IETF Logo Mail Archive

RE: Feedback on draft-igoe-secsh-x509v3-01

"Igoe, Kevin M." <kmigoe@nsa.gov> Tue, 30 March 2010 16:06 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@core3.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A0CDB3A6ABB for <ietfarch-secsh-tyoxbijeg7-archive@core3.amsl.com>; Tue, 30 Mar 2010 09:06:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.469
X-Spam-Level:
X-Spam-Status: No, score=-5.469 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 77xS37GAL52h for <ietfarch-secsh-tyoxbijeg7-archive@core3.amsl.com>; Tue, 30 Mar 2010 09:06:42 -0700 (PDT)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe52:9ab6]) by core3.amsl.com (Postfix) with ESMTP id 46CA73A6A9D for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Tue, 30 Mar 2010 09:06:42 -0700 (PDT)
Received: by mail.netbsd.org (Postfix, from userid 0) id 3AC6263B100; Tue, 30 Mar 2010 16:07:02 +0000 (UTC)
Delivered-To: ietf-ssh@NetBSD.org
Received: from msux-gh1-uea02.nsa.gov (msux-gh1-uea02.nsa.gov [63.239.67.2]) by mail.netbsd.org (Postfix) with ESMTP id 1AD6C63B120 for <ietf-ssh@NetBSD.org>; Tue, 30 Mar 2010 16:06:59 +0000 (UTC)
Received: from MSCS-GH1-UEA02.corp.nsa.gov (localhost [127.0.0.1]) by msux-gh1-uea02.nsa.gov (8.12.10/8.12.10) with ESMTP id o2UF2kJR004599; Tue, 30 Mar 2010 15:02:46 GMT
Received: from MSIS-GH1-UEA06.corp.nsa.gov ([10.215.228.137]) by MSCS-GH1-UEA02.corp.nsa.gov with Microsoft SMTPSVC(6.0.3790.3959); Tue, 30 Mar 2010 11:02:03 -0400
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.5
Subject: RE: Feedback on draft-igoe-secsh-x509v3-01
Date: Tue, 30 Mar 2010 11:01:43 -0400
Message-ID: <80F9AC969A517A4DA0DE3E7CF74CC1BB034A13@MSIS-GH1-UEA06.corp.nsa.gov>
In-reply-to: <4BB0E199.2060809@vandyke.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Feedback on draft-igoe-secsh-x509v3-01
Thread-Index: AcrPbLHeCZiwbdu0SiaxOHhhcteIIAAqbB+w
From: "Igoe, Kevin M." <kmigoe@nsa.gov>
To: Joseph Galbraith <galb-list@vandyke.com>, ietf-ssh@NetBSD.org, Douglas Stebila <douglas@stebila.ca>
X-OriginalArrivalTime: 30 Mar 2010 15:02:03.0343 (UTC) FILETIME=[F4CEBDF0:01CAD019]
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list

Good suggetions.  Given the existing SSH UserAuth
SSH_MSG_USERAUTH_REQUEST
and SSH_MSG_USERAUTH_SUCCESS/FAILURE protocol specified in sction 7 of
RFC 4253, 
the best we can do is mitigate the need for many rounds of REQUEST &
FAILURE 
messages.  Your suggested text addresses that quite nicely.

I'd like to soften the "Verifiers MUST" in the second paragraph to
"Verifiers SHOULD".  Some ssh servers are restricted to a very 
limited set of authorized clients.  In such a case, these users may
have been issued certs specifically for this site. The server
need only deal with the signature algorithms used in these certs, 
eliminating the need to support a broad spectrum of signatures.



> -----Original Message-----
> From: ietf-ssh-owner@NetBSD.org 
> [mailto:ietf-ssh-owner@NetBSD.org] On Behalf Of Joseph Galbraith
> Sent: Monday, March 29, 2010 1:21 PM
> To: ietf-ssh@NetBSD.org
> Subject: Feedback on draft-igoe-secsh-x509v3-01
> 
> I just did a quick read-thru on this document and it looks 
> pretty good.
> 
> However, this paragraph from Section 2 was confusing:
> 
> >  o  The individual certificates in the certificate chain MUST be
> >       signed using only algorithms corresponding to public key
> >       algorithms supported by the peer.  The choice of signature
> >       algorithm used by any given certificate is independent of the
> >       signature algorithms chosen by other certificates in 
> the chain.
> >       However, verifiers SHOULD be prepared to receive certificate
> >       chains that do not comply with this (in other words, using any
> >       signature algorithms), and MAY verify a non-compliant chain if
> >       they are able to do so.
> 
> First off I think "MUST be signed using only algorithms" 
> conflicts with "verifiers SHOULD be prepared" (or at least is 
> confusing.)
> 
> And secondly, as I noted before, we really don't have a good 
> indication of what algorithms the peer supports.  We know 
> what algorithms the server has a hostkey for and what 
> algorithms the client is willing to accept as a hostkey.  But 
> we don't actually know what algorithms either side supports 
> for publickey authentication.
> 
> I would suggest this paragraph be rewritten as something similar to
> this:
> 
> o The only algorithms that can be guaranteed to be supported
>   by the peer are those that were listed in
>   "server_host_key_algorithms" of key exchange (See RFC 4253,
>   Section 7.1, "Algorithm Negotiation").  Where possible, the
>   individual certificates in the certificate chain SHOULD be
>   restricted to the algorithms listed in "server_host_key_algorithms";
>   however, other algorithms are permitted.
> 
>   Verifiers MUST be prepared to receive certificate chains that use
>   algorithms that were not listed in "server_host_key_algorithms",
>   and indeed potentially algorithms that have no ssh equivalent.
>   Such chains are more likely result in a failure than a chain
>   which uses only the algorithms listed in 
> "server_host_key_algorithms"
> 
> Thanks,
> 
> Joseph
>

v2.23.0 | Report a Bug | By Email