[Secdispatch] Fwd: New Version Notification for draft-michel-ssh3-00.txt
François Michel <francois.michel@uclouvain.be> Wed, 28 February 2024 12:49 UTC
Return-Path: <francois.michel@uclouvain.be>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3C93C14F60E; Wed, 28 Feb 2024 04:49:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.109
X-Spam-Level:
X-Spam-Status: No, score=-7.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=uclouvain.be
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7K4qgHYZt4eB; Wed, 28 Feb 2024 04:49:13 -0800 (PST)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2098.outbound.protection.outlook.com [40.107.22.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C8A5C14F5FA; Wed, 28 Feb 2024 04:49:11 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XikxuuQnxMoW+4SyJiJikATQtFZHIzugjCCqItg4E5m+S6hr4Qcg7THvvPVb28gr54VB3NAZXN5P6/LI0JT7FfRjf0qvuZHtX8xNnHtIvYpUuBlfzdGrFIGhpKYJoC4oBlzd0OvIMA6/Ja/nHB44Os3923d2gHG95qHWb0LLPIPBJjsB8w2wvs9pNUIPbkf8/Our4d9f4/8/ywMyRH8AYXtkAjK4iHJhlxL6fNoa5Wce8qv2J/R84keohPeEmU6xLoOWwZBcpdCh1GDEjuH5LoqRH35ma45iBQWnCsx3qtl71gnt+0hbjzMS/63Wuamo335Jh3GnA20POoGRbELj4Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=g8mJp1ov7ApiGxfR21Ff5F9he7v1WH3q3cWNVgNOOKk=; b=jw3q/+FC1QQhVRnqE9TPkqbQmfLecd6Gnq+0hzNHR+u2MZf6VmXpG6UvAi5BYHZRItVlBu/COJbn/+keGLdR7dSYVmS9khumBjxCf9j0czXayNJD4v6vxId0SUVfwFRPauKpa/B77CFfOj3XweSwwotdxV5K8Z4QPfWr8WgZLu3gwat9vmjMiFidXEPmULOvztjxanRZwaBnD+VQRkWefjh1VB2u9wDGlRyHfmxGC0r31UCaBuMN7OMCCATTgQ0efZ+3LnteYkTycumvpEEgzl38ciLzBA/F10nm5CyNUKankJ+1HqfB90wWU5d1hPpZLPGIbGF3pdo8g7T2kQHncQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uclouvain.be; dmarc=pass action=none header.from=uclouvain.be; dkim=pass header.d=uclouvain.be; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uclouvain.be; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=g8mJp1ov7ApiGxfR21Ff5F9he7v1WH3q3cWNVgNOOKk=; b=CP6vZRb8FqzA4e4iGiy3xVZNIP4WmtPjxtWKRKaw34jEEp5IKOUjVfpU+vn3JIfv04NCyz7Ke5Y9m9c2GBlH2tguhz3Nse6GGSzwk7dj3ycH+NYjHO3SpH49tkcQQzG+0iHA7FpmQUYw8GFYViZHKux39Q+qRw8TReW53zsY6Z6nqy+mYC1Jsln2EdQXLwtj5JKFtQ7c3CZHNUb2l+Nef+NNEVdzOBJjHmTZDO5Xa/vYxkh1EdrO0HQDFRvI08nIwY2pTWUs58tzOs1Myk9VCP8VyYxNdK+UvMCwtfOqQahm19YrSJYt9rJe57xml8UxtcTAUKaDuXtzFwhhXso4FQ==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=uclouvain.be;
Received: from DB9PR03MB7689.eurprd03.prod.outlook.com (2603:10a6:10:2c2::11) by DBBPR03MB10260.eurprd03.prod.outlook.com (2603:10a6:10:535::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.34; Wed, 28 Feb 2024 12:49:08 +0000
Received: from DB9PR03MB7689.eurprd03.prod.outlook.com ([fe80::c43a:920e:b4e8:c579]) by DB9PR03MB7689.eurprd03.prod.outlook.com ([fe80::c43a:920e:b4e8:c579%4]) with mapi id 15.20.7316.037; Wed, 28 Feb 2024 12:49:08 +0000
Message-ID: <87a8b388-9b1a-4007-9b67-0aa758c61d33@uclouvain.be>
Date: Wed, 28 Feb 2024 13:49:06 +0100
User-Agent: Mozilla Thunderbird
References: <170911965904.3033.17522957886360413299@ietfa.amsl.com>
Content-Language: en-US
From: François Michel <francois.michel@uclouvain.be>
To: alldispatch@ietf.org
Cc: Olivier Bonaventure <olivier.bonaventure@uclouvain.be>, secdispatch@ietf.org
In-Reply-To: <170911965904.3033.17522957886360413299@ietfa.amsl.com>
X-Forwarded-Message-Id: <170911965904.3033.17522957886360413299@ietfa.amsl.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-ClientProxiedBy: PA7P264CA0095.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:348::6) To DB9PR03MB7689.eurprd03.prod.outlook.com (2603:10a6:10:2c2::11)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB9PR03MB7689:EE_|DBBPR03MB10260:EE_
X-MS-Office365-Filtering-Correlation-Id: 119c14f0-e216-4049-df94-08dc385ba765
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: p/ByxpcmOxQsWe4FXL60XP3A8gEX89tXHiKLPO+EIhVtCFw8bHBYilT+1edIHVZ/17Nq4cTfquHGeVu1rn1vkKPV9UqER8A6FpBHDGDLmKbsGDHHjR68PWazBQY/GOJeJX9T284yQDInM0k6rna+X0xlNqpiA4nKy2KfDDWZY0S7/sNpgjDHMsXScUVYW3zw/zep9vE9JpsU+OfDENOUtzfyaDyrMyRA8E61qiRbH2zyXP7u51eqRpyTa2F0iju3axllzXvVsLxKNe1NZFD/UwmBhrjo6rMU4wwTgIOPPRhNG54b1UGriSV3GQ9ltM+46cCxvVnJ3ig83/aT+ywrc5Sd/ElyPa6e8slHz1cIHcv3d5vxCip/Lcs4KCGxowW0XBkBikcUjgFHqadgRm6SkcWvL20rYHplbWzsSFJ24E3A7d9aXVg2FajS3VgLVzn8lZ6Utzwg9moE6EZBArolVZ0xttkt4wqBR7+5jMW+TTS5+ghGWZSu44A5Iqcogejn87jOgDS2QIbVbIgmtf7LWJxIu50K3ZHcISJes3hWgnJuyWiKTeoEHxVjQLzT+4gjnlH51CkBriLRVwqa/W8xoY6Kkw6pP6n+U8vGLcWz/xOIjFSEmWcL6tI+DVP95h0P
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9PR03MB7689.eurprd03.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: uvSrrwJNvQyGJ5Ha//FrfxGClWOQqoU+V1OTdE7YtQ8X1t/2xKGE2hOwT5KbgtV85mrXJZJ6pD5BPdv/IfsBvlCpglWJp21N+bGRnn4MOP7nm3u2bBEiO77KJ7Qy2p22vA7XeAtt/ahQjEPphJOWnQQzYXsNdC4XpU9fovGZZLdesKNlUTd0go0fpls7UweHQGJOgQUx+ZLZJ+oTLpS288N2LXFBqh7m1Fp5kg7a6wEwNYp9baj5Or7RenD8gWW9E4EpA3qNQX8NB8t4wQeL4OSzCC23Do4cjYzrpiG1qMnal7RyH51oBNXuWaZ+LjvijjidQB5GKZoqTooEwqepLITsvJud9VDooGQrNd9LYp7SMtBSRMhlJKz14dKKdBWarn0t+++9dbN620WVNCrAG1Wo4Jsdwyjzu1VbI5puh0od1wXqipfoqcPA1Cg4ifLaMzLJFwUD9bukqa5Px8waH8JlXid/cyj+tgwpXI5+PpQoPCtQMJ/hnyV86wEOgZurPHyEzw7xlETxgpI6TUDGXk8CEwKrj+zTJ71PgEZQkAF7O6pOoEln9c94+fG1k9k/ATidSlXC8Nu7TX0UpXU/VTKgr7WkXU4JSmns0U0taHlPx7O/ZtwMMC7nltlvJu/tmIIwaXCmYFUC8PoO1c7SNkNU98ABOkirVegdNDVsK6Q0sUss/0jr7vMviMHK8H7HM0mw8jaswyLmkLbHT3DBUyTEU5h8vD7Mz2wfb2kb0DFbNM/RrJNv76UclX6mrxjrjZFMOYwDtWXD4o3mrs2oTkBDj4my4YXTkKKOJQCQknqxbPeG0iiFDwZb7UnWlLVophaCzUCSrxS67s3QWqSl4iojS8ugV2whX+QWatasK4fIQIg1PS6ua9Lw0gLJpTU9s7CEVKZCAFYxqNMsLTVT97oUiR7GKZCB3PVa02O8vV/fmM0Hw8ZRvSqygiGoflX+TF1K1igRUvKVxHQzTToWDBveWq3HK/f/Ag23ZQD17iFZZT43WFmCBaIV2R7jnVOKMlOWwRJ4lVYO1MThIQJQC/+lRBQdiNhMj3s1UcdLmI76Hb9m01EnOe3bbSRnX0gUFJd1qCBvqGAYF/GUxw6oERjPOUliQJyXz6R59IjvL7un8EEcWrkDfsudSm1yzzEbNu1RPMi7KTCirYh2SpZ+zZkRR61RltcKYYLkGQT3f6RDZmiSU3tFpZGL63c1BAoXW799B7jrdOcJRwlZ1snXmqZrhJc8VyogMclYtHp7YlKPthIWkL74t/H/4RhMcfUhYpaYP/isQzqX6lmKkmjGEhpNFiBscWp3SDcUKC9/z5zJVFERWCE2Q8gJKNZA2HCGKxi6R9MMSGbXbSzt98JqgkKGsI2MEfQI3L0JXwWNMclfk8d+dgqWfIaIpKnEyX8NmNjoZEdEMYPk4IF49cgmflzTQ3Ai2gBsTr9QAB9rqyu/K8jVTs/Pz16wC04bZRQ3kclDdw1mOMoGi47icuWUuWbbufUgNEtBrdIiw3JBf96nmWOhbWqFFVCrFVUEcarzZrml03q3mQpHPUhwpkoBc9ce0oNrFpfk7Ac2owOqP0MbFYuQRtjp8uTRImOlD//S62/RC1nWOjv4FdPgXoemvR4GWbf8uBK2/U/hn3vjaAKKXqqyw66B0mQfOX4lvr4N
X-OriginatorOrg: uclouvain.be
X-MS-Exchange-CrossTenant-Network-Message-Id: 119c14f0-e216-4049-df94-08dc385ba765
X-MS-Exchange-CrossTenant-AuthSource: DB9PR03MB7689.eurprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2024 12:49:08.2564 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 7ab090d4-fa2e-4ecf-bc7c-4127b4d582ec
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: oIsnVtuND5dcMMXfJdSGTWGS4NWK8y+SjJ8ENBg4DSSL+2yF2mT5BKQFB6Ald7/FXiAWUR61+Z1k0sFbWZipg1r5W6qBKdo8HX6T22anas0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBPR03MB10260
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/JenTtE1zWRGW4mheiA2JzCTCXhU>
Subject: [Secdispatch] Fwd: New Version Notification for draft-michel-ssh3-00.txt
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Feb 2024 12:49:17 -0000
Hi all, We're happy to announce that we recently submitted a first design draft for running SSH/Secure Shells over HTTP, with a focus on HTTP/3. We would love being able to discuss this document during the ALLDISPATCH session (I will attend remotely). We have an open-source working prototype in Go here: https://github.com/francoismichel/ssh3 Coming from our recent research article, the solution is named SSH3. We'd be happy to discuss the name/renaming in the future, but we would first like to discuss the protocol, its architecture and use-cases before any long naming discussions take place. :-) Its final name will depend on the path taken by the solution anyway, i.e. whether it will become a concrete candidate for a new version, an alternate layer for RFC4252 and RFC4253 or integrated as part of ongoing IETF work (e.g. as stated in the draft, we can observe synergies with MASQUE). Among other benefits of this evolution of SSH, we can list UDP port forwarding (or other protocols such as IP), focusing the specification on the Connection protocol, reduced connection establishment, better integration with existing web authentication infrastructures, URL multiplexing and others. I recommend you to look at the draft for a more detailed (but still concise) list of the interesting aspects. The idea is getting quite some public traction (the repo is quite popular) but we're still in an embryonic state of the proposal. We would love to have feedback from IETF folks and work together on the future of the protocol and its architecture. The document is introductory and there is room for people to participate. For instance, the short section 7 only introduces the topic of making this proposal coexist with existing SSHv2 deployments. Defining mechanisms inspired by how QUIC and HTTP/3 coexist with TCP and HTTP/2 would be really interesting ! I know some people already look at providing other implementations of the proposal. If it is your case let us know and we can work together and reach interop. :-) In case you look at refactoring your existing SSH implementation for other reasons, it might be easy to also make it compatible with this proposal since most of the Connection protocol is reused. Existing QUIC/HTTP libs can be used for the remaining parts. Don't hesitate to let us know your thoughts, feedback and use-cases ! Regards, François -------- Message transféré -------- Sujet : New Version Notification for draft-michel-ssh3-00.txt Date : Wed, 28 Feb 2024 03:27:39 -0800 De : internet-drafts@ietf.org Pour : François Michel <francois.michel@uclouvain.be>, Francois Michel <francois.michel@uclouvain.be>, Olivier Bonaventure <Olivier.Bonaventure@uclouvain.be>, Olivier Bonaventure <olivier.bonaventure@uclouvain.be> A new version of Internet-Draft draft-michel-ssh3-00.txt has been successfully submitted by François Michel and posted to the IETF repository. Name: draft-michel-ssh3 Revision: 00 Title: Secure shell over HTTP/3 connections Date: 2024-02-28 Group: Individual Submission Pages: 18 URL: https://www.ietf.org/archive/id/draft-michel-ssh3-00.txt Status: https://datatracker.ietf.org/doc/draft-michel-ssh3/ HTML: https://www.ietf.org/archive/id/draft-michel-ssh3-00.html HTMLized: https://datatracker.ietf.org/doc/html/draft-michel-ssh3 Abstract: The secure shell (SSH) traditionally offers its secure services over an insecure network using the TCP transport protocol. This document defines mechanisms to run the SSH protocol over HTTP/3 using Extended CONNECT. Running SSH over HTTP/3 enables additional benefits such as the scalability offered by HTTP multiplexing, relying on TLS for secure channel establishment leveraging X.509 certificates, HTTP Authentication schemes for client and server authentication, UDP port forwarding and stronger resilience against packet injection attacks and middlebox interference. The IETF Secretariat
- [Secdispatch] Fwd: New Version Notification for d… François Michel