Re: deaft-gree-sedsh-ecc-08: small correction
Douglas Stebila <douglas@stebila.ca> Fri, 13 August 2010 06:02 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@core3.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0B0D13A68DD for <ietfarch-secsh-tyoxbijeg7-archive@core3.amsl.com>; Thu, 12 Aug 2010 23:02:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.854
X-Spam-Level:
X-Spam-Status: No, score=-5.854 tagged_above=-999 required=5 tests=[AWL=-0.744, BAYES_05=-1.11, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QJBDRF0W4Di8 for <ietfarch-secsh-tyoxbijeg7-archive@core3.amsl.com>; Thu, 12 Aug 2010 23:02:32 -0700 (PDT)
Received: from mollari.NetBSD.org (mollari.NetBSD.org [IPv6:2001:4f8:3:7:230:48ff:fed3:af12]) by core3.amsl.com (Postfix) with ESMTP id BCA563A6892 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Thu, 12 Aug 2010 23:02:28 -0700 (PDT)
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mail.NetBSD.org", Issuer "Postmaster NetBSD.org" (verified OK)) by mollari.NetBSD.org (Postfix) with ESMTPS id EE8B2709CD for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Fri, 13 Aug 2010 06:03:04 +0000 (UTC)
Received: by mail.netbsd.org (Postfix, from userid 0) id 0B6E663B101; Fri, 13 Aug 2010 06:02:51 +0000 (UTC)
Delivered-To: ietf-ssh@NetBSD.org
Received: from shannon.crazycode.ca (shannon.crazycode.ca [173.203.208.70]) by mail.netbsd.org (Postfix) with ESMTP id DCFC363B100 for <ietf-ssh@NetBSD.org>; Fri, 13 Aug 2010 06:02:49 +0000 (UTC)
Received: from [131.181.101.138] (unknown [131.181.101.138]) (Authenticated sender: dstebila@crazycode.ca) by shannon.crazycode.ca (Postfix) with ESMTPSA id 8822298112; Fri, 13 Aug 2010 02:04:36 -0400 (EDT)
Subject: Re: deaft-gree-sedsh-ecc-08: small correction
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: text/plain; charset="us-ascii"
From: Douglas Stebila <douglas@stebila.ca>
In-Reply-To: <alpine.BSO.2.00.1008131523540.29473@fuyu.mindrot.org>
Date: Fri, 13 Aug 2010 16:02:45 +1000
Cc: "Igoe, Kevin M." <kmigoe@nsa.gov>, ietf-ssh@NetBSD.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <73C6C33D-9831-4195-A3D0-9735DFA52F75@stebila.ca>
References: <80F9AC969A517A4DA0DE3E7CF74CC1BB034955@MSIS-GH1-UEA06.corp.nsa.gov> <alpine.BSO.2.00.1008131523540.29473@fuyu.mindrot.org>
To: Damien Miller <djm@mindrot.org>
X-Mailer: Apple Mail (2.1081)
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
Damien, I'm confused about this email I just received from you. The draft you're referring to, draft-green-secsh-ecc-08, became RFC 5656 back in December 2009. At this point, the only ways to make changes are either through errata or through a new document that updates/obsoletes the existing document. To respond to your individual points: On 2010-Aug-13, at 3:29 PM, Damien Miller wrote: > Why not drop ECMQV from the draft entirely? AFAIK it is patented, > which is enough to stop us (OpenSSH) from implementing it. I think > new KEX methods need a very good justification, since they represent > a significant part of the pre-auth attack surface. ECMQV is an optional element of RFC 5656. We received expressions of interest for including this from some parties, and were aware of concerns like the one you raised, and as such went for making it an optional element. > Also on the -08 draft, shouldn't the client and server in ECDH reject > public keys from the peer that are points at infinity? Are there > other degenerate values to worry about? RFC 5656 requires that all elliptic curve public keys be validated after being received, and cites the validation algorithm from Section 3.2.2 from SEC1, which for example includes rejecting the point at infinity. Douglas
- deaft-gree-sedsh-ecc-08: small correction Igoe, Kevin M.
- Re: deaft-gree-sedsh-ecc-08: small correction Douglas Stebila
- Re: deaft-gree-sedsh-ecc-08: small correction Damien Miller
- Re: deaft-gree-sedsh-ecc-08: small correction Damien Miller
- RE: deaft-gree-sedsh-ecc-08: small correction Igoe, Kevin M.
- RE: deaft-gree-sedsh-ecc-08: small correction Igoe, Kevin M.
- RE: deaft-gree-sedsh-ecc-08: small correction Igoe, Kevin M.
- RE: deaft-gree-sedsh-ecc-08: small correction Peter Gutmann
- RE: deaft-gree-sedsh-ecc-08: small correction Damien Miller
- RE: deaft-gree-sedsh-ecc-08: small correction Damien Miller
- RE: deaft-gree-sedsh-ecc-08: small correction Peter Gutmann
- Re: deaft-gree-sedsh-ecc-08: small correction Damien Miller
- Re: deaft-gree-sedsh-ecc-08: small correction Peter Gutmann
- Re: deaft-gree-sedsh-ecc-08: small correction Jeffrey Hutzelman
- Re: deaft-gree-sedsh-ecc-08: small correction Nicolas Williams
- Re: deaft-gree-sedsh-ecc-08: small correction Peter Gutmann