IETF Logo Mail Archive

Re: [secdir] [Cfrg] Time to recharter CFRG as a working group? Was: Re: ISE seeks help with some crypto drafts

denis bider <denisbider.ietf@gmail.com> Mon, 18 March 2019 15:51 UTC

Return-Path: <denisbider.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DE5A130E63 for <secdir@ietfa.amsl.com>; Mon, 18 Mar 2019 08:51:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vg7K0_u3ykYQ for <secdir@ietfa.amsl.com>; Mon, 18 Mar 2019 08:51:33 -0700 (PDT)
Received: from mail-ot1-x343.google.com (mail-ot1-x343.google.com [IPv6:2607:f8b0:4864:20::343]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDCA7128B36 for <secdir@ietf.org>; Mon, 18 Mar 2019 08:51:33 -0700 (PDT)
Received: by mail-ot1-x343.google.com with SMTP id u15so4723884otq.10 for <secdir@ietf.org>; Mon, 18 Mar 2019 08:51:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=VLRIhXj7M4aCNmugYsTogJXlQiQH0SFuVQJeqExiQdo=; b=IojMhzCW0KYOYe9m3/o6puBn/XWVrFknA+rlBHUM7zt1p5A0H/xae2yL5Klt1/Jv/f kh8OIqpcHb9YeyVe/7/jizfIEJg9plPr7q8t7+/KAhlM9SQ+Tk3pAZK07J4ZT1MKTudT jwn7X03fUGPozDcxhqMR0duevBZyCJDOKXOmWClSWdqLcG0dqge6JB5UqmxkfB6uxcXy gBxL1yiYEaPkNH/FpcGAGSwt9OQvWQuBCrkclH3lXMQdPjakgpbrodcFCGbSpx/VPB28 MILMWt1Ja6o9LJZXXRzS5ncAwFbGWsJ8EhYO3EXTrQ3JqED+ZrUnXT6nSTWQAsCfaPDq i42w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=VLRIhXj7M4aCNmugYsTogJXlQiQH0SFuVQJeqExiQdo=; b=lzOk1GmpgQXojrcSAN3Flq/VpySY+tYiba2nMlRwugL05dk43y7lvYCVGgcGPPJlOU kCAj/EHc6efKUQy3QBBmW2owFgzj9dE9OAVyn+fVKq8XrFOAsBXcdwImGca7B6WqrxjJ BAWWgmExZ66fluk53eRPw/iL/XB7RjKPeZOB1VhvTsl3vlf872v/m638Q/RAD7wg2qIq Als4aGpFs9GbA3s89HioTz6u9O+aOXO/C1Sca0lte2RIJwBfNNasz0n8ma1RKtbjzUBf udDNUAhxv8Dm8wv99ZK0IkZOFy4ohctfJDdsxgMgXL5MYUnaaWtpYJHpnpulRL/biNbO bkjA==
X-Gm-Message-State: APjAAAXVPKP7pNzL26cqAOeqFSXkqe/lJdvNN5QnxChXVlv8G/rPSbl0 pdDsBMRZpnNLfyHhvFPDaFDGLwSx7cROzDnZyJI=
X-Google-Smtp-Source: APXvYqwNZTPmFMreOwlIF9UARYIqE5eagWUz8z9lQYvQDZkm7TGxIax1dcWA9wr+3VW8rjcJcA1NnIW1kA3M3RSfg3g=
X-Received: by 2002:a9d:7697:: with SMTP id j23mr10690910otl.344.1552924293107; Mon, 18 Mar 2019 08:51:33 -0700 (PDT)
MIME-Version: 1.0
References: <1d8de489fc976b63a911573300a431d4.squirrel@www.amsl.com> <20190310182935.GE8182@kduck.mit.edu> <B876B124-7EDE-4E20-A878-3AAD3FA074BC@krovetz.net> <20190310191026.GF8182@kduck.mit.edu> <CAHOTMVJcosEgYV9caWapgyzQfh-g4k5DQry5n42bEfrkJvmdWQ@mail.gmail.com> <042b3f13-7d5a-12d7-e604-9f8cad197608@cs.tcd.ie> <CANeU+ZCmiTKfE1_YgjM6GX9ZCw_35mZoT8M-6VL72UhbenT2og@mail.gmail.com> <3FA4B2DD-334E-4C7C-A01E-6C370CAE4C00@ll.mit.edu> <2935C6E3-3AE8-4447-BA01-8DAE0410E5C6@ericsson.com> <CAL02cgSeCgAOOh3oMhJZqCGvT0F=JQ6n-bmgWYU=6hxkV+aOHQ@mail.gmail.com> <0d38eabd-6f90-2d19-3b45-f1ce19ba9b73@nthpermutation.com> <CAL02cgRVXn2U3SKhGh6biTZJKmHM6KrW6D_rVB2-ZTC5Oohh4w@mail.gmail.com> <829ca608-8d47-083e-e0a6-e7276525b080@nthpermutation.com> <5FAC333B-38EF-4F58-89FB-3DF3F774DD2C@inf.ethz.ch> <F6A7941E-17AD-4525-905B-B76E09D8E780@nohats.ca> <679B6759-5AD3-4F28-9EF4-8794F383468B@mit.edu> <CADPMZDDYNoxK1uu06MFp4==GfAmRucCXO8R63X+q6bV0=OoXwg@mail.gmail.com> <df8882e7-da71-9007-4440-5777958fd87c@gmail.com> <CADPMZDCaeN7iLuPgAe5gSQDvMRx6eGut6rqcAM7GQLWPwBFLPA@mail.gmail.com> <1552890164140.4569@cs.auckland.ac.nz>
In-Reply-To: <1552890164140.4569@cs.auckland.ac.nz>
From: denis bider <denisbider.ietf@gmail.com>
Date: Mon, 18 Mar 2019 10:51:20 -0500
Message-ID: <CADPMZDC4ONMPoGfT2LAotjkbxWxr1LkOWmc735Lqc9hWCkECoA@mail.gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: Melinda Shore <melinda.shore@gmail.com>, Uri Blumenthal <uri@mit.edu>, "RFC ISE (Adrian Farrel)" <rfc-ise@rfc-editor.org>, secdir <secdir@ietf.org>, Martin Thomson <mt@lowentropy.net>
Content-Type: multipart/alternative; boundary="000000000000da935b0584605c1e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Xev5s0nVM9-KiKijlDhXnlZZdZI>
Subject: Re: [secdir] [Cfrg] Time to recharter CFRG as a working group? Was: Re: ISE seeks help with some crypto drafts
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Mar 2019 15:51:36 -0000

(removed CFRG from CC since not directly relevant)

Exactly. Currently, the direction of SSH is dictated by OpenSSH, which is
the de facto standard (in a loose alliance with other open source
implementations like libssh and PuTTY).

I'm not sure about the personal circumstances of each individual involved
with these projects, but the requirements of IETF's "rigorous" processes
are "rigorous"; and the motivation for volunteers to participate is
approximately none. Yet these volunteers, as a group, determine the
protocol's direction.

As a standards organization, IETF is not competing with ISO (which requires
anyone who wants to achieve something to travel to places like Hawaii), it
is competing with GitHub. When OpenSSH wants to do something, they don't
start a WG, they just publish stuff in their PROTOCOL file:

https://github.com/openssh/openssh-portable/blob/master/PROTOCOL

Currently:

- The dominant encryption mechanism in SSH is not specified by IETF. It is "
aes128-gcm@openssh.com" and "aes256-gcm@openssh.com", documented in that
PROTOCOL file.

- Encrypt-then-MAC in SSH is not specified by IETF. It is vaguely
documented in that PROTOCOL file.

- Host key synchronization (an extremely useful feature) is not specified
by IETF - it's in that PROTOCOL file.

This is just the tip of the iceberg. The PROTOCOL file contains a bunch of
other things that are underspecified and under-standardized, but
IMPLEMENTED, because no one wants to follow the IETF's "rigorous" process
to charter a WG for every change.

What makes this tragic is that it's unnecessary. SSH version 2 was
standardized as an IETF WG. Then, because of the IETF rules, the WG
disbanded.

The IETF is literally handing off standardization to be done half-assedly
at GitHub, and treating this as a success.


On Mon, Mar 18, 2019 at 1:23 AM Peter Gutmann <pgut001@cs.auckland.ac.nz>
wrote:

> denis bider <denisbider.ietf@gmail.com> writes:
>
> >SSH is full of underdocumented, partly functional custom extensions (to
> >cryptography, compression, SFTP, port forwarding, host key
> synchronization,
> >VPN, and more), most of which could be better designed, better documented
> and
> >standardized
>
> +1.  Mind you given the hassle in setting up a WG for it and getting things
> through the IETF, it might be easier to just set up a Github repository for
> documentation on what does what and how and rely on Google to point people
> to
> it.
>
> Peter.
>

v2.23.0 | Report a Bug | By Email