Re: Feedback on draft-ssh-ext-info-00
denis bider <ietf-ssh3@denisbider.com> Sat, 05 December 2015 18:09 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 829411B2BA5 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sat, 5 Dec 2015 10:09:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yyLJf8EOb35k for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sat, 5 Dec 2015 10:09:48 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CBC0A1B2B87 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Sat, 5 Dec 2015 10:09:48 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id 78FDB85F1C; Sat, 5 Dec 2015 18:09:21 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: by mail.netbsd.org (Postfix, from userid 1347) id 2E70785F11; Sat, 5 Dec 2015 18:09:21 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 61F6985E9E for <ietf-ssh@netbsd.org>; Thu, 3 Dec 2015 02:06:30 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id 4OpZLYyiUT5J for <ietf-ssh@netbsd.org>; Thu, 3 Dec 2015 02:06:29 +0000 (UTC)
Received: from skroderider.denisbider.com (skroderider.denisbider.com [50.18.172.175]) (using TLSv1.1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id E0D2A85E57 for <ietf-ssh@netbsd.org>; Thu, 3 Dec 2015 02:06:29 +0000 (UTC)
X-Footer: ZGVuaXNiaWRlci5jb20=
Received: from localhost ([127.0.0.1]) by skroderider.denisbider.com for pgut001@cs.auckland.ac.nz; Thu, 3 Dec 2015 02:06:28 +0000
Date: Thu, 03 Dec 2015 02:06:28 +0000
Subject: Re: Feedback on draft-ssh-ext-info-00
X-User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0
Message-ID: <1637842921-3540@skroderider.denisbider.com>
X-Priority: 3
Importance: Normal
MIME-Version: 1.0
From: denis bider <ietf-ssh3@denisbider.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, Markus Friedl <mfriedl@gmail.com>, Damien Miller <djm@mindrot.org>
Cc: ietf-ssh@netbsd.org
Content-Type: multipart/alternative; boundary="=-X/P5WkkAij4BdLizwm+L"
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
Presence of "rsa-sha2-256" as a host key signature algorithm cannot reliably serve as an indicator for user authentication, because it requires the server to actually have an RSA host key. The server might only have an ECDSA host key; but may still accept and prefer "rsa-sha2-256" signatures for client authentication. Or the server might have an ECDSA host key, and NOT accept "rsa-sha2-256" for client authentication, but instead require "rsa-sha2-512". ----- Original Message ----- From: Peter Gutmann Sent: Wednesday, December 2, 2015 17:14 To: Markus Friedl ; ietf-ssh@netbsd.org Cc: Damien Miller Subject: RE: Feedback on draft-ssh-ext-info-00 Markus Friedl <mfriedl@gmail.com> writes: >I'm in the process of implementing draft-rsa-dsa-sha2-256-03 and welcome a >way for signaling SHA2 support to the client for userauth, Doesn't the presence of "rsa-sha2-256" do this? The client proposes it, and if the server supports it, they indicate via the algorithm string. It's pretty much independent of draft-ssh-ext-info-00 (I know it specifies "server-sig-algs", but it seems that specifying "rsa-sha2-256" was already sufficient to indicate this). Peter.
- Feedback on draft-ssh-ext-info-00 Damien Miller
- Re: Feedback on draft-ssh-ext-info-00 Markus Friedl
- RE: Feedback on draft-ssh-ext-info-00 Peter Gutmann
- RE: Feedback on draft-ssh-ext-info-00 Damien Miller
- Re: Feedback on draft-ssh-ext-info-00 Damien Miller
- Re: Feedback on draft-ssh-ext-info-00 Damien Miller
- Re: Feedback on draft-ssh-ext-info-00 Damien Miller
- Re: Feedback on draft-ssh-ext-info-00 Damien Miller
- Re: Feedback on draft-ssh-ext-info-00 Niels Möller
- Re: Feedback on draft-ssh-ext-info-00 Niels Möller
- Re: Feedback on draft-ssh-ext-info-00 Markus Friedl
- Re: Feedback on draft-ssh-ext-info-00 Niels Möller
- Re: Feedback on draft-ssh-ext-info-00 Niels Möller
- RE: Feedback on draft-ssh-ext-info-00 Peter Gutmann
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 Markus Friedl
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 Markus Friedl
- Re: Feedback on draft-ssh-ext-info-00 Markus Friedl
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Updated EXT_INFO draft - draft-ssh-ext-info-02 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 Damien Miller
- RE: Feedback on draft-ssh-ext-info-00 Peter Gutmann
- Re: Feedback on draft-ssh-ext-info-00 Niels Möller
- Re: Feedback on draft-ssh-ext-info-00 Matt Johnston
- Re: Feedback on draft-ssh-ext-info-00 Niels Möller
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Updated EXT_INFO draft - draft-ssh-ext-info-02 Niels Möller
- Re: Feedback on draft-ssh-ext-info-00 Niels Möller