IETF Logo Mail Archive

Re: [secdir] [Cfrg] Time to recharter CFRG as a working group? Was: Re: ISE seeks help with some crypto drafts

Watson Ladd <watsonbladd@gmail.com> Mon, 18 March 2019 16:07 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F45213129E for <secdir@ietfa.amsl.com>; Mon, 18 Mar 2019 09:07:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.999
X-Spam-Level:
X-Spam-Status: No, score=-0.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gXN5LdehI5jC for <secdir@ietfa.amsl.com>; Mon, 18 Mar 2019 09:07:30 -0700 (PDT)
Received: from mail-lj1-x242.google.com (mail-lj1-x242.google.com [IPv6:2a00:1450:4864:20::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9A7D1311D2 for <secdir@ietf.org>; Mon, 18 Mar 2019 09:07:29 -0700 (PDT)
Received: by mail-lj1-x242.google.com with SMTP id j89so3135636ljb.1 for <secdir@ietf.org>; Mon, 18 Mar 2019 09:07:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=eQc+SRPE05oziKYsI7uXShnAHcfOifr8BEHXPhLiaOA=; b=u3tugVewUpY4ucZQmGO8KfawlnmBZLtMTA2xffAZm2lvfbENpf5/ISX1hBU4BMuyYX lQKcMETEHpZSFVjfQ9I6M1h9NH5tfHcDI1HR+XATSTLaJSR3agnJTfJDd9LU68bBuL+L qvzJEJoRCEFL9cB7oCww+sP416gIL/ohedU3n6KHoxDIIW9KI7PXIymTmqRbAhlJlw81 H5Jq1FKL4/Cor6DOAEKT5+10aozZtdz/9rq2oMw7ZgBMXjE0LdlYdstytcuQV6rXZm2K OPwY58gNF4/tYHFna0MRH3UUxRL2/fbu4ofgJVvGqpcbdIe3j7YptnUUAWoO8PtQGAu8 OMkQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=eQc+SRPE05oziKYsI7uXShnAHcfOifr8BEHXPhLiaOA=; b=VCmhylju/WqVFVy+GY674ZoFC826yQPmqYeUwvxReIr2XhcyM1I0LleN/8bPDJB/11 vaIRJ9FjhKWegmeTaZzgwhtzmBly2V0teN8LagJwR6d5twR8u+0+z/CC0xiFCrBVCJIY s0ugnw7RdLWSUjeoNeMP5hh98AobDogN4TDtLWMGiYax/h1KzlmEWRjwWo65wroykic0 TbfuMlM8WolJIl955V40QPRSitSdFoip0BgLTILNpL0y54HqWMa3qF4xx4ze+UhUOFH3 IF8ZeKQil/76c+xPuZgJmRZurTXmvIHiTg2cTIhjZNitd/Vy5yBdvPK9LuWHjhdpHMoq 15wg==
X-Gm-Message-State: APjAAAWtf1/WY+N1eS8ixl2hcmYTm1pLLmZ1QMFqcWhLVh3ycybqFuGS j73EWS6183PHQx0K7evhwdmfjeds5mTVW0VzAEk=
X-Google-Smtp-Source: APXvYqzLUFhawMd1xZgztgdvi7rNafDoGkJHhIRN2PpTFrCWPYSpaRW9xI6whi2NMG2SYZKAKPJ/D+xlkxBX97JxPxk=
X-Received: by 2002:a2e:312:: with SMTP id 18mr11805325ljd.114.1552925248043; Mon, 18 Mar 2019 09:07:28 -0700 (PDT)
MIME-Version: 1.0
References: <1d8de489fc976b63a911573300a431d4.squirrel@www.amsl.com> <20190310182935.GE8182@kduck.mit.edu> <B876B124-7EDE-4E20-A878-3AAD3FA074BC@krovetz.net> <20190310191026.GF8182@kduck.mit.edu> <CAHOTMVJcosEgYV9caWapgyzQfh-g4k5DQry5n42bEfrkJvmdWQ@mail.gmail.com> <042b3f13-7d5a-12d7-e604-9f8cad197608@cs.tcd.ie> <CANeU+ZCmiTKfE1_YgjM6GX9ZCw_35mZoT8M-6VL72UhbenT2og@mail.gmail.com> <3FA4B2DD-334E-4C7C-A01E-6C370CAE4C00@ll.mit.edu> <2935C6E3-3AE8-4447-BA01-8DAE0410E5C6@ericsson.com> <CAL02cgSeCgAOOh3oMhJZqCGvT0F=JQ6n-bmgWYU=6hxkV+aOHQ@mail.gmail.com> <0d38eabd-6f90-2d19-3b45-f1ce19ba9b73@nthpermutation.com> <CAL02cgRVXn2U3SKhGh6biTZJKmHM6KrW6D_rVB2-ZTC5Oohh4w@mail.gmail.com> <829ca608-8d47-083e-e0a6-e7276525b080@nthpermutation.com> <5FAC333B-38EF-4F58-89FB-3DF3F774DD2C@inf.ethz.ch> <F6A7941E-17AD-4525-905B-B76E09D8E780@nohats.ca> <679B6759-5AD3-4F28-9EF4-8794F383468B@mit.edu> <CADPMZDDYNoxK1uu06MFp4==GfAmRucCXO8R63X+q6bV0=OoXwg@mail.gmail.com> <df8882e7-da71-9007-4440-5777958fd87c@gmail.com> <CADPMZDCaeN7iLuPgAe5gSQDvMRx6eGut6rqcAM7GQLWPwBFLPA@mail.gmail.com> <1552890164140.4569@cs.auckland.ac.nz> <CADPMZDC4ONMPoGfT2LAotjkbxWxr1LkOWmc735Lqc9hWCkECoA@mail.gmail.com>
In-Reply-To: <CADPMZDC4ONMPoGfT2LAotjkbxWxr1LkOWmc735Lqc9hWCkECoA@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Mon, 18 Mar 2019 09:07:16 -0700
Message-ID: <CACsn0cn2yop7oD+-6jUD3LpDY85YqoPY5sqKSLBBed-m++50Cg@mail.gmail.com>
To: denis bider <denisbider.ietf@gmail.com>
Cc: Peter Gutmann <pgut001@cs.auckland.ac.nz>, Martin Thomson <mt@lowentropy.net>, "RFC ISE (Adrian Farrel)" <rfc-ise@rfc-editor.org>, secdir <secdir@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c5c1c30584609547"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/s6aXbTGQQdNaiT6ejsuzhUyIiRg>
Subject: Re: [secdir] [Cfrg] Time to recharter CFRG as a working group? Was: Re: ISE seeks help with some crypto drafts
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Mar 2019 16:07:38 -0000

On Mon, Mar 18, 2019, 8:51 AM denis bider <denisbider.ietf@gmail.com> wrote:

> (removed CFRG from CC since not directly relevant)
>
> Exactly. Currently, the direction of SSH is dictated by OpenSSH, which is
> the de facto standard (in a loose alliance with other open source
> implementations like libssh and PuTTY).
>
> I'm not sure about the personal circumstances of each individual involved
> with these projects, but the requirements of IETF's "rigorous" processes
> are "rigorous"; and the motivation for volunteers to participate is
> approximately none. Yet these volunteers, as a group, determine the
> protocol's direction.
>
> As a standards organization, IETF is not competing with ISO (which
> requires anyone who wants to achieve something to travel to places like
> Hawaii), it is competing with GitHub. When OpenSSH wants to do something,
> they don't start a WG, they just publish stuff in their PROTOCOL file:
>
> https://github.com/openssh/openssh-portable/blob/master/PROTOCOL
>
> Currently:
>
> - The dominant encryption mechanism in SSH is not specified by IETF. It is
> "aes128-gcm@openssh.com" and "aes256-gcm@openssh.com", documented in that
> PROTOCOL file.
>
> - Encrypt-then-MAC in SSH is not specified by IETF. It is vaguely
> documented in that PROTOCOL file.
>
> - Host key synchronization (an extremely useful feature) is not specified
> by IETF - it's in that PROTOCOL file.
>
> This is just the tip of the iceberg. The PROTOCOL file contains a bunch of
> other things that are underspecified and under-standardized, but
> IMPLEMENTED, because no one wants to follow the IETF's "rigorous" process
> to charter a WG for every change.
>
> What makes this tragic is that it's unnecessary. SSH version 2 was
> standardized as an IETF WG. Then, because of the IETF rules, the WG
> disbanded.
>
> The IETF is literally handing off standardization to be done half-assedly
> at GitHub, and treating this as a success.
>

Forgive me for thinking this represents running code and rough consensus.
What is the benefit of turning  these enhancements into RFCs to the OpenSSH
project?

Also other streams then the IETF one exist. So what actually is the problem
that needs solving with SSH?

>
>
> On Mon, Mar 18, 2019 at 1:23 AM Peter Gutmann <pgut001@cs.auckland.ac.nz>
> wrote:
>
>> denis bider <denisbider..ietf@gmail.com <denisbider.ietf@gmail.com>>
>> writes:
>>
>> >SSH is full of underdocumented, partly functional custom extensions (to
>> >cryptography, compression, SFTP, port forwarding, host key
>> synchronization,
>> >VPN, and more), most of which could be better designed, better
>> documented and
>> >standardized
>>
>> +1.  Mind you given the hassle in setting up a WG for it and getting
>> things
>> through the IETF, it might be easier to just set up a Github repository
>> for
>> documentation on what does what and how and rely on Google to point
>> people to
>> it.
>>
>> Peter.
>>
> _______________________________________________
> secdir mailing list
> secdir@ietf.org
> https://www.ietf.org/mailman/listinfo/secdir
> wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview
>

v2.23.0 | Report a Bug | By Email