IETF Logo Mail Archive

Re: Feedback on draft-igoe-secsh-x509v3-01

Joseph Galbraith <galb-list@vandyke.com> Tue, 30 March 2010 16:56 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@core3.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7E2C43A686A for <ietfarch-secsh-tyoxbijeg7-archive@core3.amsl.com>; Tue, 30 Mar 2010 09:56:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.425
X-Spam-Level:
X-Spam-Status: No, score=-0.425 tagged_above=-999 required=5 tests=[AWL=0.555, BAYES_05=-1.11, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HlzBgC-JNOEV for <ietfarch-secsh-tyoxbijeg7-archive@core3.amsl.com>; Tue, 30 Mar 2010 09:56:20 -0700 (PDT)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe52:9ab6]) by core3.amsl.com (Postfix) with ESMTP id 4E3993A67F3 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Tue, 30 Mar 2010 09:56:20 -0700 (PDT)
Received: by mail.netbsd.org (Postfix, from userid 0) id B7CB663B11A; Tue, 30 Mar 2010 16:56:41 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: from vandyke.com (mail.vandyke.com [216.184.10.33]) by mail.netbsd.org (Postfix) with ESMTP id CDB8563B100 for <ietf-ssh@netbsd.org>; Tue, 30 Mar 2010 16:56:39 +0000 (UTC)
Received: from [192.168.1.193] (account galb [192.168.1.193] verified) by vandyke.com (CommuniGate Pro SMTP 5.0.9) with ESMTPA id 6392532; Tue, 30 Mar 2010 10:56:38 -0600
Message-ID: <4BB22D46.9070600@vandyke.com>
Date: Tue, 30 Mar 2010 10:56:38 -0600
From: Joseph Galbraith <galb-list@vandyke.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.8) Gecko/20100227 Lightning/1.0b1 Thunderbird/3.0.3
MIME-Version: 1.0
To: "Igoe, Kevin M." <kmigoe@nsa.gov>
CC: ietf-ssh@NetBSD.org, Douglas Stebila <douglas@stebila.ca>
Subject: Re: Feedback on draft-igoe-secsh-x509v3-01
References: <80F9AC969A517A4DA0DE3E7CF74CC1BB034A13@MSIS-GH1-UEA06.corp.nsa.gov>
In-Reply-To: <80F9AC969A517A4DA0DE3E7CF74CC1BB034A13@MSIS-GH1-UEA06.corp.nsa.gov>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list

On 3/30/2010 09:01, Igoe, Kevin M. wrote:
> Good suggetions.  Given the existing SSH UserAuth
> SSH_MSG_USERAUTH_REQUEST
> and SSH_MSG_USERAUTH_SUCCESS/FAILURE protocol specified in sction 7 of
> RFC 4253, 
> the best we can do is mitigate the need for many rounds of REQUEST &
> FAILURE 
> messages.  Your suggested text addresses that quite nicely.
> 
> I'd like to soften the "Verifiers MUST" in the second paragraph to
> "Verifiers SHOULD".  Some ssh servers are restricted to a very 
> limited set of authorized clients.  In such a case, these users may
> have been issued certs specifically for this site. The server
> need only deal with the signature algorithms used in these certs, 
> eliminating the need to support a broad spectrum of signatures.

Are you talking about a client/server combo specifically
implemented only to work with each other, or are you talking
about a generic client/server combo configured in a specific
way?

If it is the former, then they needn't comply to any standard.

If it is the latter, I'm pretty sure that MUST/REQUIRED doesn't
actually apply to site policy... so even if the draft says MUST,
site policy can still disable a feature (like the required key
exchange or encryption algorithms.)

Basically, in terms of interoperability, if we allow one
peer to send something, then it seems like we have to require
the other peer to be able to parse it.

Note that the proposed language doesn't require that the
request succeed, only that the  verifier MUST be prepared
to receive such requests (and in fact the next sentence
predicts increased failure rates for such requests.)

All that said, if you feel strongly about SHOULD instead
of MUST, I'm not going to run screaming from the room :-)

Thanks,

Joseph

>> -----Original Message-----
>> From: ietf-ssh-owner@NetBSD.org 
>> [mailto:ietf-ssh-owner@NetBSD.org] On Behalf Of Joseph Galbraith
>> Sent: Monday, March 29, 2010 1:21 PM
>> To: ietf-ssh@NetBSD.org
>> Subject: Feedback on draft-igoe-secsh-x509v3-01
>>
>> I just did a quick read-thru on this document and it looks 
>> pretty good.
>>
>> However, this paragraph from Section 2 was confusing:
>>
>>>  o  The individual certificates in the certificate chain MUST be
>>>       signed using only algorithms corresponding to public key
>>>       algorithms supported by the peer.  The choice of signature
>>>       algorithm used by any given certificate is independent of the
>>>       signature algorithms chosen by other certificates in 
>> the chain.
>>>       However, verifiers SHOULD be prepared to receive certificate
>>>       chains that do not comply with this (in other words, using any
>>>       signature algorithms), and MAY verify a non-compliant chain if
>>>       they are able to do so.
>>
>> First off I think "MUST be signed using only algorithms" 
>> conflicts with "verifiers SHOULD be prepared" (or at least is 
>> confusing.)
>>
>> And secondly, as I noted before, we really don't have a good 
>> indication of what algorithms the peer supports.  We know 
>> what algorithms the server has a hostkey for and what 
>> algorithms the client is willing to accept as a hostkey.  But 
>> we don't actually know what algorithms either side supports 
>> for publickey authentication.
>>
>> I would suggest this paragraph be rewritten as something similar to
>> this:
>>
>> o The only algorithms that can be guaranteed to be supported
>>   by the peer are those that were listed in
>>   "server_host_key_algorithms" of key exchange (See RFC 4253,
>>   Section 7.1, "Algorithm Negotiation").  Where possible, the
>>   individual certificates in the certificate chain SHOULD be
>>   restricted to the algorithms listed in "server_host_key_algorithms";
>>   however, other algorithms are permitted.
>>
>>   Verifiers MUST be prepared to receive certificate chains that use
>>   algorithms that were not listed in "server_host_key_algorithms",
>>   and indeed potentially algorithms that have no ssh equivalent.
>>   Such chains are more likely result in a failure than a chain
>>   which uses only the algorithms listed in 
>> "server_host_key_algorithms"
>>
>> Thanks,
>>
>> Joseph
>>

v2.23.0 | Report a Bug | By Email