IETF Logo Mail Archive

Re: RFC 4253 possible errata

"Mark D. Baushke" <mdb@juniper.net> Thu, 22 June 2017 04:44 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49DE8127A90 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Wed, 21 Jun 2017 21:44:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.091
X-Spam-Level:
X-Spam-Status: No, score=-4.091 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qgQ8jCONx3eu for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Wed, 21 Jun 2017 21:44:27 -0700 (PDT)
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 896CF126C0F for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Wed, 21 Jun 2017 21:44:27 -0700 (PDT)
Received: by mail.netbsd.org (Postfix, from userid 605) id BBEF384DDF; Thu, 22 Jun 2017 04:44:25 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: by mail.netbsd.org (Postfix, from userid 1347) id 1061C84D7B; Thu, 22 Jun 2017 04:44:25 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id D39BE84D73 for <ietf-ssh@NetBSD.org>; Wed, 21 Jun 2017 19:32:07 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (1024-bit key) header.d=juniper.net
Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id VZNywFC7B4Sf for <ietf-ssh@netbsd.org>; Wed, 21 Jun 2017 19:32:07 +0000 (UTC)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0730.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe42::730]) by mail.netbsd.org (Postfix) with ESMTP id D54CE84D72 for <ietf-ssh@NetBSD.org>; Wed, 21 Jun 2017 19:32:04 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=GUNGCclqJKs+nZJkTuNlT90U9UEwGs3hB95W/icRF2M=; b=d5rpCkN7CksJZt9mI+ys4unZH2rtmJXbqnhKcQI7c4p7/q2BoaURHVxkjV8WuLWKT5tvAzf1EkN1aLEaLTEy1Ft847nPcqj50gt2/E7L8/y4VIkJrsyLh8pvG8LrRCDBz8wsROtCc5pC17yZTDV7JO2Pe9C7BcngSYA/VrukcrM=
Received: from DM5PR05CA0007.namprd05.prod.outlook.com (10.173.226.17) by BN3PR0501MB1300.namprd05.prod.outlook.com (10.160.183.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1199.6; Wed, 21 Jun 2017 19:32:03 +0000
Received: from DM3NAM05FT034.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e51::206) by DM5PR05CA0007.outlook.office365.com (2603:10b6:3:d4::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1199.6 via Frontend Transport; Wed, 21 Jun 2017 19:32:03 +0000
Authentication-Results: spf=softfail (sender IP is 66.129.239.15) smtp.mailfrom=juniper.net; NetBSD.org; dkim=none (message not signed) header.d=none;NetBSD.org; dmarc=fail action=none header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.15 as permitted sender)
Received: from P-EMFE01C-SAC.jnpr.net (66.129.239.15) by DM3NAM05FT034.mail.protection.outlook.com (10.152.98.146) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256) id 15.1.1157.20 via Frontend Transport; Wed, 21 Jun 2017 19:32:02 +0000
Received: from p-mailhub01.juniper.net (10.160.2.17) by P-EMFE01C-SAC.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Wed, 21 Jun 2017 12:32:02 -0700
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id v5LJW1Ff011097; Wed, 21 Jun 2017 12:32:01 -0700 (envelope-from mdb@juniper.net)
Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id D504011446; Wed, 21 Jun 2017 12:32:00 -0700 (PDT)
To: Ron Frederick <ronf@timeheart.net>
CC: Curdle WG <curdle@ietf.org>, SSH WG <ietf-ssh@NetBSD.org>, Eric Rescorla <ekr@rtfm.com>
Subject: Re: RFC 4253 possible errata
In-Reply-To: <50A8EE09-4FB3-4272-956E-E280F90E01A9@timeheart.net>
References: <80212.1498069205@eng-mail01.juniper.net> <50A8EE09-4FB3-4272-956E-E280F90E01A9@timeheart.net>
Comments: In-reply-to: Ron Frederick <ronf@timeheart.net> message dated "Wed, 21 Jun 2017 11:41:35 -0700."
From: "Mark D. Baushke" <mdb@juniper.net>
X-Phone: +1 408 745-2952 (Office)
X-Mailer: MH-E 8.6; nmh 1.2; GNU Emacs 24.3.1
X-Face: #8D_6URD2G%vC.hzU<dI&#Y9szHj$'mGtUq&d=rXy^L$-=G_-LmZ^5!Fszk:yXZp$k\nTF? 8Up0!v/%1Q[(d?ES0mQW8dRCXi18gK)luJu)loHk, }4{Vi`yX?p?crF5o:LL{6#eiO:(E:YMxLXULB k|'a*EjN.B&L+[J!PhJ*aX0n:5/
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Date: Wed, 21 Jun 2017 12:32:00 -0700
Message-ID: <91495.1498073520@eng-mail01.juniper.net>
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:66.129.239.15; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(39410400002)(39400400002)(39860400002)(39450400003)(39850400002)(2980300002)(199003)(377454003)(189002)(24454002)(9170700003)(117636001)(23676002)(106466001)(966005)(478600001)(356003)(4326008)(2810700001)(50466002)(6306002)(55016002)(54906002)(305945005)(53546010)(76506005)(110136004)(86362001)(53936002)(47776003)(6246003)(53416004)(189998001)(38730400002)(8746002)(8936002)(105596002)(2950100002)(7846003)(6916009)(7126002)(8676002)(76176999)(2906002)(50226002)(50986999)(6266002)(81166006)(6392003)(7116003)(7696004)(5660300001)(77096006)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0501MB1300; H:P-EMFE01C-SAC.jnpr.net; FPR:; SPF:SoftFail; MLV:sfv; A:1; MX:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; DM3NAM05FT034; 1:1ZFPPIAv+l7UKVhz1GJyOGPWPlbKMGyKOU+YoTe+Sr+y6ZqsYcW5CyLqjffW1luvYXNhXgR1SBzSROML9sC1VdHrhprF3dA/LyAOiA41FMy3nTsuHjI0L+ymLrz8iSe6Worg3UcZJUmMOAeR5J1wF9zcdVcN9f5mH4Jz73k3vwOIMQDmVlxuKlnoqAKhFHdqtKIvu2GTkJixNNZpOYCqi8Mg0mltBb29Vfv8o/6Mfw3FaylFbkdsYljR2spdru4puFPm/fsgKkKySoNaY4Za0q4zk+HxwB+fCwRStnOXY1Uhh8v3Z98aO7nYU1SbFsBpz1s1pfi61dhP+NbTi/67T9LVxSBdNEPrLa8p3/bxzJijW7rA4ouMlxT+LhyfWeBv0iMaw6D5EXnziB9RbAF1Q22u2TaQrGwf970iDgSjF4RRtuyU4DcCKVWaEFj6ZHRhyqLkVFRwbXsD6uGoebgytGs4782IybfKq5Oz39EpYXTHkOHSXbJrHZvTyaHUYxcLDrZk6GPYer6aIsu0pb8GI2c4kvK2g61BlDgvUZhLKZAs8D6H0agkG5/zujgwX0hgoxlmfQIZeVSipeQ7KX/qSwEVIFVoy59XWHFDQj0RZNFXL2dZT+kA04ZqTuc2dK6ILdb7ehhzB2VACoj/qFKifzcRFZze2X8tNPTiYTamRpz9/3Btm/PygAUJIWNNG/aeNLNZCuoR3spl88SFUpS+tMNdvUeHHVoa5m4YpMcIFH9kCRzqWZsEXqWUX2yGOBBJrAzOLTk6YTFDyojw12ueAHc7F5weklDcsC9T6f1spbSHaDJN5CDnphrmFlQWaw9F3nCMbYyCWEfYrll/1V0lTJ6KND+9GBLlvGkgdrL9JtgD2N/1lSTor5yOl0tOhNFj
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 9b0c3967-4a53-474f-daf3-08d4b8dc3196
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500055)(300135000095)(300000501055)(300135300095)(22001)(300000502055)(300135100095)(2017030254075)(300000503055)(300135400095)(201703131423075)(201703031133081)(201702281549075)(300000504055)(300135200095)(300000505055)(300135600095)(300000506048)(300135500095); SRVR:BN3PR0501MB1300;
X-Microsoft-Exchange-Diagnostics: 1; BN3PR0501MB1300; 3:Gpc0Bj4QEDCZLteUlM+ZNjlVnYIQNDDPE8Bmbw2SU8Z+lHLWzim8T8i15Eb+b40o3FpM5vV1VgbBVo2++sue7V7Qc0iWrbtqmg3DYPShlzwRWgVCJsFxyhCXSfHCKpejSAoAAvs1u8EI46v2b8o4XNAcdfutMnPsll4HkIQU8ycRqf44fJX0WZ36aV/oLVvDt3xdXralHoFVFi371/MokQjEZyoWesnk/Lrwx2+Nx+1HRy87iVjKovwbVJP2g8Kc+KV4OmLJRr88+KkKr29KAOXgh6tDYQErdtEeEnyalYfXWjhxu9JzqueqxYiRYOhgNZ9I/UD17GsGrfIPrkdYRe5IokvJgsKujv7EShNwLwKgcHQKRiftr6OSK9UXmJ8XydL5ojDt/XpYAgRwxLSeleO8hyp7XGjUwffYAbTQrU2Rwnw0rJUgRZbbUEXfO6Xp0+rg9V7ciplaPUEIl3xH0QN2nS673Sz3YNweurAYbN/+Q5L4qzr33+m+uI2URKzduhVlFlGCrxVK3RBD0wELQ2p/41XdwmtITwNDzcvesPOl6HsjlnZml/85WUu3orgS7jDkrSo2iavRAcKlm8mloTGrw+ZM7OCatft5uub03IwdhwBWuGUBoI7pae0JNI2pKgrV4xb/hwT/rM4Ysx6sRK6IcmMGe7y72zOlJBBkUEBanbp7RSDJR+yxjfY7i7Oy7Cc11m31haehUClpgcKFCPYlJ6qXhNs6JLRsiD6aIJsqt72S9Y+U9NnhBmCH0FWM9ysefgCiAfo5qcXLKhJXc1ZWOMXrtU1zS69W5NfOCjOeL8WpcoO8O2eXI+VzKWVTob9AHz6Dv67QFORE2wxgAQ6qFPc14KZOb8+c5xBmq3fPX/YAfXTp9S70PTUPGkWGT8dadFAl4uL8jMNSkqIewA==
X-MS-TrafficTypeDiagnostic: BN3PR0501MB1300:
X-Microsoft-Exchange-Diagnostics: 1; BN3PR0501MB1300; 25:c+CzhXRP7brWF4ODQNKfF1UiYIH1OpkCDW6oRlKBUYmEXaH+OPSiykxFIB7g/CkYNPsGjo//78VO3uA1U+SwvQtlNn/7mUBOzlfacyXprG0+CgWWZtLKfIffPLgvzy3vaIAuAqq1M+06lBINsFoW4fKT/K6Wt2+SplT2GD7sd5LJ9n7+XxU8DmqXMYF3UuMz9FPqYXgWlXWYokOBZmcIMLufOw8sbTptXTFRN8Ja1ty9zl2dGrANOELSzkgN4+HIQRQSnAFmQyfJ6Eaade2PGSGTR5jty796OAtVA0xcOIBAtA2FHDUYOIgC5EGdxbJu5c7TnPzytO++VkVk7TPMP0Qchr65EclxbS2c7nVjRgaQG60AcePH8mDH3Cu1f3Uh3OAC4KFeNbHhL+4Onw7cXShmUP/oHNGEN6DFqU4cwZOJcOjUt6CzR4K2sOf0VUJlmY0jYv40naMy2aFY++PkSxdJSYHs9l898EyXlNiNSCD8aFfxveTSfqXBIWryUNXwSDqtVrjZdFId5pAlB8aIYioH60arYPrO6TmkznPz924Ii1uceI2dLAVh3evVm/Tn5R1KEme5Wf+SapuBNJ50mO2M6cxoEMRQK56aEfUEjDmfzK5MpdZFvfi8Ar3EnOlnUxTxISpuNo0CxXljEsDq50G6rpTpznVQHqIx5vki1gfgY2ADfr9nwgVCN8/eHtBuJuLqrzMWkVAI+U/1surbVWdfEiYzVlFoPXa3ZGCECI4ZEmeoHt/ctvMhYlHUNW4AGVw2CGADxUkmbN1VeGyAxJP9t5C14YStabrFoNLEPwBUPh3nNJHbGOJzB3NIEVqp27A5FH1VhgAL0u+Vhi7R1gcF84Y/hTRtTQipt0QH2bchSOZl2M5Smm797jgpwNqxdMj2ch5ak1XsLgO0RcUjyVAkmsi2c/x75C0sy7FbTiI=
X-Microsoft-Exchange-Diagnostics: 1; BN3PR0501MB1300; 31:8qx04RMPyGGWePGpINRAmI16ps12pPvnedSzu6RFmt4oNAKSIZdN+RCXUXbTIGVzq+NekgBur+YUbYi5Zum1GYxTyIXCxapVc7CnP4yg0nXw85LVsGxNNX95zj03xUK6HfyAIBErFLNGE2WUgZ4cnv/rBJ0oP4eGY11kRTcSla7OKPpsOmbrGnQcU34R1N2fEU65gRPielU1TSqcymLDA0p5EFdEE7jJI/i0SomYGfy7rfKVzoNp1uEUC5PM1V48yIOLNMnfYXg0XX/gu1A1AY9NmB8U4TmW4uwwqixitDO5NYbbgLaxBUQWM1fm9hB771w/sNGf+BfpGLGcWvjpJURrDYARQS1SNdBQJv64XESQ+L8nICSadevhlwfbTBcIfA8HDl4EMqHY98xJKIalJbLnqK2yI9w3aIF7N7l6h3pR8u2evmRPy5/rkXpFcvvXflozQpdRCRapfsIlylXlb9S9pVaK8S8s4DnlwjqkmF03Ar6R0YMnsqCSGcDn67ZR7V/qxj4Eqjp4YtPv909/2m+ouLs1AgevIeZyJVHLSwLxCvIjQzcAIp+S4bYfRgSWFeUHZ5YsJhD85w1DCgHz8a6bqI4Fw3n6BwiwyVrFtcI8AYT1mLVsGvjDviHdaVAtQb5IoEWH+QF7RadUDCqKPEgqKdU3WzGL3Iaj/WjtuaiIxXilVAxoMOiIsOR4kNSCG9jYnM6Aex2vWPT+hpMSlQ==
X-Microsoft-Exchange-Diagnostics: 1; BN3PR0501MB1300; 20:MFu/TjbsJjjeZNV4dEGHl6ByicQRGyJDAdV55l9FbmrzH12dQNMYvC8lQ+mDYsvv6aIR8EOQEHPtHzKZwKoHVt/ipk4mWKUx2RrAP0jqM/JXfediuxyq3D2aTVXRKgDetA0QhKr5+a4StWbvcVMSqq610Ts+wFKu6V/cIr0KbC2coP11UQ3empHAfWK15h4aVKgPw6SHtT/R8olIhivFMFgJ1yVHof5TT4ohVQoDtrMdgLSyXppdJ7h/yxLy8CD+MtDHVNUzeQgsLVFokh6yaFB+y9Q5cjAJAPuZh4o0sfyfwwG8m4wxZFD4nhgtrI2/9NDGpRmuZ9EZRrnYIIZRZUrAHtxWhhD9s28wb5tNoD37aW33nj/wqBsTRUabGO1U11PwQLHPZ52y3/wLo2jwnB5XzSBKvyazIf9rt1cjvecpql4JWx2ZUPHLFFHMVoz5uz0z5oaw4lqRn6JrhbMZjiyeweQsDa+K/VTmxQwTzTZc00yMmbMYZVEE7ePB7Jgz
X-Microsoft-Antispam-PRVS: <BN3PR0501MB1300E4F745933AF84F0734E3BFDA0@BN3PR0501MB1300.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(158342451672863)(138986009662008)(100405760836317);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(13016025)(5005006)(13018025)(3002001)(93006095)(93001095)(10201501046)(100000703101)(100105400095)(6055026)(6041248)(20161123564025)(20161123560025)(20161123562025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:BN3PR0501MB1300; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BN3PR0501MB1300;
X-Microsoft-Exchange-Diagnostics: 1;BN3PR0501MB1300;4:Ro50RBa7injb8iHbdKfE8+da+MxrjCpy4/nAOD3itAtE+SW4suO+eoKtDmUokvY64kDdXJeVKlrglUv/hznZ4IzF0QJye50CG+7GNRAMu6TmrggP3NGAFb62FS8fuRri9ifjecfppvBXQ3eDkvfP1hirNiuxMACgGC5Rs7yhidmNaD3Q4dr72oDIjbJylSVBUw6JxrGt6flEr2E7/c3XHRv60qHsZgDtkMLpUieRjYBCwHybQsdo4QNFaNG7W/6mdQPv1Gx9qX4KPg7hOU716FNtOlbtaLW+kxRX20eGXpb/327jv3hsxjZRGeEn113Rv2Bdp/1GnR4c6z8TpqIIvKQohmhhA7SLPrDZf4zTCbM2+UVgU7uPDAUtFeGzVtQga5cGY1xrItzzbxxDjPUQSDW/OlYYxUs2uJvRf1VgWyobP01cMUH+0DIbCfXZEqEg8EwIjUfWTt5colTdlfWp7jQcePpBBqHynNDxR6iuMADATQqDrWfK5aUX2kyG3Z7jxQyAKmy4WiCyxjopkaPjlNlCo+ngAwH+ofiLdal69VDpqNazBXPKO7XxnJKgH/ZldNm5ocwaTWdaVPnUk55uefm0CmksW7ME4mU1cpgEb3hD07tKjKf0ZFWJGnyLWMU+9eE5fkhdIGkt23kKsvE+mTx8S5PJ3waOFvjUXmgFqsNWFFtuXO6Nav2Si4kEgfzbyN5LsBtZ/YnSqaR413Jw5h2gE85zLGDRtybR1mS/wLwATri9iC3yWM/mZiPhboK1S3R48vIP6DhSF+XO/BBAwJxxLwkcs0YYnRsIWYvh7ZSo4+b+lQho7EzCw3/jb9ZoU4CVDgbJghfFa+1mDyx2F7khlB2/HF3zBsSsCdsBg1uUahIWG8flYuMLDHEHFt70P1+DYmvmOXIp7CNT/73bCDDYttSwRyXcoTZQNqWiq5UNIUwEz6+mrcJ365tQmTpnd84ls0X2nZ8ooPZCHaOr9kZayJDd2OhqAi1Gk2EeicSpWQvmtonJJPvlq2ya/UM4sFyoLY/RpB1W97QWmjxVCpSVPm/UJZadxStfJxl4MuotoC9GzbFjeHawGLPSoYSe3OyM5EOTPHp9ZVWlxdLxxknHp67eDLvru9PDB6j2F+4QHNkEIzejtRgigfpKNy4DckdhPL1mz32ycdKs5qoYE6AxxWfTjp3nqgs3ZBJbyv/hOFF+gDPxg24fnPPfInTzgT+WX3ABpBdGZC8jLchftrwSqmlZDuxBTgTnnbACBrS3Qyb45ve4ZFQ8esKr6OaDBtF88jakSO/hWVCgFUL5eHl5TlD2X+Nj5+wSAhgAFhU=
X-Forefront-PRVS: 0345CFD558
X-Microsoft-Exchange-Diagnostics: 1;BN3PR0501MB1300;23:AUVYOQtDcZCoqRIahNZfgaIzwFFJDAQ5zWI3NKxQoUyRp4dqJ+PcR+9TPkI3/luOCYiuuTgbCuTPdLUxcfEdqWP+6upKa8NJKQQSd6lRqjKvrd2W4p7IxlJgiIuR3Mm0YnvavinmQeUe/tH97KZ3mR4RyeRqEGZBNcQIiyNpGuRW35xk+/qZWH+l4VYgk+Y7MytxIavMUTB1dNInh9ebwStnqVCGo8+wXYh4xtTGLFXGj3T2x2ob4E7+7e6nWWQPBeU5Yt10qw5NpvxnG01YHy2nvcyrHOyDt/iIRio/9NcbegFjLBURqnV5kQ2MGKlopYh7shYmndFCkBNmDKMq4SfizIqmOcVmcOWeIyfBOSkvQD43YH+oJO4y11mZrec559/bd8IMoIXug//8p/fcdrFR/LqqYvUZ9pBjZOytieRaqDGLaQEBDCCavqs4XOH96aMmicnRlhOLEOEOiSprWBCgOWaZC910rz1OuXzdV9CGar0rWCW7Rvnnw01tLlpTVOtej0gO6QY86zijwPMLtER0taZE1Xd1wv+oO9MG278BAZ06NPSeVaBzEgSwci1+gJfD+HhJd47DL6RJtMdXLRJLFvjJ2KGgNmIZvAKtVCMJ2AK7jWgXIoXDt9K1vOfaXpN0cysohCMlw3xHUhZbMoFH/qceVITEY0srbvynBdth6AU+W3Am5xavNctBDeZgTCxm36jPRdXKxQ2eeAltRMu8DaFt4IrxbupIpah4JVh4KERt4CYV+H6vYgDnvl2sKGaQImVVyEX+4DzWhk+8fY0+twO/cU3sVhP/lCNDBBXEZ/4WXK2No+Lxzxi07Z62WmmfObFdGlcu/MV/Dm9XKG89jkLRtA8b+kUe0RCAzS/dAiwHtlmonp5ei33y06jUPjS4K/+eD5q+USQW5pTWFGYvilPITTek0rKb7KIBPOlKhOZaJFjdap4TsMy+3AwYrgNvCYuLq+udhGgAuuUhvgzXvTRblGuXrTnuRsrgaAq61ziFNB8sTOrEkGmv9loNcIShPY2eOISQFFKH9K0eid43DaNgC60tdLYnW0f+VFAVBGilw/RQu1Uy6/kbJwevSPE0mdpu/KnjWUKz6k7wOSZR/6MF+I1KytVFbDmSNeGvSIixA7yfIDu1Y6gqDk5WzarX+s5BFOjPO/5kBIieilK4jHHR3s/AWXNIGo/rYs/xuE2gQpJqCRz87C0u1RQ838+Y1coX9RBMIz989CBp4OTkK5vdBw/8e4nupS3UXBxCLHAZOTu12HWGP9SEP/rZU3fLkOZ6HqUZkufIj2lnC0xde6avCp7fITOYPDRkjtQ=
X-Microsoft-Exchange-Diagnostics: 1;BN3PR0501MB1300;6:L+bo2bV7sMpfUo+lXfZlYcWYxkhbLLGGNwQ7ullCSya+OdxOxCQdkfN6wspS4jnRdx5IYaANvEHOcXidst12dC1DVId4q+T0JU6loerz20winIwsr9nWarPbrcCyYrqWWyZ8TIhIFtmSPztT6yQNafOUz+ILxCNtzhoD4FEC3famaVC9djeQznST4Jf34aMB6drN+TkhEmozyS8adAkyDzs2nbZobGmHhROfyFBJs4x8Jbt/Kby5NRoH9g+BbBQixmOW6e4VOpsknlwzREhUhdquHo00sKXaF6XYGhSCM3iWX4B0/vevwgB6OT2EcPIAPsmx8fpsnUheEeuDyJ2XH5oEtcgj8ZPkVewlhaAfmJ5oPrYu8MWlwpZJCbMwhhaTe8VXA1ek8XTFPAFJv6l/MM7miUhfhqLfmI0pBNRY3hRkTd/jR848Prk6a4u+jXb18JdaFwo1+6aXTlE8Bed8sDUlzTcUrCFu4YCxyMcyxtYm3AMYykNe+9fa7WSz48QN5c2Rl0OykAu1RGSBUIt7caO2mD5IyjHHzqyWeUny2DkILO6fEV/3joswsbc89ql2jfeCpqcPWwcud8+GDGNTayJ+nTZRlyB2y27tUFO647h7qDOp38Byxtkef2BDID8mhHhFUyxGVkQZKy1PSi+rw3Rg9cWOX39ptoYqdNb2MaI+WXVMJg1Es0ljsXlWwbppfxsI86fwhGL22yo/h4aMOdTb8ej3G0OpdnvvxkCDxOU6T4yfkwIA5RDDr7FuO6ncTAzsAreYiapQd7YD61Tih1MAnVp2J8dzrWkgfqH2dhK7LZ3gOJZaBWJwx/s9ODs9zGQBxrkEczTB3FfPuXC1P/qk2p7nWin4Mei5sMGRdxAjpk2YjB/mhhzd/mELOfrIAUASkLzZAfpr8k7Duw9gWAY/be+7927gpgB+X1vUJWAFYu9zIKwP2x58xTwMsJbwcKmcxpIziK91liyw6xmfIHEwEgKOvMjLcF7F8qTc0cubQjKHjDU6mCW6mq3G7aUh
X-Microsoft-Exchange-Diagnostics: 1; BN3PR0501MB1300; 5:9gPWqkdHq1UaiWFu2/aEFNhRBy1vG38v5CDCEWrbD/n/SdbsbdiwaEMoWM/av2Si9dd1woNmFoqLIdV4DrWRg6F9oHDeKZBf1cAe5YwKLvBf9e4UsBG1cx3liHx/EALtNgpEqqebz1klBS3B6uVkER2Tam1HdOGB09yFGBdPxjiNR4PKD/Q3ZQ+0sW6uT4UTzN+tXfeS7DpSsNeL5cyMOo6TM2zgfSDbjeaWE5zKiHOyNT5ep7qp9P4WQs0K470VtQJIAVq1gRDTvzJC6SlEf0I1nskhwoqrIef+ATjB42zL1Mq3vrCzED64lScabY99RwSbzZkgnRXQmecWaCp606RBqwejPePJjBFq6xAbxVnxO/lFe2SXRlqob6AJqLHnh3hTTWjM4jJl0Mt1s1ChzNUW3MH8QvH5a09+suSC+U0M1ssJyP7K42CnG7m7UuzlZd3QUJ4Qg2qq4ThtfrPwiKW+pczXE9PdvcR590ps7r5BB3ARIzGixdItioTq93uB; 24:RcFpSSxwtt4fPBWqiZm0/dPoS7BowekpJJedDrnQiC1yxCjvCpLoiWvCrl0p+6rqDPq3WvBl93vs6OrRy95qd5dAQBh+6rWQRvqVhd1fne4=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; BN3PR0501MB1300; 7:I5IHq+JUyqTe3K6A9RlbI7PKMrlwbvL+ZxMKVAEZNdK9Ji5o9gVY17IxbB0oDYW+DxtKlaRst4Em96JMCVF8Qd1GhWpaCabcD2JFvJwpvDYjR99YrQIpga4i5ftUSI/8SwDoM3Un3Pr7OTywYarV/4/yYlcUORQU0A8renRVUzPAn9/1tEhOaY+MXQ2SetNwUhRhr5XLpUgSVifwRD+0b8ZTj8aKiEnm8MO7JxzzEYiSLilWaQKnpXzgbnt9PpxjtdccakJmHMkSYEH/KRi9BBiV+pZQ62eGwm3Udx4EMQLFW6weuFlJEw9Zi79GQ/asIMAzyrH3nhvIZWyAFFkYb2TTlC2FwxMpNV3EgzAFmsg8O1Ziex9gWQZvo4OYauhsnWsDPpTvnCVXfzNlSNY+JaWruQn8sMkJrxsIU+DoQbcfERllwJs8M07SffHALAQFij/lVpYXwDOR3E3WquE6oFXM1dm47jE620HTwpl6GSzSAq44UdOVmyHqxMrHYfAG56sG6UG5ikB1LmAPList02eoQyrm1J0BTRvh3RmwmGdaZyIwu5zoHxr0Jc7PbN0i3XD84d8qSHfUkLsfw5/z/SRw3VUdi9xGYisv0mePw174melE98H3dOxLcKg+qZ5fxOLddM2WD1ba87YMMIcfXWaptyUjtGZ2gqNqmd3YS+9295iG196Kh5TTk30SH+9TlqQVt6TorCwNBh/UWX34OAaWVjc2hXo27rS3EWY3K4X0dSeX4jSgNCFdulfDMVSS+buHZdTTsuGh2I6eND6/OZkPE65dG/Zp5N6GE+0Z8QU=
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2017 19:32:02.6618 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.15]; Helo=[P-EMFE01C-SAC.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0501MB1300
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20ietf-ssh&body=unsubscribe%20ietf-ssh>

Hi Ron,

Ron Frederick <ronf@timeheart.net> writes:

> Hi Mark,
> 
> On Jun 21, 2017, at 11:20 AM, Mark D. Baushke <mdb@juniper.net> wrote:
> > While working with the IETF AD Eric Rescorla <ekr@rtfm.com> doing the AD
> > review of draft-ietf-curdle-ssh-modp-dh-sha2, the topic came up of
> > validation of the Diffie-Hellman public key on both client and server
> > (peers).
> > 
> > The RFC 4253 Section 8 writes:
> > 
> > |8.  Diffie-Hellman Key Exchange
> > |
> > |   The Diffie-Hellman (DH) key exchange provides a shared secret that
> > |   cannot be determined by either party alone.  The key exchange is
> > |   combined with a signature with the host key to provide host
> > |   authentication.  This key exchange method provides explicit server
> > |   authentication as defined in Section 7.
> > |
> > |   The following steps are used to exchange a key.  In this, C is the
> > |   client; S is the server; p is a large safe prime; g is a generator
> > |   for a subgroup of GF(p); q is the order of the subgroup; V_S is S's
> > |   identification string; V_C is C's identification string; K_S is S's
> > |   public host key; I_C is C's SSH_MSG_KEXINIT message and I_S is S's
> > |   SSH_MSG_KEXINIT message that have been exchanged before this part
> > |   begins.
> > |
> > |   1. C generates a random number x (1 < x < q) and computes
> > |      e = g^x mod p.  C sends e to S.
> > |
> > ...elided...
> > 
> > |   Values of 'e' or 'f' that are not in the range [1, p-1] MUST NOT be
> > |   sent or accepted by either side.  If this condition is violated, the
> > |   key exchange fails.
> > 
> > ...elided...
> > 
> > The z in range [1, p-1] notation, specifies a closed interval which
> > includes the end points which is equivant to 1 <= z <= p-1. The (1, p-1)
> > notation specifies an open interval which excludes the endpoints 1 < z <
> > p-2.
> 
> [Ron] I don’t understand the “p-2” here. Is that a typo? 

Yes, I guess I should be careful when I touch-type numerals. It is
intended to be p-1 in both cases.

> Also, if you want to convert from the closed range [1, p-1], shouldn’t
> that to be to an open range of (0, p), which would correspond to “0 <
> z < p”?

Yes.

That is the error. I believe it should either have been written as [2,
p-2] or (1, p-1).

If we look at other sources such as NIST SP 800-56A revision 2, page 36
section 5.6.2.3.1 we see the verification is [2, p-2] which is also used
in RFC 7919.

> > Eric noted that https://tools.ietf.org/rfcmarkup?rfc=7919#section-5.1
> > uses open endpoints.
> > 
> > Eric suggested that my draft should include text that is similar to the
> > ext in the RFC 7919 to correct this errata.
> 
> [Ron] I see RFC 7919 refers to a closed range [2, p-2]. This would be
> a change from what is allowed by RFC 4253 today.

Yes.

> > Before I make such a change, I wish understand if what folks have been
> > using for the test in their implementations and get a consensus on such
> > a change.
> 
> [Ron] In asyncssh, the test I’m doing on e & f is “1 <= e < p” and “1
> <= f < p", which is essentially the half-open range of [1, p) that is
> equivalent to the closed range [1, p-1] listed in RFC 4253.

Okay.

This implies that there would need to be an implementation change if we
agree that RFC 4253 use of a closed range is an errata because an open
range was intended. Or, we could agree that narrowing the range is in
the best interests of the DH key exchange.

	-- Mark

v2.23.0 | Report a Bug | By Email