[secdir] Review of draft-ietf-curdle-ssh-ext-info-11
Shawn Emery <shawn.emery@gmail.com> Wed, 23 August 2017 06:01 UTC
Return-Path: <shawn.emery@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16160132334 for <secdir@ietfa.amsl.com>; Tue, 22 Aug 2017 23:01:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bAd6_NWdlZaK for <secdir@ietfa.amsl.com>; Tue, 22 Aug 2017 23:01:08 -0700 (PDT)
Received: from mail-yw0-x232.google.com (mail-yw0-x232.google.com [IPv6:2607:f8b0:4002:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6299E1321ED for <secdir@ietf.org>; Tue, 22 Aug 2017 23:01:08 -0700 (PDT)
Received: by mail-yw0-x232.google.com with SMTP id s187so4155744ywf.2 for <secdir@ietf.org>; Tue, 22 Aug 2017 23:01:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=wD6u6oxbJy7b/Cp5/tPB2xjYKYQgWQbD60ayVXEhyhE=; b=GxnrY3mOG1dUr29lmID+eo8SJLjwINBDosVJ+/pUDs0kmIJg7+1KgwpufrFcTUepWC k3zKsRm2Du3NMcFVjkBoQ1OOgR+ELmucdyTW6Bjdtabvd3YkZTkaOWpx89vBRlcvAImq Kt2r4EokuybVp9ObPpbv/dqMqxKE49CTRzg9wXPSEjK2JuXl+h8JfB9QsTZSDRFkQY6r 0HE+L4n5BWGdzsVMPZGgigfnlrF4d0IeLT4/WBD7B4xgqz6IC+SQi5bFg3TiplpdS5Fs iePr0N98kGOiKxKuVyGLlPTn18ysUqq+XNNc3SvzdLOz8d0V7m3EMoUwKgDcfndbh01y KRxw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=wD6u6oxbJy7b/Cp5/tPB2xjYKYQgWQbD60ayVXEhyhE=; b=SM/eq6oJpx/zBtJFo0n1O4ZOktJTCQBfM5woy7U00MIFbRvYvPkKiaB9IPV6opNlsb iXq8zgejZwJM1hEMr1yG2Ct9qE2172v2iyYIxwDyvchgBzZz8D6jwztVQyiCWf5MTzli r8KHgShbX2AedwBVXkMt2uSxsxMB7A+8TMWUvi1gD9gVWYh/9aodv0E76SRFIEaAO5n7 PX87RUCFK9H//oIWwcXOBdjrI1Jt6FSiQV8dId7IZZINM8/8muqFZsFO8XY17ORd2z1J EeN9MJzjVF/JAuvW4XoeuEZK+GKuKbpJ0vKuRfJw/1oL7Ts7HKgznOdHzIlQOw4wjU8C W9tg==
X-Gm-Message-State: AHYfb5jrTp7Tm7cDKM1VxV5A3PAhyShEbzXHdu2oRKUz5O9RqBHsNFVy XNTkb46vxALdddAPXNL19V1wQbRtaC5z
X-Received: by 10.37.94.136 with SMTP id s130mr49237ybb.79.1503468067403; Tue, 22 Aug 2017 23:01:07 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.174.79 with HTTP; Tue, 22 Aug 2017 23:01:06 -0700 (PDT)
From: Shawn Emery <shawn.emery@gmail.com>
Date: Wed, 23 Aug 2017 00:01:06 -0600
Message-ID: <CAChzXmZ95au5gqq2OZeZiKz1m7bqY8dLPD_65-1wSykFG4rSRg@mail.gmail.com>
To: secdir@ietf.org, draft-ietf-curdle-ssh-ext-info.all@tools.ietf.org
Content-Type: multipart/alternative; boundary="001a1140efde16bbf20557657059"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/M7UUFsFxbg3bNAC1AdiaZrG3MSY>
Subject: [secdir] Review of draft-ietf-curdle-ssh-ext-info-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Aug 2017 06:01:10 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft discusses protocol extension negotiation for SSH and specifies several of these extensions in practice. The security considerations section does exist and refers to SSH's base protocol specification (RFC 4251) for security aspects of this draft. I agree with this assessment, though it would be helpful to state that the extension negotiation between the client and server is performed after key exchange with confidentiality. General comments: None. Editorial comments: Table of contents is missing. Shawn. --