IETF Logo Mail Archive

Re: [saag] SSH & Ntruprime

Simon Josefsson <simon@josefsson.org> Wed, 10 April 2024 20:32 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CFB9C14F5ED; Wed, 10 Apr 2024 13:32:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=josefsson.org header.b="cjB1t9zn"; dkim=pass (2736-bit key) header.d=josefsson.org header.b="Eh6SQrbJ"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4AzESS7-qYwo; Wed, 10 Apr 2024 13:32:42 -0700 (PDT)
Received: from uggla.sjd.se (uggla.sjd.se [IPv6:2001:9b1:8633::107]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C6CFC14F5E4; Wed, 10 Apr 2024 13:32:41 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=ed2303; h=Content-Type:MIME-Version:Message-ID:In-Reply-To :Date:References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding :Content-ID:Content-Description; bh=U9bEuzBhj6oFK41NzPTgnlKPSAo9Yb+hTRd5b6OiQJY=; t=1712781148; x=1713990748; b=cjB1t9znNOeSq2tsKVWCtHjcRGcZOxL4iulFx0ZvTvhIcGZzeF9nOPxGiTudtisN0Nf8QlP5GYQ WE6RbTAjCAA==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=rsa2303; h=Content-Type:MIME-Version:Message-ID: In-Reply-To:Date:References:Subject:Cc:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=U9bEuzBhj6oFK41NzPTgnlKPSAo9Yb+hTRd5b6OiQJY=; t=1712781148; x=1713990748; b=Eh6SQrbJg0s5z2hxwAe0z8fnDNpjEeGYxK2AGW67wAj2jzRQpIXQ7eusIuIc8QuJ8I28fnk9BON ewRXgYYhK1qnttYFIIZgL7zcVZnrYbT/btr2V9HuDbMUCi7n9XstDIMWoVV5lldo9BLB9BQMBqPuk J5y/EqXAd3iuagzkGY+t+dDxXkKnbtcJwtk8dF1XhdRE7yltxCzMX7p9BUWU+KL+a2XS2pGYS+qYG 2Iy9z/h8Jbe7JRd8iqhnSbqV9Zy9KkmBcWWjLkFRndhGoync7WMG7XS7lZBXlUpcTw7znLTpztFwU gmpRxHBWA7JXZUcMhV6SwdU8/EldonOe3r6h0VkpuCy6nU8PXMq5BebMI6vHIQCCI/bDlnSZi5xcm cQjZarXMVhDbZ5AC0FjYvGrQTrse0BmEyYbvv5azdAb1e6a4GEzylhOGqKeIgXb0L2zn3TUSJ;
Received: from [2001:9b1:41ac:ff00:823f:5dff:fe09:16ac] (port=49686 helo=kaka) by uggla.sjd.se with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <simon@josefsson.org>) id 1ruecK-00GRzi-Ff; Wed, 10 Apr 2024 20:32:24 +0000
From: Simon Josefsson <simon@josefsson.org>
To: Paul Wouters <paul.wouters=40aiven.io@dmarc.ietf.org>
Cc: saag@ietf.org
References: <CAGL5yWaJXRDyiQ=w2XJcoFhCQ3JDriqO+jAcOKz7J4kW2PY=uw@mail.gmail.com> <20240410112929.2147861.qmail@cr.yp.to> <CAGL5yWbdAD31-cA15MACTq5OF=iZPU7qAGKfKJoPy3zNio=cnA@mail.gmail.com>
OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt
X-Hashcash: 1:23:240410:saag@ietf.org::hK3TMPRzTkyjJWrj:E7Xb
X-Hashcash: 1:23:240410:paul.wouters=40aiven.io@dmarc.ietf.org::7r8zlyPC6SlD5F7f:GLj4
Date: Wed, 10 Apr 2024 22:31:45 +0200
In-Reply-To: <CAGL5yWbdAD31-cA15MACTq5OF=iZPU7qAGKfKJoPy3zNio=cnA@mail.gmail.com> (Paul Wouters's message of "Wed, 10 Apr 2024 14:01:05 -0400")
Message-ID: <87bk6hyn66.fsf@kaka.sjd.se>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/C0Z8kEgeMZUs_S2Pw4i-4Hsx0hA>
Subject: Re: [saag] SSH & Ntruprime
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Apr 2024 20:32:48 -0000

Paul Wouters <paul.wouters=40aiven.io@dmarc.ietf.org> writes:

> The normal IETF process is that change control is with the IETF. Would the
> draft
> authors be willing to make the changes recommended by the Crypto
> Panel?

Hi Paul,
If the IETF wants to move forward with this as a standard then certainly
change control belongs to the IETF, so speaking for myself: yes.  There
is a prototype for a new SSH key exchange mechanism based on the
stronger Chempat Hybrid PQ/T KEM and non-sntrup761 PQ algorithms in the
works, and others are working on different SSH KEX PQ designs.  If the
IETF has an interest in this work that discussion could be moved into
the IETF sphere, but given the attitude towards this effort I can't say
that I blame SSH people for low IETF participation.

> If not, what would be the reason for IETF to continue publication and
> lend its reputation to this then uncooperative team?

I believe you misunderstand the purpose of publishing this document, and
personally I feel sad that you imply we are uncooperative.  The point of
publication is to describe a protocol to allow interoperable
implementations and provide a stable reference with an established
errata process around it.  Developing another (incompatible) protocol is
possible, but orthogonal, and it takes interested parties.  Are you
volunteering to help this in the IETF?  Having people from the IETF
community facilitate SSH protocol work would be appreciated, and may
help to heal trust and increase likelyhood of future collaboration.

/Simon

v2.23.0 | Report a Bug | By Email