Re: Binary packet protocol rethink

nisse@lysator.liu.se (Niels Möller ) Mon, 30 November 2015 12:11 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3193D1A904D for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Mon, 30 Nov 2015 04:11:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.61
X-Spam-Level:
X-Spam-Status: No, score=-1.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ju072PMD4Yc7 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Mon, 30 Nov 2015 04:11:00 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:4f8:3:7::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 915A81AC412 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Mon, 30 Nov 2015 04:10:56 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id 7A35F14A420; Mon, 30 Nov 2015 12:10:55 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 8B13D14A41D for <ietf-ssh@netbsd.org>; Mon, 30 Nov 2015 12:10:52 +0000 (UTC)
X-Virus-Scanned: amavisd-new at NetBSD.org
Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id gbzyupU8BdQT for <ietf-ssh@netbsd.org>; Mon, 30 Nov 2015 12:10:51 +0000 (UTC)
Received: from mail.lysator.liu.se (mail.lysator.liu.se [IPv6:2001:6b0:17:f0a0::3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id A94AB14A406 for <ietf-ssh@netbsd.org>; Mon, 30 Nov 2015 12:10:51 +0000 (UTC)
Received: from mail.lysator.liu.se (localhost [127.0.0.1]) by mail.lysator.liu.se (Postfix) with ESMTP id 6CFC340038; Mon, 30 Nov 2015 13:10:49 +0100 (CET)
Received: from armitage.lysator.liu.se (armitage.lysator.liu.se [IPv6:2001:6b0:17:f0a0::83]) by mail.lysator.liu.se (Postfix) with SMTP id E0A0640032; Mon, 30 Nov 2015 13:10:47 +0100 (CET)
Received: by armitage.lysator.liu.se (sSMTP sendmail emulation); Mon, 30 Nov 2015 13:10:47 +0100
From: nisse@lysator.liu.se
To: Simon Josefsson <simon@josefsson.org>
Cc: Damien Miller <djm@mindrot.org>, Simon Tatham <anakin@pobox.com>, ietf-ssh@netbsd.org
Subject: Re: Binary packet protocol rethink
References: <87egfdxebo.fsf@latte.josefsson.org> <87egfdxebo.fsf@latte.josefsson.org> <nny4dksr3i.fsf@armitage.lysator.liu.se> <1448554180-sup-7145@atreus.tartarus.org> <alpine.BSO.2.20.1511292242300.12629@natsu.mindrot.org> <20151130115423.704a3d44@latte.josefsson.org>
Date: Mon, 30 Nov 2015 13:10:47 +0100
In-Reply-To: <20151130115423.704a3d44@latte.josefsson.org> (Simon Josefsson's message of "Mon, 30 Nov 2015 11:54:23 +0100")
Message-ID: <nnlh9fr8l4.fsf@armitage.lysator.liu.se>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Virus-Scanned: ClamAV using ClamSMTP
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list

Simon Josefsson <simon@josefsson.org> writes:

>> IMO the AEAD primitive is the right metaphor for the security
>> properties of the SSH transport protocol. Removing the large
>> cartesian product of ciphers x MACs will make testing faster and
>> binaries smaller too.
>
> I agree.  I believe there is opportunity to deprecate all pre-AEAD
> modes, if there is interest on doing that.

I agree this makes a lot of sense. AEAD is exactly what the protocol
needs, it just wasn't well established at the time.

I'd like to see some discussion on how to do it within the ssh algorithm
negotiation, since it doesn't quite fit in the original design. Maybe we
can just do what openssh does, I'm not sure?

I know that completely dropping support for "first_kex_packet_follows"
has been suggested. Maybe that's appropriate, but I'd strongly prefer if
we could keep that a separate issue, and for now just make sure that the
key exchange details stay sane and unambiguous when we add AEAD.

Regards,
/Niels

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.