IETF Logo Mail Archive

Re: [saag] SSH & Ntruprime

Michael Richardson <mcr+ietf@sandelman.ca> Wed, 27 March 2024 03:09 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5C89C14F6B7 for <saag@ietfa.amsl.com>; Tue, 26 Mar 2024 20:09:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DnmS9ZxjdsdE for <saag@ietfa.amsl.com>; Tue, 26 Mar 2024 20:09:25 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [176.58.120.209]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B2C2EC14F610 for <saag@ietf.org>; Tue, 26 Mar 2024 20:09:24 -0700 (PDT)
Received: from dyas.sandelman.ca (60-240-91-174.static.tpgi.com.au [60.240.91.174]) by relay.sandelman.ca (Postfix) with ESMTPS id B301F1F448 for <saag@ietf.org>; Wed, 27 Mar 2024 03:09:20 +0000 (UTC)
Authentication-Results: relay.sandelman.ca; dkim=pass (2048-bit key; secure) header.d=sandelman.ca header.i=@sandelman.ca header.b="Gy2903nx"; dkim-atps=neutral
Received: by dyas.sandelman.ca (Postfix, from userid 1000) id 665ACA1915; Wed, 27 Mar 2024 14:09:16 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sandelman.ca; s=dyas; t=1711508956; bh=hC6PtFyfd+Tuy0Sl1VLDVFdHhndgBYw3NznGM8pRTgY=; h=From:To:Subject:In-reply-to:References:Date:From; b=Gy2903nxYUAP1IRwqYB51cA/DZnZI8XP7t/c1Bu/KutDis+hBrbx5HEh0vGMAWqVs QgKOXwKrWmmpcJit7Dx1lqPnOX3ZB1FxikBYoi80mS4AQqoU2ipLKwVNvX0UgPu8cj 3YWPy69fA1zjlo3xozaQZtmGtyT0QJ35vDBaPjbldPifj2ffyI6bCjQq04ylx8ZVRE OM4EVEYQR+MQFhKc+rNz/EfONKZMcpLwqsFJ6gflfn6xaEONHcT6JyuwCARF4xa7Xx +H1qO3aGkcG7mRiz+pQdyhbjmVzQfLoGB8WfaehKhFaPwS0yotwFKuCiBjEeNIEbHB RAqd/md+eUe+A==
Received: from dyas (localhost [127.0.0.1]) by dyas.sandelman.ca (Postfix) with ESMTP id 63BDAA1914 for <saag@ietf.org>; Wed, 27 Mar 2024 14:09:16 +1100 (AEDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: saag <saag@ietf.org>
In-reply-to: <CAN8C-_JTwA1fP=d0c_AXOdYsAX6fDfnFb0U05aO8y8tg8R3bVw@mail.gmail.com>
References: <CABcZeBPWjXvLh06-DBO3Z0sfeb2hgzqzaSZ-J2-TZ7qesrSraA@mail.gmail.com> <D0CD341B-523B-48A0-8954-EE7F89113241@aiven.io> <AF7B6F32-9EE6-4810-A99A-833DEA917FA9@sonic.net> <CABcZeBPfXQckpZageogUxTYgX2j_Nr_O3bvf-a-x0S_82BHMxg@mail.gmail.com> <079A0AA3-FA02-440F-ABA0-6AF897570E86@sonic.net> <CABcZeBOxfYR+=61DV1XN0F9nrmbzLR2zq_ZvADw4UUy1uFafzw@mail.gmail.com> <8caa2d4d-bc80-4fcf-b8bc-839052371730@lear.ch> <CABcZeBMABJ89T0qY0-9C3xxd=mFfGyCh7_9GKbEUBm6JtR+_ng@mail.gmail.com> <87sf0dupjn.fsf@kaka.sjd.se> <CAN8C-_JTwA1fP=d0c_AXOdYsAX6fDfnFb0U05aO8y8tg8R3bVw@mail.gmail.com>
Comments: In-reply-to Orie Steele <orie@transmute.industries> message dated "Tue, 26 Mar 2024 08:08:22 -0500."
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.3
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Wed, 27 Mar 2024 14:09:16 +1100
Message-ID: <484345.1711508956@dyas>
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/s7n9__8unf8gWYWTEfQon8J_V4M>
Subject: Re: [saag] SSH & Ntruprime
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Mar 2024 03:09:29 -0000

Orie Steele <orie@transmute.industries> wrote:
    > 1. Publish SSH related specifications as RFCs
    > 2. Support the review process from RFC9519 (We're working to resolve the
    > issue with the list, thanks for reporting it)

    > I don't think using IDs to document SSH algorithms and then never
    > publishing those drafts helps either community.

It's a lot of effort and money to publish a document for an algorithm that
some say isn't as secure as claimed, and perhaps shouldn't be widely implemented.

a) anyone can register foobar@example.com in the SecSH ecosystem, and openssh
   has done exactly that, and really, it's done.

b) if someone wants "foobar", I'm fine with *any stable web page* (including
   ietf.org/archive/foobar).  That's what **Specifications Required** means, and
   please let's not raise the bar here.
   If necessary, we can loop it through archive.org, which is what the RPC
   is doing for other references in RFCs.

c) If you are bothered by the IANA Considerations, then write a document to
   change them.

{yeah, I worked for SSH.com 25 years ago, but never on SSH}

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-                      *I*LIKE*TRAINS*

v2.23.0 | Report a Bug | By Email