Re: RFC 4253 possible errata

"Mark D. Baushke" <mdb@juniper.net> Thu, 22 June 2017 04:44 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49DE8127A90 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Wed, 21 Jun 2017 21:44:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.091
X-Spam-Level:
X-Spam-Status: No, score=-4.091 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qgQ8jCONx3eu for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Wed, 21 Jun 2017 21:44:27 -0700 (PDT)
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 896CF126C0F for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Wed, 21 Jun 2017 21:44:27 -0700 (PDT)
Received: by mail.netbsd.org (Postfix, from userid 605) id BBEF384DDF; Thu, 22 Jun 2017 04:44:25 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: by mail.netbsd.org (Postfix, from userid 1347) id 1061C84D7B; Thu, 22 Jun 2017 04:44:25 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id D39BE84D73 for <ietf-ssh@NetBSD.org>; Wed, 21 Jun 2017 19:32:07 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (1024-bit key) header.d=juniper.net
Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id VZNywFC7B4Sf for <ietf-ssh@netbsd.org>; Wed, 21 Jun 2017 19:32:07 +0000 (UTC)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0730.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe42::730]) by mail.netbsd.org (Postfix) with ESMTP id D54CE84D72 for <ietf-ssh@NetBSD.org>; Wed, 21 Jun 2017 19:32:04 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=GUNGCclqJKs+nZJkTuNlT90U9UEwGs3hB95W/icRF2M=; b=d5rpCkN7CksJZt9mI+ys4unZH2rtmJXbqnhKcQI7c4p7/q2BoaURHVxkjV8WuLWKT5tvAzf1EkN1aLEaLTEy1Ft847nPcqj50gt2/E7L8/y4VIkJrsyLh8pvG8LrRCDBz8wsROtCc5pC17yZTDV7JO2Pe9C7BcngSYA/VrukcrM=
Received: from DM5PR05CA0007.namprd05.prod.outlook.com (10.173.226.17) by BN3PR0501MB1300.namprd05.prod.outlook.com (10.160.183.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1199.6; Wed, 21 Jun 2017 19:32:03 +0000
Received: from DM3NAM05FT034.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e51::206) by DM5PR05CA0007.outlook.office365.com (2603:10b6:3:d4::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1199.6 via Frontend Transport; Wed, 21 Jun 2017 19:32:03 +0000
Authentication-Results: spf=softfail (sender IP is 66.129.239.15) smtp.mailfrom=juniper.net; NetBSD.org; dkim=none (message not signed) header.d=none;NetBSD.org; dmarc=fail action=none header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.15 as permitted sender)
Received: from P-EMFE01C-SAC.jnpr.net (66.129.239.15) by DM3NAM05FT034.mail.protection.outlook.com (10.152.98.146) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256) id 15.1.1157.20 via Frontend Transport; Wed, 21 Jun 2017 19:32:02 +0000
Received: from p-mailhub01.juniper.net (10.160.2.17) by P-EMFE01C-SAC.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Wed, 21 Jun 2017 12:32:02 -0700
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id v5LJW1Ff011097; Wed, 21 Jun 2017 12:32:01 -0700 (envelope-from mdb@juniper.net)
Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id D504011446; Wed, 21 Jun 2017 12:32:00 -0700 (PDT)
To: Ron Frederick <ronf@timeheart.net>
CC: Curdle WG <curdle@ietf.org>, SSH WG <ietf-ssh@NetBSD.org>, Eric Rescorla <ekr@rtfm.com>
Subject: Re: RFC 4253 possible errata
In-Reply-To: <50A8EE09-4FB3-4272-956E-E280F90E01A9@timeheart.net>
References: <80212.1498069205@eng-mail01.juniper.net> <50A8EE09-4FB3-4272-956E-E280F90E01A9@timeheart.net>
Comments: In-reply-to: Ron Frederick <ronf@timeheart.net> message dated "Wed, 21 Jun 2017 11:41:35 -0700."
From: "Mark D. Baushke" <mdb@juniper.net>
X-Phone: +1 408 745-2952 (Office)
X-Mailer: MH-E 8.6; nmh 1.2; GNU Emacs 24.3.1
X-Face: #8D_6URD2G%vC.hzU<dI&#Y9szHj$'mGtUq&d=rXy^L$-=G_-LmZ^5!Fszk:yXZp$k\nTF? 8Up0!v/%1Q[(d?ES0mQW8dRCXi18gK)luJu)loHk, }4{Vi`yX?p?crF5o:LL{6#eiO:(E:YMxLXULB k|'a*EjN.B&L+[J!PhJ*aX0n:5/
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Date: Wed, 21 Jun 2017 12:32:00 -0700
Message-ID: <91495.1498073520@eng-mail01.juniper.net>
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:66.129.239.15; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(39410400002)(39400400002)(39860400002)(39450400003)(39850400002)(2980300002)(199003)(377454003)(189002)(24454002)(9170700003)(117636001)(23676002)(106466001)(966005)(478600001)(356003)(4326008)(2810700001)(50466002)(6306002)(55016002)(54906002)(305945005)(53546010)(76506005)(110136004)(86362001)(53936002)(47776003)(6246003)(53416004)(189998001)(38730400002)(8746002)(8936002)(105596002)(2950100002)(7846003)(6916009)(7126002)(8676002)(76176999)(2906002)(50226002)(50986999)(6266002)(81166006)(6392003)(7116003)(7696004)(5660300001)(77096006)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0501MB1300; H:P-EMFE01C-SAC.jnpr.net; FPR:; SPF:SoftFail; MLV:sfv; A:1; MX:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; DM3NAM05FT034; 1:1ZFPPIAv+l7UKVhz1GJyOGPWPlbKMGyKOU+YoTe+Sr+y6ZqsYcW5CyLqjffW1luvYXNhXgR1SBzSROML9sC1VdHrhprF3dA/LyAOiA41FMy3nTsuHjI0L+ymLrz8iSe6Worg3UcZJUmMOAeR5J1wF9zcdVcN9f5mH4Jz73k3vwOIMQDmVlxuKlnoqAKhFHdqtKIvu2GTkJixNNZpOYCqi8Mg0mltBb29Vfv8o/6Mfw3FaylFbkdsYljR2spdru4puFPm/fsgKkKySoNaY4Za0q4zk+HxwB+fCwRStnOXY1Uhh8v3Z98aO7nYU1SbFsBpz1s1pfi61dhP+NbTi/67T9LVxSBdNEPrLa8p3/bxzJijW7rA4ouMlxT+LhyfWeBv0iMaw6D5EXnziB9RbAF1Q22u2TaQrGwf970iDgSjF4RRtuyU4DcCKVWaEFj6ZHRhyqLkVFRwbXsD6uGoebgytGs4782IybfKq5Oz39EpYXTHkOHSXbJrHZvTyaHUYxcLDrZk6GPYer6aIsu0pb8GI2c4kvK2g61BlDgvUZhLKZAs8D6H0agkG5/zujgwX0hgoxlmfQIZeVSipeQ7KX/qSwEVIFVoy59XWHFDQj0RZNFXL2dZT+kA04ZqTuc2dK6ILdb7ehhzB2VACoj/qFKifzcRFZze2X8tNPTiYTamRpz9/3Btm/PygAUJIWNNG/aeNLNZCuoR3spl88SFUpS+tMNdvUeHHVoa5m4YpMcIFH9kCRzqWZsEXqWUX2yGOBBJrAzOLTk6YTFDyojw12ueAHc7F5weklDcsC9T6f1spbSHaDJN5CDnphrmFlQWaw9F3nCMbYyCWEfYrll/1V0lTJ6KND+9GBLlvGkgdrL9JtgD2N/1lSTor5yOl0tOhNFj
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 9b0c3967-4a53-474f-daf3-08d4b8dc3196
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500055)(300135000095)(300000501055)(300135300095)(22001)(300000502055)(300135100095)(2017030254075)(300000503055)(300135400095)(201703131423075)(201703031133081)(201702281549075)(300000504055)(300135200095)(300000505055)(300135600095)(300000506048)(300135500095); SRVR:BN3PR0501MB1300;
X-Microsoft-Exchange-Diagnostics: 1; BN3PR0501MB1300; 3:Gpc0Bj4QEDCZLteUlM+ZNjlVnYIQNDDPE8Bmbw2SU8Z+lHLWzim8T8i15Eb+b40o3FpM5vV1VgbBVo2++sue7V7Qc0iWrbtqmg3DYPShlzwRWgVCJsFxyhCXSfHCKpejSAoAAvs1u8EI46v2b8o4XNAcdfutMnPsll4HkIQU8ycRqf44fJX0WZ36aV/oLVvDt3xdXralHoFVFi371/MokQjEZyoWesnk/Lrwx2+Nx+1HRy87iVjKovwbVJP2g8Kc+KV4OmLJRr88+KkKr29KAOXgh6tDYQErdtEeEnyalYfXWjhxu9JzqueqxYiRYOhgNZ9I/UD17GsGrfIPrkdYRe5IokvJgsKujv7EShNwLwKgcHQKRiftr6OSK9UXmJ8XydL5ojDt/XpYAgRwxLSeleO8hyp7XGjUwffYAbTQrU2Rwnw0rJUgRZbbUEXfO6Xp0+rg9V7ciplaPUEIl3xH0QN2nS673Sz3YNweurAYbN/+Q5L4qzr33+m+uI2URKzduhVlFlGCrxVK3RBD0wELQ2p/41XdwmtITwNDzcvesPOl6HsjlnZml/85WUu3orgS7jDkrSo2iavRAcKlm8mloTGrw+ZM7OCatft5uub03IwdhwBWuGUBoI7pae0JNI2pKgrV4xb/hwT/rM4Ysx6sRK6IcmMGe7y72zOlJBBkUEBanbp7RSDJR+yxjfY7i7Oy7Cc11m31haehUClpgcKFCPYlJ6qXhNs6JLRsiD6aIJsqt72S9Y+U9NnhBmCH0FWM9ysefgCiAfo5qcXLKhJXc1ZWOMXrtU1zS69W5NfOCjOeL8WpcoO8O2eXI+VzKWVTob9AHz6Dv67QFORE2wxgAQ6qFPc14KZOb8+c5xBmq3fPX/YAfXTp9S70PTUPGkWGT8dadFAl4uL8jMNSkqIewA==
X-MS-TrafficTypeDiagnostic: BN3PR0501MB1300:
X-Microsoft-Exchange-Diagnostics: 1; BN3PR0501MB1300; 25:c+CzhXRP7brWF4ODQNKfF1UiYIH1OpkCDW6oRlKBUYmEXaH+OPSiykxFIB7g/CkYNPsGjo//78VO3uA1U+SwvQtlNn/7mUBOzlfacyXprG0+CgWWZtLKfIffPLgvzy3vaIAuAqq1M+06lBINsFoW4fKT/K6Wt2+SplT2GD7sd5LJ9n7+XxU8DmqXMYF3UuMz9FPqYXgWlXWYokOBZmcIMLufOw8sbTptXTFRN8Ja1ty9zl2dGrANOELSzkgN4+HIQRQSnAFmQyfJ6Eaade2PGSGTR5jty796OAtVA0xcOIBAtA2FHDUYOIgC5EGdxbJu5c7TnPzytO++VkVk7TPMP0Qchr65EclxbS2c7nVjRgaQG60AcePH8mDH3Cu1f3Uh3OAC4KFeNbHhL+4Onw7cXShmUP/oHNGEN6DFqU4cwZOJcOjUt6CzR4K2sOf0VUJlmY0jYv40naMy2aFY++PkSxdJSYHs9l898EyXlNiNSCD8aFfxveTSfqXBIWryUNXwSDqtVrjZdFId5pAlB8aIYioH60arYPrO6TmkznPz924Ii1uceI2dLAVh3evVm/Tn5R1KEme5Wf+SapuBNJ50mO2M6cxoEMRQK56aEfUEjDmfzK5MpdZFvfi8Ar3EnOlnUxTxISpuNo0CxXljEsDq50G6rpTpznVQHqIx5vki1gfgY2ADfr9nwgVCN8/eHtBuJuLqrzMWkVAI+U/1surbVWdfEiYzVlFoPXa3ZGCECI4ZEmeoHt/ctvMhYlHUNW4AGVw2CGADxUkmbN1VeGyAxJP9t5C14YStabrFoNLEPwBUPh3nNJHbGOJzB3NIEVqp27A5FH1VhgAL0u+Vhi7R1gcF84Y/hTRtTQipt0QH2bchSOZl2M5Smm797jgpwNqxdMj2ch5ak1XsLgO0RcUjyVAkmsi2c/x75C0sy7FbTiI=
X-Microsoft-Exchange-Diagnostics: 1; BN3PR0501MB1300; 31:8qx04RMPyGGWePGpINRAmI16ps12pPvnedSzu6RFmt4oNAKSIZdN+RCXUXbTIGVzq+NekgBur+YUbYi5Zum1GYxTyIXCxapVc7CnP4yg0nXw85LVsGxNNX95zj03xUK6HfyAIBErFLNGE2WUgZ4cnv/rBJ0oP4eGY11kRTcSla7OKPpsOmbrGnQcU34R1N2fEU65gRPielU1TSqcymLDA0p5EFdEE7jJI/i0SomYGfy7rfKVzoNp1uEUC5PM1V48yIOLNMnfYXg0XX/gu1A1AY9NmB8U4TmW4uwwqixitDO5NYbbgLaxBUQWM1fm9hB771w/sNGf+BfpGLGcWvjpJURrDYARQS1SNdBQJv64XESQ+L8nICSadevhlwfbTBcIfA8HDl4EMqHY98xJKIalJbLnqK2yI9w3aIF7N7l6h3pR8u2evmRPy5/rkXpFcvvXflozQpdRCRapfsIlylXlb9S9pVaK8S8s4DnlwjqkmF03Ar6R0YMnsqCSGcDn67ZR7V/qxj4Eqjp4YtPv909/2m+ouLs1AgevIeZyJVHLSwLxCvIjQzcAIp+S4bYfRgSWFeUHZ5YsJhD85w1DCgHz8a6bqI4Fw3n6BwiwyVrFtcI8AYT1mLVsGvjDviHdaVAtQb5IoEWH+QF7RadUDCqKPEgqKdU3WzGL3Iaj/WjtuaiIxXilVAxoMOiIsOR4kNSCG9jYnM6Aex2vWPT+hpMSlQ==
X-Microsoft-Exchange-Diagnostics: 1; BN3PR0501MB1300; 20:MFu/TjbsJjjeZNV4dEGHl6ByicQRGyJDAdV55l9FbmrzH12dQNMYvC8lQ+mDYsvv6aIR8EOQEHPtHzKZwKoHVt/ipk4mWKUx2RrAP0jqM/JXfediuxyq3D2aTVXRKgDetA0QhKr5+a4StWbvcVMSqq610Ts+wFKu6V/cIr0KbC2coP11UQ3empHAfWK15h4aVKgPw6SHtT/R8olIhivFMFgJ1yVHof5TT4ohVQoDtrMdgLSyXppdJ7h/yxLy8CD+MtDHVNUzeQgsLVFokh6yaFB+y9Q5cjAJAPuZh4o0sfyfwwG8m4wxZFD4nhgtrI2/9NDGpRmuZ9EZRrnYIIZRZUrAHtxWhhD9s28wb5tNoD37aW33nj/wqBsTRUabGO1U11PwQLHPZ52y3/wLo2jwnB5XzSBKvyazIf9rt1cjvecpql4JWx2ZUPHLFFHMVoz5uz0z5oaw4lqRn6JrhbMZjiyeweQsDa+K/VTmxQwTzTZc00yMmbMYZVEE7ePB7Jgz
X-Microsoft-Antispam-PRVS: <BN3PR0501MB1300E4F745933AF84F0734E3BFDA0@BN3PR0501MB1300.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(158342451672863)(138986009662008)(100405760836317);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(13016025)(5005006)(13018025)(3002001)(93006095)(93001095)(10201501046)(100000703101)(100105400095)(6055026)(6041248)(20161123564025)(20161123560025)(20161123562025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:BN3PR0501MB1300; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BN3PR0501MB1300;
X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTjNQUjA1MDFNQjEzMDA7NDpSbzUwUkJhN2luamI4aUhiZEtmRTgrZGEr?= =?utf-8?B?TXhyakNweTQvbkFPRDNpdEF0RStTVzRzdU8rZW9LdERtVW9rdlk2NGtEZFhK?= =?utf-8?B?ZVZLbHJnbFV2L2h6blo0SXpGMFFKeWU1MENHKzdHTlJBTXU2VG1yZ2dQM05H?= =?utf-8?B?QUZiNjJGUzhmdVJyaTlpZmplY2ZwcHZCWFEzZURrdmZQMWhpck5pdXhNQUNn?= =?utf-8?B?R0M1UnM3eWhpZG1OYUQzUTRkcjcyb0RJamJKeWxTVkJVdzZKeHJHdDZmbEVy?= =?utf-8?B?MkU3L2MzWEhSdjYwcUhzWmdEdGtNTHBVaWVSallCQ3dIeWJRc2RvNFFORmFO?= =?utf-8?B?RzdXLzZtZFFQdjFHeDlxWDRLUGc3aE9VNzE2Rk50T2xidGFMVytreFJYMjBl?= =?utf-8?B?R1hwYi8zMjdqdjNoc3hqWlJHZUVuMTEzUnYyQmRwLzFHblI0YzZ6OFRwcUlJ?= =?utf-8?B?dktRb2htaGhBN1NMUHJEWmY0elRDYk0yK1VWZ1U3dVBEQVV0RmVHelZ0UWdh?= =?utf-8?B?NWNHWTF4ckl0enpieHhEalBVUVNEVy9PbFlZeFVzMnVKdlJmMVZnV3lvYlAw?= =?utf-8?B?MWNNVUgrMERJYkNmWFpFcUVnOEV3SWpVZldUdDVjb2xUZGxmV3A3alFjZVBw?= =?utf-8?B?QkJxSHluTkR4UjZpdU1BREFUUXFEcldmSzVhVVgya3lHM1o3anhReUFLbXk0?= =?utf-8?B?V2lDeXhqb3BrYVBqbE5sQ28rbmdBd0grb2ZpTGRhbDY5VkRwcU5hekJYUEtP?= =?utf-8?B?N1h4bkpLZ0gvWmxkTm01b2N3YVRXZGFWUG5VazU1dWVmbTBDbWtzVzdNRTRt?= =?utf-8?B?VTFjcGdFYjNoRDA3dEtqS2YwWkZXSkdueUxXTVUrOWVFNWZraGRJR2t0MjNr?= =?utf-8?B?S3N2RSttVHg4UzVQSjN3YU9GdmpVWG1nRnFzTldGRnR1WE82TmF2MlNpNGtF?= =?utf-8?B?Z2Z6YnlONUxzQnRaL1luU3FhUjQxM0p3NWgyZ0U4NXpMR0RSdHliUjFtUy93?= =?utf-8?B?THdBVHJpOWlDM3lXTS9tWmlQaGJvSzFTM1I0OHZJUDZEaFNGK1hPL0JCQXdK?= =?utf-8?B?eHhMd2tjczBZWW5Sc0lXWXZoN1pTbzQrYitsUWhvN0V6Q3czL2piOVpvVTRD?= =?utf-8?B?VkRnYkpnaGZGYSsxbUR5eDJGN2tobEIyL0hGM3pCc1NzQ2RzQmcxdVVhaElX?= =?utf-8?B?RzhmbFl1TUxESEVIRnQ3MFAxK0RZbXZtT1hJcDdDTlQvNzNiQ0REWXR0U3dS?= =?utf-8?B?eVhjb1RaUU5xV2lxNVVOSVV3RXo2K21yY0ozNjV0UW1UcG5kODRsczBYMm5a?= =?utf-8?B?OG9vUFpDSGFPcjlrWmF5SkRkMk9ocUFpMUdrMkVlaWNTcFdRdm10b25KSlB2?= =?utf-8?B?bHEyeWEvVU00c0Z5b0xZL1JwQjFXOTdRV21qeFZDcFNWUG0vVUpaYWR4U3Rm?= =?utf-8?B?SnhsNE11b3RvQzlHemJGamVIYXdHTFBTb1lTZTNPeU01RU9UUEhwOVpWV2x4?= =?utf-8?B?ZEx4eGtuSHA2N2VETHZydTlQREI2ajJGKzRRSE5rRUl6ZWp0UmdpZ2ZwS055?= =?utf-8?B?NERja2RoUEwxbXozMnljZEtzNXFvWUU2QXh4V2ZUanAzbnFnczNaQkpieXYv?= =?utf-8?B?aE9GRitnRFB4ZzI0Zm5QUGZJblR6Z1QrV1gzQUJwQmRHWkM4akxjaGZ0cndT?= =?utf-8?B?cW1sWkR1eEJUZ1RubmJBQ0JyUzNReWI0NXZlNFpGUThlc0tyNk9hREJ0Rjg4?= =?utf-8?Q?jakSO/hWVCgFUL5eHl5TlD2X+Nj5+wSAhgAFhU=3D?=
X-Forefront-PRVS: 0345CFD558
X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTjNQUjA1MDFNQjEzMDA7MjM6QVVWWU9RdERjWkNvcVJJYWhOWmZnYUl6?= =?utf-8?B?d0ZGSkRBUTV6V0kzTkt4UW9VeVJwNGRxSitQY1IrOVRQa0kzL2x1T0NZaXV1?= =?utf-8?B?VGdiQ3VUUGRMVXhjZkVkcVdQKzZ1cEthOE5KS1FRU2Q2bFJxakt2cmQyVzRw?= =?utf-8?B?N0l4bEpnaUl1UjNNbTBZbnZhdmlubVFlVWUvdEg5N0taM21SNFJ5ZVJxRUda?= =?utf-8?B?Qk5jUUlpeU5wR3VSVzM1eGsrL3FaV0grbDRWWWdrK1k3TXl0eElhdk1VVEIx?= =?utf-8?B?ZE5Jbmg5ZWJ3U3RucVZDR284K3dYWWg0eHRUR0xGWEdqM1QyeDJvYjRFNys3?= =?utf-8?B?ZTZuV1dRUEJlVTVZdDEwcXc1TnB2eG5HMDFZSHkybnZjeXJIT3lEdC9pSVJp?= =?utf-8?B?by85TmNiZWdGakxCVVJxblY1a1EyTUdLbG9wWWg3c2hZbW5kRkNrQk5tREtN?= =?utf-8?B?cTRTZml6SXFtT2NWbWNPV2VJeWZCT1NrdlFENDNZSCtvSk80eTExbVpyZWM1?= =?utf-8?B?NTkvYmQ4SU1vSVh1Zy8vOHAvZmNkckZSL0xxcVl2VVo5cEJqWk95dGllUmFx?= =?utf-8?B?REdMYVFFQkRDQ2F2cXM0WE9IOTZhTW1pY25SbGhPTEVPRU9pU3ByV0JDZ09X?= =?utf-8?B?YVpDOTEwcnoxT3VYemRWOUNHYXIwcldDVzdSdm5udzAxdExscFRWT3RlajBn?= =?utf-8?B?TzZRWTg2emlqd1BNTHRFUjB0YVpFMVhkMXd2K29POU1HMjc4QkFaMDZOUFNl?= =?utf-8?B?VmFCekVnU3djaTErZ0pmRCtIaEpkNDdETDZSSnRNZFhMUkpMRnZqSjJLR2dO?= =?utf-8?B?bUladkFLdFZDTUoyQUs3aldnWElvWER0OUsxdk9mYVhwTjBjeXNvaENNbHcz?= =?utf-8?B?eEhVaFpiTW9GSC9xY2VWSVRFWTBzcmJ2eW5CZHRoNkFVK1czQW01eGF2TmN0?= =?utf-8?B?QkRlWmdUQ3htMzZqUFJkWEt4UTJlZUFsdFJNdThEYUZ0NElyeGJ1cElwYWg0?= =?utf-8?B?SlZoNEtFUnQ0Q1lWK0g2dllnRG52bDJzS0dhUUltVlZ5RVgrNER6V2hrKzhm?= =?utf-8?B?WTArdHdPL2NVM3NWaFAvbENOREJCWEVaLzRXWEsyTm8rTHh6eGkwN1o2Mldt?= =?utf-8?B?bWZPYkZkR2xjdS9NVi9EbTlYS0c4OWprTFJ0QThiK2tVZTBSQ0F6Uy9kQWl3?= =?utf-8?B?SHRsbW9ucDVlaTMzeTA2alVQalM0Sy8rZUQ1cStVU1FXNXBUV0ZHWXZpbFBJ?= =?utf-8?B?VFRlazByS2I3S0lCUE9sS2hPWmFKRmpkYXA0VHNNeSszQXdZcmdOdkNZdUxx?= =?utf-8?B?K3VkaEdnQXV1VWh2Z3pYdlRSYmxHdVhyVG51UnNyZ2FBcTYxemlGTkI4c1RP?= =?utf-8?B?ckVrR212OWxvTmNJU2hQWTJlT0lTUUZGS0g5SzBlaWQ0M0RhTmdDNjB0ZExZ?= =?utf-8?B?blcwZitWRkFWQkdpbHcvUlF1MVV5Ni9rYkp3ZXZTUEUwbWRwdS9LbmpXVUt6?= =?utf-8?B?Nms3d09TWlIvNk1GK0kxS3l0VkZiRG1TTmVHdlNJaXhBN3lmSUR1MVk2Z3FE?= =?utf-8?B?azVXemFyWCtzNUJGT2pQTy81a0JJaWVpbEs0akhIUjNzL0FXWE5JR28vcllz?= =?utf-8?B?L3h1RTJnUXBKcUNSejg3QzB1MVJRODM4K1kxY29YOVJCTUl6OTg5Q0JwNE9U?= =?utf-8?B?a0s1dmRCdy84ZTRudXBTM1VYQnhDTEhBWk9UdTEySFdHUDlTRVAvclpVM2ZM?= =?utf-8?Q?kOZ6HqUZkufIj2lnC0xde6avCp7fITOYPDRkjtQ=3D?=
X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTjNQUjA1MDFNQjEzMDA7NjpMK2JvMmJWN3NNcGZVbytsWGZabFljV1l4?= =?utf-8?B?a2hiTExHR053UTd1bGxDU3lhK09keE94Q1Fka2ZONndzcFM0am5SZHg1SVlh?= =?utf-8?B?QU52RUhPY1hpZHN0MTJkQzFEVklkNHErVDBKVTZsb2VyejIwd2luSXdzcjlu?= =?utf-8?B?V2FyUGJyY0N5WXJxV1d5WjhUSWhJRnRtU1B6dFQ2eVFOYWZPVXorSUx4Q050?= =?utf-8?B?emhvRDRGRUMzZmFtYVZDOWRqZVF6blNUNEpmMzRhTUI2ZHJOK1RraEVtb3p5?= =?utf-8?B?UzhhZEFreUR6czJuYlpvYkdtSGhST2Z5RkJKczR4OEpidC9LYnk1TlJvSDln?= =?utf-8?B?K0JiQlFpeG1PVzZlNFZPcHNrbmx3elJFaFVoZHF1SG8wMHNLWGFGNlhZR2hT?= =?utf-8?B?Q00zaVdYNEIwL3ZldndnQjZPVDJFY1BJQVBzbXg4ZnBzblVoZUVldUR5SjJY?= =?utf-8?B?SDVvRXRjZ2o4WlBrVmV3bGhhQWZtSjVvUHJZdThNV2x3cFpKQ2JNd2hoYVRl?= =?utf-8?B?OFZYQTFlazhYVEZQQUZKdjZsL01NN21pVWhmaHFMZm1JMHBCTlJZM2hSa1Rk?= =?utf-8?B?L2pSODQ4UHJrNmE0dStqWGIxOEpkYUZ3bzErNmFYVGxFOEJlZDhzRFVselRj?= =?utf-8?B?VXJDRnU0WUN4eU1jeXh0WW0zQU1ZeWtOZSs5ZmE3V1N6NDhRTjVjMlJsME95?= =?utf-8?B?a0F1MVJHU0JVSXQ3Y2FPMm1ENUl5akhIenF5V2VVbnkyRGtJTE82ZkVWLzNq?= =?utf-8?B?b3N3c2JjODlxbDJqZmVDcHFjUFd3Y3VkOCtHREdOVGF5SituVFpSbHlCMnky?= =?utf-8?B?N3RVRk82NDdoN3FET3AzOEJ5eHRrZWYyQkRJRDhtaEhoRlV5eEdWa1FaS3kx?= =?utf-8?B?UFNpK3J3M1JnOWNXT1gzOXB0b1lxZE5iMk1hSStXWFZNSmcxRXMwbGpzWGxX?= =?utf-8?B?d2JwcGZ4c0k4NmZ3aEdMMjJ5by9oNGFNT2RUYjhlajNHME9wZG52dnhrQ0R4?= =?utf-8?B?T1U2VDR5Zmt3SUE1UkREcjdGdU82bmNUQXpzQXJlWWlhcFFkN1lENjFUaWgx?= =?utf-8?B?TUFuVnAySjhkenJXa2dmcUgyZGhLN0xaM2dPSlphQldKd3gvczlPRHM5ekdR?= =?utf-8?B?Qnhya0VjelRCM0ZmUHVYQzFQL3FrMnA3bldpbjRNZWk1c01HUmR4QWpwazJZ?= =?utf-8?B?akIvbWhoemQvbUVMT2ZySUFVQVNrTHpaQWZwcjhrN0R1dzlnV0FZL2JlKzc5?= =?utf-8?B?MjdncGdCK1gxdlVKV0FGWXU5eklLd1AyeDU4eFR3TXNKYndjS21jeHBJemlL?= =?utf-8?B?OTFsaXl3NnhtZklIRXdFZ0tPdk1qTGNGN0Y4cVRjMGN1YlFqS0hqRFU2bUNX?= =?utf-8?Q?6mq3G7aUh?=
X-Microsoft-Exchange-Diagnostics: 1; BN3PR0501MB1300; 5:9gPWqkdHq1UaiWFu2/aEFNhRBy1vG38v5CDCEWrbD/n/SdbsbdiwaEMoWM/av2Si9dd1woNmFoqLIdV4DrWRg6F9oHDeKZBf1cAe5YwKLvBf9e4UsBG1cx3liHx/EALtNgpEqqebz1klBS3B6uVkER2Tam1HdOGB09yFGBdPxjiNR4PKD/Q3ZQ+0sW6uT4UTzN+tXfeS7DpSsNeL5cyMOo6TM2zgfSDbjeaWE5zKiHOyNT5ep7qp9P4WQs0K470VtQJIAVq1gRDTvzJC6SlEf0I1nskhwoqrIef+ATjB42zL1Mq3vrCzED64lScabY99RwSbzZkgnRXQmecWaCp606RBqwejPePJjBFq6xAbxVnxO/lFe2SXRlqob6AJqLHnh3hTTWjM4jJl0Mt1s1ChzNUW3MH8QvH5a09+suSC+U0M1ssJyP7K42CnG7m7UuzlZd3QUJ4Qg2qq4ThtfrPwiKW+pczXE9PdvcR590ps7r5BB3ARIzGixdItioTq93uB; 24:RcFpSSxwtt4fPBWqiZm0/dPoS7BowekpJJedDrnQiC1yxCjvCpLoiWvCrl0p+6rqDPq3WvBl93vs6OrRy95qd5dAQBh+6rWQRvqVhd1fne4=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; BN3PR0501MB1300; 7:I5IHq+JUyqTe3K6A9RlbI7PKMrlwbvL+ZxMKVAEZNdK9Ji5o9gVY17IxbB0oDYW+DxtKlaRst4Em96JMCVF8Qd1GhWpaCabcD2JFvJwpvDYjR99YrQIpga4i5ftUSI/8SwDoM3Un3Pr7OTywYarV/4/yYlcUORQU0A8renRVUzPAn9/1tEhOaY+MXQ2SetNwUhRhr5XLpUgSVifwRD+0b8ZTj8aKiEnm8MO7JxzzEYiSLilWaQKnpXzgbnt9PpxjtdccakJmHMkSYEH/KRi9BBiV+pZQ62eGwm3Udx4EMQLFW6weuFlJEw9Zi79GQ/asIMAzyrH3nhvIZWyAFFkYb2TTlC2FwxMpNV3EgzAFmsg8O1Ziex9gWQZvo4OYauhsnWsDPpTvnCVXfzNlSNY+JaWruQn8sMkJrxsIU+DoQbcfERllwJs8M07SffHALAQFij/lVpYXwDOR3E3WquE6oFXM1dm47jE620HTwpl6GSzSAq44UdOVmyHqxMrHYfAG56sG6UG5ikB1LmAPList02eoQyrm1J0BTRvh3RmwmGdaZyIwu5zoHxr0Jc7PbN0i3XD84d8qSHfUkLsfw5/z/SRw3VUdi9xGYisv0mePw174melE98H3dOxLcKg+qZ5fxOLddM2WD1ba87YMMIcfXWaptyUjtGZ2gqNqmd3YS+9295iG196Kh5TTk30SH+9TlqQVt6TorCwNBh/UWX34OAaWVjc2hXo27rS3EWY3K4X0dSeX4jSgNCFdulfDMVSS+buHZdTTsuGh2I6eND6/OZkPE65dG/Zp5N6GE+0Z8QU=
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2017 19:32:02.6618 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.15]; Helo=[P-EMFE01C-SAC.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0501MB1300
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20ietf-ssh&body=unsubscribe%20ietf-ssh>

Hi Ron,

Ron Frederick <ronf@timeheart.net> writes:

> Hi Mark,
> 
> On Jun 21, 2017, at 11:20 AM, Mark D. Baushke <mdb@juniper.net> wrote:
> > While working with the IETF AD Eric Rescorla <ekr@rtfm.com> doing the AD
> > review of draft-ietf-curdle-ssh-modp-dh-sha2, the topic came up of
> > validation of the Diffie-Hellman public key on both client and server
> > (peers).
> > 
> > The RFC 4253 Section 8 writes:
> > 
> > |8.  Diffie-Hellman Key Exchange
> > |
> > |   The Diffie-Hellman (DH) key exchange provides a shared secret that
> > |   cannot be determined by either party alone.  The key exchange is
> > |   combined with a signature with the host key to provide host
> > |   authentication.  This key exchange method provides explicit server
> > |   authentication as defined in Section 7.
> > |
> > |   The following steps are used to exchange a key.  In this, C is the
> > |   client; S is the server; p is a large safe prime; g is a generator
> > |   for a subgroup of GF(p); q is the order of the subgroup; V_S is S's
> > |   identification string; V_C is C's identification string; K_S is S's
> > |   public host key; I_C is C's SSH_MSG_KEXINIT message and I_S is S's
> > |   SSH_MSG_KEXINIT message that have been exchanged before this part
> > |   begins.
> > |
> > |   1. C generates a random number x (1 < x < q) and computes
> > |      e = g^x mod p.  C sends e to S.
> > |
> > ...elided...
> > 
> > |   Values of 'e' or 'f' that are not in the range [1, p-1] MUST NOT be
> > |   sent or accepted by either side.  If this condition is violated, the
> > |   key exchange fails.
> > 
> > ...elided...
> > 
> > The z in range [1, p-1] notation, specifies a closed interval which
> > includes the end points which is equivant to 1 <= z <= p-1. The (1, p-1)
> > notation specifies an open interval which excludes the endpoints 1 < z <
> > p-2.
> 
> [Ron] I don’t understand the “p-2” here. Is that a typo? 

Yes, I guess I should be careful when I touch-type numerals. It is
intended to be p-1 in both cases.

> Also, if you want to convert from the closed range [1, p-1], shouldn’t
> that to be to an open range of (0, p), which would correspond to “0 <
> z < p”?

Yes.

That is the error. I believe it should either have been written as [2,
p-2] or (1, p-1).

If we look at other sources such as NIST SP 800-56A revision 2, page 36
section 5.6.2.3.1 we see the verification is [2, p-2] which is also used
in RFC 7919.

> > Eric noted that https://tools.ietf.org/rfcmarkup?rfc=7919#section-5.1
> > uses open endpoints.
> > 
> > Eric suggested that my draft should include text that is similar to the
> > ext in the RFC 7919 to correct this errata.
> 
> [Ron] I see RFC 7919 refers to a closed range [2, p-2]. This would be
> a change from what is allowed by RFC 4253 today.

Yes.

> > Before I make such a change, I wish understand if what folks have been
> > using for the test in their implementations and get a consensus on such
> > a change.
> 
> [Ron] In asyncssh, the test I’m doing on e & f is “1 <= e < p” and “1
> <= f < p", which is essentially the half-open range of [1, p) that is
> equivalent to the closed range [1, p-1] listed in RFC 4253.

Okay.

This implies that there would need to be an implementation change if we
agree that RFC 4253 use of a closed range is an errata because an open
range was intended. Or, we could agree that narrowing the range is in
the best interests of the DH key exchange.

	-- Mark