protected EAP -- see
  https://en.wikipedia.org/wiki/Protected_Extensible_Authentication_Protocol
  for brief history that refers to some early draft specifications.
  Clarifying parts of the protocol in the draft led to effectively
  creating different protocol version, since implementers understood it
  in different ways.  Publishing as RFC was blocked even though is
  widely implemented and still in use.

* Early TLS channel bindings - some of the confusion is discussed in
  https://www.rfc-editor.org/rfc/rfc5929#section-1

* OpenPGP -- the crypto-refresh draft had early implementations that
  were deployed and the draft later changing, leading to having to bump
  code point allocation leading to the v4 vs v5 vs v6 community
  fracture.

For SSH there has been repeated poor communication between the SSH
implementer community and the IETF community, each side effectively
accusing the other of acting on bad faith and going down their own road.
I don't think this thread will improve that situation -- on the contrary
-- but it gives an illustration that there are still valid reasons for
this lack of co-operation, with people in the IETF acting to exclude
contributions.  I believe the quality of future SSH improvements in the
IETF is negatively affected as a result, with Internet users everywhere
hurt as a consequence.

/Simon

v2.23.0 | Report a Bug | By Email