RE: SSH v3?
Peter Gutmann <pgut001@cs.auckland.ac.nz> Sat, 05 December 2015 23:37 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62B0F1AC3D3 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sat, 5 Dec 2015 15:37:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.61
X-Spam-Level:
X-Spam-Status: No, score=-1.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MIME_8BIT_HEADER=0.3, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pJFQT2jW56Vq for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sat, 5 Dec 2015 15:37:24 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7B8B1AC3CD for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Sat, 5 Dec 2015 15:37:24 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id E79B885F05; Sat, 5 Dec 2015 23:37:23 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id A717985EFC for <ietf-ssh@netbsd.org>; Sat, 5 Dec 2015 23:37:21 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id RJpBygd0FRGn for <ietf-ssh@netbsd.org>; Sat, 5 Dec 2015 23:37:21 +0000 (UTC)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id AB0A685E57 for <ietf-ssh@netbsd.org>; Sat, 5 Dec 2015 23:37:19 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1449358641; x=1480894641; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=WTY/RBuItMVVnxtxN2vqssR0wUJfiFex6Vj7U0qbEQc=; b=weMcs/QG/ieKKcMJqmQYSN0bJyRVrX0SOmy29WhtthbFOX4RMZwQZosX CuptkkfvQ/8V9h9tk5UtP/elS9qHNVMiHvg5f/7kuMgnm2SqfQQQFQ5ga Yg3Ib+638s5tpDdBRKwvH6/FJ8YykSnvZ9PW0pOG3x+v4nB2GoEsbqvgt 2qB9D/SSpkR2bgZDN2IC7yvdzkQLIPvkmlc4Bwb63psZYDkyq7ePbJ6Ss SXufGvFw113bEHl8Ao6iNCWcn739wjBcXStVRpiE6VGFazPdv/cH2M7H3 9ajrr2X3ronqSgf19csF2Mq0s6WPp+XRr3IROFK+/kFGcsZz0ylxY5fP/ g==;
X-IronPort-AV: E=Sophos;i="5.20,387,1444647600"; d="scan'208";a="57771195"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.106 - Outgoing - Outgoing
Received: from exchangemx.uoa.auckland.ac.nz (HELO uxchange10-fe2.UoA.auckland.ac.nz) ([130.216.4.106]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 06 Dec 2015 12:37:18 +1300
Received: from UXCN10-5.UoA.auckland.ac.nz ([169.254.5.153]) by uxchange10-fe2.UoA.auckland.ac.nz ([130.216.4.106]) with mapi id 14.03.0266.001; Sun, 6 Dec 2015 12:37:18 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: denis bider <ietf-ssh3@denisbider.com>, Niels Möller <nisse@lysator.liu.se>, Damien Miller <djm@mindrot.org>, Simon Tatham <anakin@pobox.com>, Simon Josefsson <simon@josefsson.org>, "ietf-ssh@netbsd.org" <ietf-ssh@netbsd.org>
Subject: RE: SSH v3?
Thread-Topic: SSH v3?
Thread-Index: AQHRLIbka1dVWM0hO02hXU7458W5dZ69EmeR
Date: Sat, 05 Dec 2015 23:37:17 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4B9B36D@uxcn10-5.UoA.auckland.ac.nz>
References: <1537810400-3144@skroderider.denisbider.com>
In-Reply-To: <1537810400-3144@skroderider.denisbider.com>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
denis bider <ietf-ssh3@denisbider.com> writes: >TCP is neither reliable, nor secure. Its weaknesses break SSH sessions beyond >recovery. It's the single biggest weakness of SSH in practice. TCP is good enough for most purposes. SSH's initial purpose was to replace telnet and FTP, which a TCP-based mechanism does admirably. It's only when SSH2 tried to also be a VPN that problems arose. So for people using it for its initial purpose, it's just fine. Another problem with switching to UDP is that you now have to emulate TCP's reliable transport using UDP. Your SSH implementation needs to reinvent a lot of TCP just to work, which is a lot of pain and complexity to deal with. Not to mention that every single new implementation gets to make all the mistakes that have been bred out of TCP stacks over the last 20-30 years all over again. (I don't really have anything against an option to do SSH over UDP if people want to, which means you've now got SSH trying to compete with both IPsec and DTLS, but I don't want to see it made mandatory. Approximately, oh, 100.0% of my users use SSH as a secure telnet and FTP, not a VPN). Peter.
- Re: SSH v3? Niels Möller
- Re: SSH v3? Niels Möller
- Re: SSH v3? Bryan A Ford
- SSH v3? denis bider
- Re: SSH v3? denis bider
- Re: SSH v3? Bryan Ford
- Re: SSH v3? denis bider
- Re: SSH v3? denis bider
- Re: SSH v3? denis bider
- RE: SSH v3? Peter Gutmann
- RE: SSH v3? Peter Gutmann
- RE: SSH v3? Peter Gutmann
- Re: SSH v3? Stephen Farrell
- Re: SSH v3? Stephen Farrell
- Re: SSH v3? Olivier Bonaventure