Re: [secdir] secdir review of draft-moonesamy-sshfp-ed25519-01

Uri Blumenthal <uri@MIT.EDU> Sun, 01 June 2014 02:53 UTC

Return-Path: <uri@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36D191A015B; Sat, 31 May 2014 19:53:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.252
X-Spam-Level:
X-Spam-Status: No, score=-3.252 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3VCa9u0YMiyL; Sat, 31 May 2014 19:53:20 -0700 (PDT)
Received: from dmz-mailsec-scanner-5.mit.edu (dmz-mailsec-scanner-5.mit.edu [18.7.68.34]) by ietfa.amsl.com (Postfix) with ESMTP id BEB5A1A010E; Sat, 31 May 2014 19:53:19 -0700 (PDT)
X-AuditID: 12074422-f79376d000000c58-8a-538a959ac300
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-5.mit.edu (Symantec Messaging Gateway) with SMTP id 36.89.03160.A959A835; Sat, 31 May 2014 22:53:14 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id s512rB6s024431; Sat, 31 May 2014 22:53:11 -0400
Received: from [192.168.1.107] (chostler.hsd1.ma.comcast.net [24.62.227.134]) (authenticated bits=0) (User authenticated as uri@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id s512r6Ox009593 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Sat, 31 May 2014 22:53:09 -0400
References: <2ACBFFE4-BCEB-4F6D-A2D3-861BADF543DE@cisco.com> <6.2.5.6.2.20140530040300.0bb93070@elandnews.com> <D1342262-144C-4939-B005-5E042CAF7394@cisco.com> <20140530141618.kgnw4u9b4gw80o4s@webmail.mit.edu> <6.2.5.6.2.20140530114625.0c0d1aa8@elandnews.com> <868A3427-6B46-4110-8D4B-45857D260C1D@cisco.com> <6.2.5.6.2.20140530135131.0c7bdba0@elandnews.com> <53890957.3090407@tolerantnetworks.com>
Mime-Version: 1.0 (1.0)
In-Reply-To: <53890957.3090407@tolerantnetworks.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Message-Id: <129646BF-9249-4AE7-AEA8-D43A2E3BD4E3@mit.edu>
X-Mailer: iPad Mail (11D201)
From: Uri Blumenthal <uri@MIT.EDU>
Date: Sat, 31 May 2014 22:53:06 -0400
To: Stephen Farrell <stephen@tolerantnetworks.com>
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrBKsWRmVeSWpSXmKPExsUixCmqrDtralewwdGZ8hYz7/pZzPgzkdni 2cb5LBZdR9eyW3xY+JDF4lX/TVaL7klTmB3YPab83sjqce/NRyaPJUt+Mnlsa29k9fhy+TNb AGsUl01Kak5mWWqRvl0CV8blszuZCz5zVHTcXcXYwNjM3sXIySEhYCKx4t5PNghbTOLCvfVA NheHkMBsJomvTy+xQzgbGSU2vtzNBOHsY5JombudFcLpY5bo3NHA0sXIwcErIC5x9aAPyChO oLHbp99gAwkzC+hITF7ICBJmFtCWWLbwNTNEtZVE+3kTkCnMAqeYJJ7O3Qc2RUJARuLJZ2WQ cjYBJYnm5i2sILawgLvEid0TmEFsFgFVie/bX4PFRQSMJL72vmSfwCg4C+GGWQh7ZyHZu4CR eRWjbEpulW5uYmZOcWqybnFyYl5eapGuqV5uZoleakrpJkZQJLC7KO1g/HlQ6RCjAAejEg+v gl1XsBBrYllxZe4hRkkOJiVR3ux+oBBfUn5KZUZicUZ8UWlOavEhRgkOZiURXr4ioBxvSmJl VWpRPkxKmoNFSZz3rbVVsJBAemJJanZqakFqEUxWhoNDSYJ34RSgRsGi1PTUirTMnBKENBMH J8hwHqDhPSA1vMUFibnFmekQ+VOMuhzn5pxqYxJiycvPS5US5709GahIAKQoozQPbg4sgb1i FAd6S5h3FsgoHmDyg5v0CmgJE9CSt1WdIEtKEhFSUg2Mtpx7mSPj70+aNnt7XMemf3zRnzmv eKu27z4iwbvlk6jC1+BdZz/cDLQvYDXIkTTk7u1RfGcn7iL2XPnwZff2i0zq1ZH2R0vjY9Zb 6El8FMl/e3di2cqSxCmiFrZ6917aXvhfHFPp8Oaar/N5JUvr5MWLVtwT8us2P3jgrJ5/Y2/c tn82yWpKLMUZiYZazEXFiQCZCc9DOwMAAA==
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/VCWGcw8Z2nuU1q_DwZ60ctlWbvA
Cc: "ietf@ietf.org" <ietf@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-moonesamy-sshfp-ed25519.all@tools.ietf.org" <draft-moonesamy-sshfp-ed25519.all@tools.ietf.org>, S Moonesamy <sm+ietf@elandsys.com>, "iesg@ietf.org" <iesg@ietf.org>
Subject: Re: [secdir] secdir review of draft-moonesamy-sshfp-ed25519-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Jun 2014 02:53:21 -0000

I reject S. Moonesamy's proposal, and strongly support Stephen's recommendation.

Sent from my iPad

> On May 30, 2014, at 18:42, Stephen Farrell <stephen@tolerantnetworks.com> wrote:
> 
> 
> 
>> On 30/05/14 23:22, S Moonesamy wrote:
>> Hi Joe,
>> At 13:42 30-05-2014, Joseph Salowey (jsalowey) wrote:
>>> [Joe] My concern is that there is not enough information in the draft
>>> to know what goes into the hash that is the subject of the code point
>>> assignment.  Perhaps it is obvious to someone who implemented the SSH
>>> code that is not documented in this draft, but it is not obvious to me
>>> as a reader of the draft.
>> 
>> That's a fair point.  I propose adding the following text in Section 2
>> as a warning to the reader:
>> 
>>  The format of the ED25519 public key with SHA-256 fingerprint is
>>  not documented in an authoritative specification.
> 
> Why? Why not just look at the code and write down what that does
> in terms of formatting the input.
> 
> If >1 implementation interoperates it can't be that hard.
> 
> S.
> 
>> 
>> Regards,
>> S. Moonesamy