IETF Logo Mail Archive

Re: [saag] SSH & Ntruprime

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 11 April 2024 01:06 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A999C14F6A5 for <saag@ietfa.amsl.com>; Wed, 10 Apr 2024 18:06:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.999
X-Spam-Level:
X-Spam-Status: No, score=-6.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xCNDz83b1-9H for <saag@ietfa.amsl.com>; Wed, 10 Apr 2024 18:06:30 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on2095.outbound.protection.outlook.com [40.107.8.95]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18BE4C14F694 for <saag@ietf.org>; Wed, 10 Apr 2024 18:06:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VWAUGDbDeDaquabzdICtS09U7hFk1awmD71BqQWFZ2gOIksz2dt2mqPOevGCvksrvjRC6ls0sy1U0jtHTMeJaN5GD2Y2e7EHq06D63uv1tgSTnbVTqJ46h2LTAdRikrGOgMGcuDYANqPJ9WuJTiiFUnhiaGehvdSk0vJVYivFg4X+B9Tap66+yJClMN1aPBrLQKozXOdReH5ppx3HuE2ttI2XOgiCAdlRCm7ZC5J3MjmgkkqESHSCXh9lKYEV+9GE8DIwK4gnMr0c8IV53xAxIuohwG2S33FPl5i7DcuoBU48FEMJT6p0Qvn1COIu7Prdl1up3UInPH8CDZqm02yUw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4Kk1QinEi4hWCw1SPFUl/djaT9+2IKYXhr9x3UIXnj0=; b=KbMJUaqcFvLjM7m/Loz39bnU3bI0Fkha8025GWiy+aPjZc7+98qy1LlgmjgUfLW924An3JJnd/XwgUfzluwreMfEH5RgiWtdzc5nC7ULnqnXrlIPzd5VMnjgq7uG0FISx0Qaz23EN+pQGZLVoJAz+Jt+PQRqYsNRy1ci9jn5HI98TT936HbpMRJtpyxgTgj8r/sNyHTco2R/q33wrTKowC9dakcr64YP7ShR3aEv7PcxHJsoqAz/dcAm3mxoZ4RyDbQanDK5G/C/57nWV2blo401hCCmOXAzNzAvPzQmSDCW3kli8CBk709ltRwLvDyhStRuwat7xKtoXZyd38FImg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4Kk1QinEi4hWCw1SPFUl/djaT9+2IKYXhr9x3UIXnj0=; b=sJPaAkw8HA/7z3KJf5o6+9ZznUYyNuEa+QJvoXn3AfkPiUE17fbB2EcfG0zj4J4W51ae8Br6iD8SD+pmsL27lKV2HWZ/94Q+ouV5DglgP0xAd1hQwzyPI4Ke0ttsdfxe2WKZMwIjY0wM6i2/dpalNJHSp/uxWDvOPZttDw28rALAmg4AJcBY83PHZREu84Jkw9p/cSt6H58Ri/pYdJGWqhM5cDN3unRKWWeqmzbPXiHEFQGGJPnVijvaeGtEDY0gXaNOMGYE/udyF+SYAmWt8nTuBMZ9CUV1aoQJRuK4j2mPMfjby06+w5FiO+or8jzS4s8DJ7g6fmCyaywyAiDgTA==
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by PAWPR02MB9760.eurprd02.prod.outlook.com (2603:10a6:102:2f2::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.46; Thu, 11 Apr 2024 01:06:26 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::4421:1ca6:59b4:20c9]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::4421:1ca6:59b4:20c9%7]) with mapi id 15.20.7409.053; Thu, 11 Apr 2024 01:06:26 +0000
Message-ID: <3bef7fff-6a84-42ba-a2ee-a5e6bd60c816@cs.tcd.ie>
Date: Thu, 11 Apr 2024 02:06:24 +0100
User-Agent: Mozilla Thunderbird
To: Michael StJohns <msj@nthpermutation.com>, Eric Rescorla <ekr@rtfm.com>
Cc: saag@ietf.org
References: <05D73B77-ECFB-43E9-A2A8-00D46F63FC32@aiven.io> <20240405162821.1801419.qmail@cr.yp.to> <CAGL5yWaJXRDyiQ=w2XJcoFhCQ3JDriqO+jAcOKz7J4kW2PY=uw@mail.gmail.com> <87o7ahzi8c.fsf@kaka.sjd.se> <CABcZeBO-_k3pTsLAqOm3c5F8Cnbnd1mtdpuaoQicoCRBLPZLLg@mail.gmail.com> <d2bd2378-4de4-4426-b2f4-fbcff6de5d2a@cs.tcd.ie> <CABcZeBPtRoGg=diFd2MjRXn0SD+KMJSC65ROe55SpsdcLL_m_g@mail.gmail.com> <9da5e8a6-b329-41cd-89c1-4423f6739341@nthpermutation.com> <CABcZeBN-Oy-vG=VYwqAmd=Fi7AWyp1pQPnMQMhe0-EzOPZwrsQ@mail.gmail.com> <7127f31a-bb6f-467a-aa67-55b46e7f95f2@nthpermutation.com>
Content-Language: en-US
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Autocrypt: addr=stephen.farrell@cs.tcd.ie; keydata= xjMEY9GzphYJKwYBBAHaRw8BAQdAo6JvjmSbxHdQWPZdvciQYsHhM1NxQBU398Mmimoy4p7N M1N0ZXBoZW4gRmFycmVsbCAoMjU1MTkpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPsKQ BBMWCAA4FiEEMG54R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwMFCwkIBwIGFQoJCAsCBBYC AwECHgECF4AACgkQ5Njp+ZeoM93bogEA25ElRyX0wwg+kGEN1AoL60MoZfvQZ/VtmXY6IC5j +csBAIBpkL5ySuzJK2zLNZn9qQGht8IaUcA7cvDcLvS2uHUEzjgEY9GzphIKKwYBBAGXVQEF AQEHQILCPWOwW36e8D3pY8GmvvtItIT+A5uV80ist+WokVsQAwEIB8J4BBgWCAAgFiEEMG54 R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwwACgkQ5Njp+ZeoM92bcAEA8R+8cpqRUIS+SoAN iO05xE6O/wEx8/e88BqzAYki3SoBAOQdwiPX+MQrAxkWD8xxOsdMOAtxYKpkD1n8aPJUw6QJ
In-Reply-To: <7127f31a-bb6f-467a-aa67-55b46e7f95f2@nthpermutation.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------dIYUIB48PUR12FsNlAWVvqWr"
X-ClientProxiedBy: DU7PR01CA0007.eurprd01.prod.exchangelabs.com (2603:10a6:10:50f::7) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB7PR02MB5113:EE_|PAWPR02MB9760:EE_
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: nth96ZN6VmEwz3CNfP3GzBs5b74K4UwFubgjuK4PCRP/SS5Sc1iZ7U5lHXIk75j8XUaagZQeetLNMkWGEi9nM0+lzipUjVuSgF5pm1+arFsvissOXTl2jhfvO/FBZJbE0kx50NawZTWQT9eovZzO4AxKcJ0wOH8l/npQ5IvwOVI3eVhC4XN6a2yGy/T6Ugy4+a/Zv4FhW23De4rVLwCOXyow27OFrL7tB+bCDqcXWibv6Z/S4364P0YWXTDq0tej2kOJ1NXjA/3lWuaMblXp/kya/YVdkqQQA6Mjk37i+4ACHBw59WRay8/czvO98u5nflu5JDsYfuz0fN0QzfVruqKuasPG8/RWqL5qvISCldZbfAoxr+HAu3u2arEi2z4rXFy2PdTyBt7o4FHosmyGFfjvTU9chKQ3Xp5KdkUFeVHzbzxSNI2QMtwpuqk6XpDHb4CmNFC8NZTqd6jDPHQHiezrnr5hIhAQeyxNn+GO0daFn+9nv5KDXVN9uiCUAwV4wnQIkfvNq32qWIeFYkrZbGhSnxBBoWqrU5IBQld/zdZi20w14s4q4UvxWIbrAahYhwNRP0Gypo351g7n58PdfYliY0u7fFKFv8tPG4MKBNfh8NfrCzeoJAr/Elf79Tp59ftsFZE8zUgdIguGkON008U/LeOt1nZcXMFG79NB1vY=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366007)(376005)(1800799015); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: A2IpDPk3/ILrZ+a9/IhNI1G2gbhuUbogWhdc2Iqq6M5lB4clL9stWJbKiBdVAkU0VXmqsyBZAfCl8UV1CrpN+VVF5bOC5luBgkf7m6b+MyNU0p/ngcMkVDEBfnADtlZ5b/yjjmX5aCfPN8UJgfJtI9GZ6yaMdztxYY3d6F7DuKMsDDrmAFvyj31uI92MTTKOt9DVQG+6KVmTgLmioxY7f5BfxNWmEO/W/e2qkPeoYcx8a3KOPYuK6hTUa1dasvp4ROeua6qWKeMeCl8uGYrzSrdJZu88osrN53P0A/F5+pl6dFVOaP/sphYkSFepzK3ZBlZWi8AIXc2ol7oIFggBNVJ3ZwoOIIzU85jmt690Mn3zWhv7G+xz1GGRVfHbW5/Z9VbpJq4SxJP8vHp6WwWIR2JRTN8ZBYZWHie9F5aNyRYJqmH5LPKiaygVvABX0YTjIsQS5Ooi9bjIPLb7hVDJThswV4iBkCSmoc9dRyoRq7g8CvkPZjKkhwfc1aDsEH+vmiZzCxiz4GisCOISohY8Y0INLDo4E4VbHeWCD1WN+pqdRe8wRz6Zdz0Db/SgpJGVwVOWzaLArvKyjLXr5wGEHkg8cCiFonMZLh0mm8xvdMOpTgyZCL6/GVE6ReF4Rnz86vgDlSyqd/hcSsdUjEcOHtUzschubySpsdByFHgspyS46jaK/0Np98J81dVfzf86FGArlHRWe404XOgrszvi320XHZh+or4h+QgGiR2+vZnb3jXVLVpx9STCUQ7gkju/pSAJX7OtqIC7xCGZ0e/DLgywyf1E7urA+DivF6kVkUmfpVAkfLB+c0Gwo9A4Nu6psz19C7HVtdqFgiD1XWnR+/ZuyXL55UL3k0lM6EHGQ45zGGBQpyBx86rLXP8eIHI8nrYDBZeqyKIeEquBsX1PxMkLpMmfCjhIRkmXogrtm6SxwQtqsKV9F/R/YpepqjDNjjwjppp3e+Uw5veXASCNbK0pQfHY1kgCwzQo7+1hClH8Sh0vDVoJxAWqowALwyBcgVxECqLbQ64MuvCwH+6umvzQnM/2RkZMI06QIDUXgmB1cKN9gGc/LuEzZdePoY59n+0DiF2/WVSz9rbJ3jHwhyeP9kPuLYMpwBi7sJMgrSw7RYYozuty2M7dDZbASumTvuoWRYpf1wTEXhZCLS6OcsIrFeFoACunESGK2U5lz5jlo3FvldIkXL9Ck7UOVDUOv1LUNSRM13zY3zeNiYuGjHdR9AQ8HRMmpzW3kkLjuB5UmStLQyhSVz3P/xN8y62uazn7RqJzO7JSFXEll5J9v05kbNsQNsK/qfbaKaXgcvjsNVtD9/lzCYwOfV8CsoRZ3CM6/cVxsuquif9108xRhSUj7Cg3/9KlAtG++6ViPOrXAEEMciRtOJG3L+RI0NCZwP49zo2Tzw/0bk0YN0mH6cTFAeLkfjbIylsaI0wEhaVT3b6W282fE9BzIacuhIrnFQTQsfG8sx3xt9j9Mqpo7CQF4PpavItZz8KzK9i/KLbRrjRmW6Obo8uW5/QZK/goY5boRsnPmNAIUCCIRBP0g7ZKLHcOMTSb5G0YH9jAbuEwyJUqZNK8EFF21+5i7/JtCi+zG5zpAidbibS4BZ0I7qyGc3gBNDh8xHPRsf6Zup02I7kaBY7Y5UYEgUZKLM3q
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: f99af4ec-58ef-4563-035d-08dc59c39c72
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Apr 2024 01:06:25.9655 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: cA+2++Tj/fapFWVDEY9crb4BiWXTqhmMvjo+BxgI4MNEDj6+5P1AQ3f8y1Hf0V60
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR02MB9760
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/ittb-AZ2G8_vivq0TIfQjK57cs4>
Subject: Re: [saag] SSH & Ntruprime
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2024 01:06:34 -0000

Hiya,

On 10/04/2024 19:41, Michael StJohns wrote:
>>
> 
> Yeah - 8447 was an effective example of a submarine submission.

I don't think that's at all accurate. TLS is one or our
currently very important protocols so nothing coming from
that WG could reasonably be described as taking a submarine
approach IMO.

There was also a history of years of debate about how to
handle ciphersuite code points that lead up to 8447 so I
really don't think it's credible to say that 8447 is some
kind of sneaky end-run.

I'll also note the title and content of 8447 says that it
applies to TLS and DTLS registries so I'm confused by any
argument that says that 8447 affects other protocols other
than in the abstract sense that it demonstrates a setup
that could in principle be copied.

So, WRT this thread: IMO 8447 is fine, but that does not
mean everyone else needs to operate as if they're TLS,
and in particular, 8447 has zero implication for how best
to handle anything to do with SSH.

S.

v2.23.0 | Report a Bug | By Email