RFC 4253 possible errata

"Mark D. Baushke" <mdb@juniper.net> Wed, 21 June 2017 18:20 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38A9412943B for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Wed, 21 Jun 2017 11:20:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.09
X-Spam-Level:
X-Spam-Status: No, score=-4.09 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sMhp4SQlPuRf for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Wed, 21 Jun 2017 11:20:36 -0700 (PDT)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:470:a085:999::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA664129468 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Wed, 21 Jun 2017 11:20:21 -0700 (PDT)
Received: by mail.netbsd.org (Postfix, from userid 605) id 0A4AB855D4; Wed, 21 Jun 2017 18:20:21 +0000 (UTC)
Delivered-To: ietf-ssh@NetBSD.org
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 82C6F84D8D for <ietf-ssh@NetBSD.org>; Wed, 21 Jun 2017 18:20:16 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (1024-bit key) header.d=juniper.net
Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id MUGdHEfFcxBG for <ietf-ssh@netbsd.org>; Wed, 21 Jun 2017 18:20:15 +0000 (UTC)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on0723.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe44::723]) by mail.netbsd.org (Postfix) with ESMTP id B103284D7B for <ietf-ssh@NetBSD.org>; Wed, 21 Jun 2017 18:20:13 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=njzL2Cz9ubjzxX4oxmYyPp1adg/NX3kO1EYyt2Rf2/I=; b=IsrWh1fjcpAvQRezZwC4Cbva85Vj4i09ZJyDtxdiNslaX8BXB6HE0yFbgLMYrMkaMgofGkWQg8bYfNwvbG6ekHmdTvmNKtH2ABBz5CX5WSE+ytz8J0AXueO4WEuYrSDqRVIAZJb/Ku+s843Y8WWj5OidJmoDiMEdQddSjkvDlDc=
Received: from CY1PR05CA0033.namprd05.prod.outlook.com (2a01:111:e400:c5a4::43) by DM2PR0501MB1309.namprd05.prod.outlook.com (2a01:111:e400:3c1b::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1199.6; Wed, 21 Jun 2017 18:20:11 +0000
Received: from BY2NAM05FT034.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e52::203) by CY1PR05CA0033.outlook.office365.com (2a01:111:e400:c5a4::43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1199.6 via Frontend Transport; Wed, 21 Jun 2017 18:20:11 +0000
Authentication-Results: spf=softfail (sender IP is 66.129.239.15) smtp.mailfrom=juniper.net; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=fail action=none header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.15 as permitted sender)
Received: from P-EMFE01C-SAC.jnpr.net (66.129.239.15) by BY2NAM05FT034.mail.protection.outlook.com (10.152.100.171) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256) id 15.1.1157.20 via Frontend Transport; Wed, 21 Jun 2017 18:20:11 +0000
Received: from p-mailhub01.juniper.net (10.160.2.17) by P-EMFE01C-SAC.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Wed, 21 Jun 2017 11:20:06 -0700
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id v5LIK5Z9028932; Wed, 21 Jun 2017 11:20:05 -0700 (envelope-from mdb@juniper.net)
Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id 59ED11144E; Wed, 21 Jun 2017 11:20:05 -0700 (PDT)
To: Curdle WG <curdle@ietf.org>
CC: SSH WG <ietf-ssh@NetBSD.org>, Eric Rescorla <ekr@rtfm.com>
From: "Mark D. Baushke" <mdb@juniper.net>
Subject: RFC 4253 possible errata
Date: Wed, 21 Jun 2017 11:20:05 -0700
Message-ID: <80212.1498069205@eng-mail01.juniper.net>
MIME-Version: 1.0
Content-Type: text/plain
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:66.129.239.15; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(39860400002)(39400400002)(39840400002)(39450400003)(39410400002)(39850400002)(2980300002)(189002)(199003)(9170700003)(6306002)(2906002)(8936002)(2810700001)(105596002)(106466001)(4326008)(76506005)(5660300001)(7116003)(53416004)(50466002)(356003)(7126002)(7696004)(117636001)(110136004)(305945005)(47776003)(6266002)(77096006)(86362001)(7846003)(6392003)(81166006)(38730400002)(5003940100001)(53936002)(478600001)(966005)(54356999)(50986999)(54906002)(189998001)(8676002)(6916009)(55016002)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0501MB1309; H:P-EMFE01C-SAC.jnpr.net; FPR:; SPF:SoftFail; MLV:sfv; MX:1; A:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; BY2NAM05FT034; 1:aFsPtKjrjun4HeqiStPt5foaCqkYETTSqxWW94Ful59/ZBPVAIAiJsdBdeem2/b/jQxz5DVQlVNKtpWe36NoSxTCF9sEQ5nYskKmv4CAI8jwD1ldg8Zcbhpzw/LHTP0HKceVRmLCG36nBItqIVasgAaIWmKi+nWSVhlGcqByDBt7wpyn7v4uSeDoLCvtPWGiz6zjNLOpwV5qJyHULFFmE/883yfE5jr1CjDB+dWH8CHwlqSP4a76Cu7AANTz45hEdCdouCVS7W6/hbIXYXP1vskjMcughfNZs7ZPxv66ja263+n1zUWPjdtijWKXtdmoQ3wgyDlWm9DjvUsgzGQuineP4fE/v7UfW2JYKQuSgxhifXUdRnTIWxr0P5isFZMWGxkb9zc6Gt3woDPM9tSyXZlnw/jsg0NHDbHrDU8U/44ZnXAyj4taNGd7BPVqpR1Z7KHIFffcs+bh57nK6MXL/n/S9ZHgi0KTqGkoQRpPtYz3TZuNlOs9MuBbTCdk/I5Js1uPQXnEr3jpSn9cQ6RLbxiTbRv3z3rCOByImHmRLDx3fsAfM8Z6nRPPTA8x8dbmnwWIUPx2r6KpJ4m8nDgArNu1AGG5FtkGF3m14pp3ae5kKImrRzDm4L3cHZ1sYlidZq0BFtkqc/Wklu0YHtGgjbUVAtKZeimfWxp277QHuQq7V+JvmGMLOHAoSDoZX/epY5F9FfX7+94WMa4RTpqB6RB/eddEH0kbnQfS4h5g3HsKvt3oOomKwlBW969PxAPHWvS6bLPsZ5lCA4eOuyGWxZ9/xTewTXbjzh+ODNsuD9Pm9v1UwZ1Bt4YKzJyFGpbcbeTR2Gyu+lxrDwrZD7MtqwmH6O7jIIoVs8I+7UQK6Fs=
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 27c7a0b5-cb50-49a7-d62f-08d4b8d227b6
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081); SRVR:DM2PR0501MB1309;
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0501MB1309; 3:cc6l0txZwqTI/GsKn6x0KFiS6fh7JbkLF8v+e6dPwA1UuGUBaNsJrtbTxmHBJcRYhNRPNESezKm73GsIQCp0cd7Yqva0S53phOJAJwzTkuF14Ju/Kwg+ltq1C71dG3CqXFUT/V+bGqTXSOgOVpiAlUcAU+t3gOLXAWGk4QZcSw71P9Fj7eZjvn3mURXiHbprmNGPqx/ImEhIzOJM8FpoOKj6xNL3xMhRrj0wwZNUabKYlz+RG/5RjvVOfJ1CTKlYqrAthNPDNA7G1P6kgA6C4HV3aute1cRpa5dVgbWBzEZ5lIZ17WKLAu14l0SjwOjfYeDvybRTs80Os1dIsTH0YTblvcMArqelLefLgTCAl9/ApZrY1p9v3xgUOmTvFov5TouiVVcCN5tmlCMXNpo9+NKG9WSoSl2EOoBaFbmUlAgVSHAFvsdmtB+3PyE92e2K/zhWaAYKMCmxPqD3thFiwg==
X-MS-TrafficTypeDiagnostic: DM2PR0501MB1309:
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0501MB1309; 25:YY0+gQ7bpBXuFRmcrzFmyNo4iYymnJ9QZ/bjAxSp6z/U59wxUDtVO6/H56R3NTkUG49shWk/fYuIXtvF3UgHrPUWU8Q1bWNkjP4eyxHaA5J2Qi/SxubjKi/Ni4mcWr/Q/ehptW+h0oZoSlSHiz+FDYA7f1lBHmErGEthQI63u2tVOwXnhY1GUiI/O2+Zo1Wln+DJ5wx3E3Sm8nPNX5X2BV01lu3csC5t3RDtT6eRP32YI7tmWawj4MuTUWgXd1o438URQbzFPboy3SK2ySqthaNhIjwEZ177TGwgpBXudg2rPaoCR9r5AuFSU9BiOiScs5520xer6HBqv3+SGDE/goosuPNIAT3GPxltHcxaFiBo0mXf/gzw0qIwkziZtZTWQ3U/WSGToc0KwE+MnVCekcemK21v0rAs1oMLehwzvXAkBPaCMo/UOGY0MfHnyd1IaNCFDPwIw31SDothTIfZn/Kv7E03b9BjKlPgdPjln/acYpPVaWpXCKUXa8WEmz3+5RIy9oFWM7hkJM89x5auBsXwIP9CSpPmUlOFpv8bqts4g8+pX+UB4bQueJmPsXVZzfDnTNGVCzdb6G7wl5yVRyuEGIkdZEAP6RluNVCG9LLltrI7m1iCTaiBpWAwIr3j561ZQxrA0hqbHvRz/JH3ZHk4ecrG7G1+ly8mc/TMVOjE7mUE5jnVsfvhdcBy3FubeSvCR2FETf4xvD+Y72B1u3os09oP5qaCfz30d4Vy4uvWqeh3d2AM9k6HA/kI8s0GDze6t2YoZo1Ri+g4ambT1J3ZRsCkT7ZvemlrQ0Ucm0B6P1r5fluPugKTdHgVHBFEKZ2b8b37WFtcGPHd7yF7guDr4VeT6vab8AYheXjDiBugwG2FOyyxpQp6/fvbFkQEOYzjlmJZAbCGsR9EiAuQBmuxqaBL1uKfNDi3t7y0T5Q=
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0501MB1309; 31:LjR8KaFAJ6l3MH1tMTZ9OyHL8QCo9LbAIFX4iVcwnZ+yrWsRJIHSCsiErDrxYvOt3Ov17SnEc1D1DL3AFNmzgiGSWlDdA4U/9gnICqfQv1FGuak2JR8gWGnv8REoB/WJqYM5N7JmEmNZGS+KYAc+FfKzjP8KU4eQYkaQ5/li056uMcroAMlMmoKDhDwovGLAdW3ErESNJw0gp+T8F96uftBgOy118JiuijzWPPa4NqNdLXgwEmQo35Pa9hQO3SR72wrDa49A88ypp6DRC9YPPJWCdPVfY0dfBFVsS6yoWq/Digjg9UKpA+P0lJO8dTR1F97NPSWzmJ+TUnd4cJUcooib30TRFtetrX3n/kjsnSiSNQYeRC/ROduvHh2LvU8bKDoJRhNBPyUDD9amygSfcP95WWVNJHxhpI9wysVxi3wa7fqaAqzmW9FOrMIXbmKVU0URLVD/BM3uez6zDZAQf5nQ2CF+uszypg5hUf4lIuBypBxNwFLyqAkbXqbWHk4h+5PeEHvKbxb261cuHV3CQJeLb5wO2up/P4ZZ8DICFi4pwx6jooilw2BT2uf+BBt+Qmp6e9MyR/bx5/PB1xOcr0/shDgHP+Zs2tveZqDgsgc1PR7k8YHJanUzE2nG3AwuFwh7GahuJ6IEhkECjue0LAgKi/k3f3fjqI3a+cvtL2v+4V1MgQBgpeI6iiI6kyNe
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0501MB1309; 20:v6R8c9Wx3oslHNdbaRYsFuQqtKgewJzzgw5x964ubhlzH8vpxXZjFVMjCcM2c0VdjuTqHe+MZL+O/i4tWwc0Y6k7HZdb12RoHj4CgtwLGzqY8i5LhNv+B4XpGZ9zQNjx5AYAg0BZFZ1Vt6uaEFamOfCNv3cGQ1s8/9TohdOzzG9aVGEKQQloT70uvK9sVRErPJasRldAni3qN0jTOb1Z/CRHucXOIqh4g91rJPcsvMZ0CVC91go5RZ1+re8+fYq7wskoMJaMAjm4ReORGJPcm5zhnsg1NWbrhQTQLgsNvATSCWMaJjsOW0SrF5oW/7UK+BlLPeLdD4ucK8FhC6PBw22LomUKXmFr90u8VxSIqqvFgpY6XrQ+fcvmRp1hAQJqZEOeGgk/kdX17/8HDrZCyyaYR76hvnwmpsVH3F1QPhK6aUR4U1YNjNeHwxK13LWFWG1xZfev0AtMEsBjoWyKYg0TLuXRuGonDjncbhE95UpVXPuUqaYJJdjBtWtr0OXO
X-Microsoft-Antispam-PRVS: <DM2PR0501MB130940A38DC60E105D4E29B5BFDA0@DM2PR0501MB1309.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(158342451672863)(100405760836317);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(13018025)(8121501046)(5005006)(13016025)(10201501046)(100000703101)(100105400095)(3002001)(93006095)(93001095)(6055026)(6041248)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123564025)(20161123558100)(20161123555025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM2PR0501MB1309; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM2PR0501MB1309;
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR0501MB1309; 4:+kWpD5wawuHXE6OLMFJQqW8X3/5sXYLLyBss6Cy1?= =?us-ascii?Q?1Y/kg8bZnbkbR6FE0eXR+6vRaFhccMpYH9z6By2OFeYv+Wqu/6gmroahQqIn?= =?us-ascii?Q?zIARt7kaUUsMFf+g+S+n6f78uIu6RgAYkptbfr403hHx2ctI3onuC1IlQ158?= =?us-ascii?Q?+5oc+ue1j8g0bJZ0nOPKZ/Ko8pE0Rp3AdrqoSENJJmcDaZRKM0+NmEM+eb9F?= =?us-ascii?Q?5xuCAyKgPjM2ubFk06l9wcwifMH+iSId4bgMAmZOItA3bIKB5/4dUOekqPd3?= =?us-ascii?Q?SR/RqPFiUaZupw4aEWFtrrl5nE/wsIl0802ZnCIw99JOsmkIyFXzpoft8VJx?= =?us-ascii?Q?SWx6h/aF7MeFneVckseRqQ3NYS1pEzRepTf1zYa4CXKL/Z0XjVfecFAbDngN?= =?us-ascii?Q?sFyCw2xsKmWRDnN8nsYpVIqj22It6P4EtFQuAsEQNKp4zGyFniV5xi+MMhjp?= =?us-ascii?Q?VdqgKJnepCWy6i3F48B8Zbsnw3jVambph2LiHnOiATzBtC9EieN6nYdPqivB?= =?us-ascii?Q?2Dexs63FXSrSe2ciULrTpxL9ezIPOsDWoYm25YqSIHpEK0AOdBcoX49xyS/I?= =?us-ascii?Q?1Hoqztsjz+yuaG0whov3htBWvqFzRtXj0M0/Rkk5gI7QSJTYs8i22+cA1Csv?= =?us-ascii?Q?wj6KvFWyXM2OnGfwu/ppe78UdevP2Oq3jn4yFJHuD8lHx41ieqcKqvbvW4Ct?= =?us-ascii?Q?PGrlT5G9ly3V1QymoNwjUo7kJVTOoXmKw67G1y3eVq7FFnXrw1TcGAvswWQB?= =?us-ascii?Q?1JyKYDHZPIZxDXOCWSO+XNVgWQvh/j2tUvEkE5SKs4z1NrB3RlqvmDSkuS1U?= =?us-ascii?Q?GeiRaQzJFNj5kfeGAo3YhXHVauxEixLKBh/XjQGnyaL8ZRuYCpqk/cSkvSpH?= =?us-ascii?Q?fFPT+Nmh2s2u3cB7+wF6WbJbDFWcH4QcPAUvs63AVK4tWjOYx8rgIPxa/94f?= =?us-ascii?Q?v+LlMjRjhQj1DEeU1zyVpzmggGBMQhhcv9fdVhBdZv/UwkX4Jc0W8gbk5gcq?= =?us-ascii?Q?t+bdKCALauvjqdokvcIDUqr7omaSgJD8scEzeGBwDc/7wO/nG78ZHNFFxu2w?= =?us-ascii?Q?Idx88ZeAjA6Wi38Ku4UdSMha2ViIIdcOjTdWoMw1Bd3wvCEWpi6/Pzrz94j4?= =?us-ascii?Q?X2hW3aIi66UMz0WqNSaTxomTZd1YRNC/BGufYVftRpsvpPkRAkurI+5WUpHi?= =?us-ascii?Q?Z0u8cUMBfGhXYDrpNnbdFwTNtw7sIeBHq5ycVF7VzVJzSOlfatxM+U0PUWeM?= =?us-ascii?Q?oyPJ6zW7OKjYr0mwxBp6ybPzzcbprd5cTWWAelNK?=
X-Forefront-PRVS: 0345CFD558
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR0501MB1309; 23:PwsmVqBjwIYTZlif2+PD+vz7j/5WKoky7eRDHjX?= =?us-ascii?Q?8STG1To21owT2EzAOQpPSCNQK1Zm95ht8YgxamGjg0nxfT9PCQKZw3kOjTA3?= =?us-ascii?Q?mJ0lumvKOVkMC201RukysRvnwW0efVQdoJCP/M6pDyNhZxn3kNY900TDeJ+8?= =?us-ascii?Q?r/fxvyr3Pg6bZaN5dMm0J9UxBvJHN5jxe9cK0e2BMujBMI4r9UCg/VDYB6LW?= =?us-ascii?Q?8ZDS8yqkx9PdTFr6yoa+pI/IDXdnBu8DME+EvIDC4hpny+fJ3sH/CY8GUCnv?= =?us-ascii?Q?EJSTPCqmtWkSUdVRJEc370MwRhEkGN4dl2L7wz38IgJBRUQIcMvJgTCGW0oj?= =?us-ascii?Q?UIiXY/3MHn36+KKjughu5mVKxgZWT/xsL5stETcIeE0cJO05ja8es0ya4FxR?= =?us-ascii?Q?nt1mcNd/qi7HlSM/HBJK/0016dZKdWFvjC7fAGBKtdZGdLjZ9sDpsHn2vOT2?= =?us-ascii?Q?G66JQQY/k80UtFWQwFpzQNuufqLYQVzgt+G1mJcVhPPxRnBdUYqAS+5la0vc?= =?us-ascii?Q?l6PHpX5JxDTEnrVq2+/WTzN4moULzDsfMSCidd0E3o2PqeIEwRj982GYSBqV?= =?us-ascii?Q?l/EH0VDRtRH7vzXTMgrfFFOZMo5L5lRSMTMdNv+P4ADTRcnlSaPsktlbtmju?= =?us-ascii?Q?7mRCbxmtyLo0hPgAPU3eVcTOojA60/5fqOHFq0AS3safRHBOv0aA08A/q5qf?= =?us-ascii?Q?JbGTGFN13ssHTvKC7XLDkeMc6FEh8W3GNPyU6qfIsvBSW73XbBOJ7/eXEEim?= =?us-ascii?Q?BdjVjLIIRJ5mvEVkm80qsnuxCXtnnxZu8dwxoT0sAZG22JZSTZsm3vohEtS7?= =?us-ascii?Q?nJOndJ44xt0y/lhadMLahGz+1XR8BqZ9a6ld71GyFctDacFVHL+0JHyFOzsy?= =?us-ascii?Q?uv+CqGlChyLk5PIxLt4fH8os8HC9aJQqpMrRhczCAS28RpEZDC41Qs0492vV?= =?us-ascii?Q?oabYPeCO+vdcVqMDLdcS/b95a1fWhups9j1u6i3puJrCF+8HsplhB4IpC0jA?= =?us-ascii?Q?GZkd7yPmePmHWxe4OkNRdFvPirxnHzhu6Gv+94kCw07ZP5oWvpKSlagxSn25?= =?us-ascii?Q?pljuV2H1VtH/gi0XEoa9gTwmrSSOopUFk2prZNC6KQhyecxF/ntpQeSqtFbR?= =?us-ascii?Q?3Fq6ceMdDaYvb+NtsUSMXFF6STs3jY/Wp6HULVVMPFI5340ueIrKzBf6atlt?= =?us-ascii?Q?1aoId9BJTEa55uZy16jq1VrlHfxXHGEXDfqpo?=
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR0501MB1309; 6:WWI+u6q6pAa2wyQSvLEh9kWMiRt2ik44dyaweJSU?= =?us-ascii?Q?rkjIww3fibTJfAEgJP/5UzfbPPKA6kXHXBJnJU/9Jdhd4+ELL30fQfWolIvD?= =?us-ascii?Q?SIesH5JpXto9t8/G1zpyyVp4EziEZNZ7gsQUZIpIuStoidRkXO0ZnQBfaxN9?= =?us-ascii?Q?K3flfk/ngLPisfK1CYf6vaVfUmeVO92TBON5KdF4N+PJ4I1/u0mQSlWBydOg?= =?us-ascii?Q?GK6guhsAwzWFws5pNNjRP3d60eoWoZbl2aHvLb4+iXrobss7PCn4iw0XEWlC?= =?us-ascii?Q?JLNDm89hABBb9SjI5YfKzs1vCVHEBqtSFcVKZ/L/00fhRTDQV5dx9yfC3PLf?= =?us-ascii?Q?R8fidYn4ngPgul6aItAYA86M2oOGJ4HpCc5b/Xb74Pqz+AYJlhWS9CNSbtNE?= =?us-ascii?Q?A3e/AEZPnsTDs/slNQWNeLmkhbT+4EETAv1ksl9JBB/WltTjuKdfFwZH86kD?= =?us-ascii?Q?R5rGP5PyFxK7jv9k/loXsQfZz8crKNC+7XC51O/8j+39I79CzdVbd/V+zSvm?= =?us-ascii?Q?++b0yqC4iWchnOyJnX0LcNmbQTI5N+jIfll6VBhq4d+phQnXEmvF1MtlfaBK?= =?us-ascii?Q?DUwZKb7caZ7jlwxJuLnndHZdXJJOa2xlxwbN/StruMEKDBEQtagT2KSMLpqf?= =?us-ascii?Q?gYHQE9VKhRD6+2nWS5kiFfPFzLZmVWZq8Q/0ogk+rr3z6qmrgzNaRJJNlz5+?= =?us-ascii?Q?SkRxep2lHyky4SRBnXH+IgJsjBTnxglfMFwpt8p8MbcL5EpLu71EB/UW1LEn?= =?us-ascii?Q?8kB4VAx6cQmXmSsd/BjjtfGOQe/UiZbzhCDWmAMjXYlCJRtfOSdVliu/GjOF?= =?us-ascii?Q?xWW+fhpGt8qRObZ4Y+EoyJ6+OX9dqnn7gvD0/2lS4E+qPQAd3xj5Mp8wRwnS?= =?us-ascii?Q?eGmXYLez6fS0lhGyQxnWZGK12jQrjfcrb0CscU15V/h7oKxc21oVQsw7QztI?= =?us-ascii?Q?pXDdlazAZp19AfC1hTkxNp+nuadPwlj9HeeSKwJhXegNB3QPrL+1eWTKyxAX?= =?us-ascii?Q?floNnn6KOODY3NAL+7saHBet?=
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0501MB1309; 5:cNt9aSQYllaYUsS7ulUHywFWzHPfdlBkzKvY0YuGnxqkfEGVmcZQinFfgGtRFABKZZOS2samXU6O6EEtfOQn0hx4biEAEKAwvIwXIJ7yN6tQucFpJ9eLc4ioIMB7CVTrf/JBwvmf7DfNwP5U9GeyPG2nLyCLYFM7td1LSJIY6SlW55/kggGoc3QvcVQy+7DwmOBTb002WOXB2mVCDvuUkfxV7oypNIUf1vn3XFb3ZVrmQn2DNN1yn7kC8mf5v++I3HQGpjcRHe0+tm/oyXZFc50jbAPfAiDXdczrlcw1XZUTNNWhCAqx388xCXi1GnJU1h3apgdcn65AVSceOJ4fvgb0dq7xi7Sld7W5KPz+Qti6DPBNvU25vj82mkXiYL8B3Q+fA9vqRB5I59h9LrN0KVqY2iflzshQQGHwqLA1H3czE1O/XcLk66jvdCDeW5ZcT7zGKAfN+01U4q0Saul+HY88jlGqCXOuo5npzsStS6GkillrvNeP6Gt1xipVgHNT; 24:Rp8IVUsFQhvaFiLKowhaX5aDJloZcfhM/hUkS4fF/OVmJKrJ5oCHQUu8hlkBdOpiY7/z9pkPxU9OLJBP+fw/kJVqOwjV4JWXCzhZalQhXl0=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0501MB1309; 7:2tK6xT87LS3BhrNRriv4gFExmmYahPDsGM59rE2qUq6VeBRfGSNVHutpxwg6MH2FblwzHN9MxWcsEz7G16byDnJAU0Kn2SOS/3OiLx5i3bev+ly2BMHdbfiVmm7CauEQJfbhA/zQwQAKrrsmN5h10/sUvVaJq0mZBwmEUBSxs7gYhhYW1Ywb9oohm83uA+64C3sgp6c17i8PWxvtudnY8HdBk6aDRA+F4OQRT41FNm1seKUjPkmE3FhBA00i1mm8V+iakewnItTrb0tToHc/7zgPP8tmiowHN/hn6SHL6kG1+S1lj3v2tgcF1D5qORoGCEC7zzFbO+v7eLmBwr4EgPqhGpv6qBrIofaIQXs3O1Mz3/oatZz7/uZvFXRqAgi8V6fr/P502yeFnehhWS0BTvYv0Z1Yp8582rzRwpQmJUe91KyZp6YHUjYZqI/E4cGd2ODsaAmXS9c2Qi4URzmWKF9kt6jdmM73PT2cPuatMibelJXgtVGSk5HUabTdDv4+wfNHN+uNbYVesZQt4CbKzae/jLANNtXf/IEJsFnihFxUTi3TDSN1o5dHjUVI4YScowSrARG5jxqsB1T5cCa7EDcUKEPNGXc/uwFRhz4j/EoWerPPynWOJ72+7tf8UlR6QH4PHteiKMzwVv3feQeZz+xGPTJ8cZ+cTMrjPRt1FbSQWekfJCJ2inH+h45lPSG8X9Ce5HNBWMmt5X5+AfDojpFvY4ALynN7FsqYexWBdKZXi91lNSc39DAawT1WhldjcpPRWjA+863h5R2IGmMF8nWQvEqSKx/oGiRq0yOfWJ4=
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2017 18:20:11.2675 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.15]; Helo=[P-EMFE01C-SAC.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0501MB1309
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20ietf-ssh&body=unsubscribe%20ietf-ssh>

Hi Folks,

While working with the IETF AD Eric Rescorla <ekr@rtfm.com> doing the AD
review of draft-ietf-curdle-ssh-modp-dh-sha2, the topic came up of
validation of the Diffie-Hellman public key on both client and server
(peers).

The RFC 4253 Section 8 writes:

|8.  Diffie-Hellman Key Exchange
|
|   The Diffie-Hellman (DH) key exchange provides a shared secret that
|   cannot be determined by either party alone.  The key exchange is
|   combined with a signature with the host key to provide host
|   authentication.  This key exchange method provides explicit server
|   authentication as defined in Section 7.
|
|   The following steps are used to exchange a key.  In this, C is the
|   client; S is the server; p is a large safe prime; g is a generator
|   for a subgroup of GF(p); q is the order of the subgroup; V_S is S's
|   identification string; V_C is C's identification string; K_S is S's
|   public host key; I_C is C's SSH_MSG_KEXINIT message and I_S is S's
|   SSH_MSG_KEXINIT message that have been exchanged before this part
|   begins.
|
|   1. C generates a random number x (1 < x < q) and computes
|      e = g^x mod p.  C sends e to S.
|
...elided...

|   Values of 'e' or 'f' that are not in the range [1, p-1] MUST NOT be
|   sent or accepted by either side.  If this condition is violated, the
|   key exchange fails.

...elided...

The z in range [1, p-1] notation, specifies a closed interval which
includes the end points which is equivant to 1 <= z <= p-1. The (1, p-1)
notation specifies an open interval which excludes the endpoints 1 < z <
p-2.

Eric noted that https://tools.ietf.org/rfcmarkup?rfc=7919#section-5.1
uses open endpoints.

Eric suggested that my draft should include text that is similar to the
ext in the RFC 7919 to correct this errata.

Before I make such a change, I wish understand if what folks have been
using for the test in their implementations and get a consensus on such
a change.

	Thank you,
	-- Mark