IETF Logo Mail Archive

Re: Feedback on draft-ssh-ext-info-00

nisse@lysator.liu.se (Niels Möller ) Tue, 15 December 2015 08:45 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33A6D1A0020 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Tue, 15 Dec 2015 00:45:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.21
X-Spam-Level:
X-Spam-Status: No, score=-0.21 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, MIME_8BIT_HEADER=0.3, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fw_AFIbLznD0 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Tue, 15 Dec 2015 00:45:03 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:470:a085:999::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59D551A0061 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Tue, 15 Dec 2015 00:45:03 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id 88BDF85E69; Tue, 15 Dec 2015 08:45:02 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id ACD6185E63 for <ietf-ssh@netbsd.org>; Tue, 15 Dec 2015 08:45:00 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id E-TNi-TxH_up for <ietf-ssh@netbsd.org>; Tue, 15 Dec 2015 08:45:00 +0000 (UTC)
Received: from mail.lysator.liu.se (mail.lysator.liu.se [130.236.254.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id 093B085E5C for <ietf-ssh@netbsd.org>; Tue, 15 Dec 2015 08:44:59 +0000 (UTC)
Received: from mail.lysator.liu.se (localhost [127.0.0.1]) by mail.lysator.liu.se (Postfix) with ESMTP id 0E3C1400E5; Tue, 15 Dec 2015 09:44:58 +0100 (CET)
Received: from armitage.lysator.liu.se (armitage.lysator.liu.se [IPv6:2001:6b0:17:f0a0::83]) by mail.lysator.liu.se (Postfix) with SMTP id C5DCA400E4; Tue, 15 Dec 2015 09:44:56 +0100 (CET)
Received: by armitage.lysator.liu.se (sSMTP sendmail emulation); Tue, 15 Dec 2015 09:44:56 +0100
From: nisse@lysator.liu.se
To: denis bider <ietf-ssh3@denisbider.com>
Cc: Matt Johnston <matt@ucc.asn.au>, Damien Miller <djm@mindrot.org>, Markus Friedl <mfriedl@gmail.com>, ietf-ssh@netbsd.org
Subject: Re: Feedback on draft-ssh-ext-info-00
References: <420676586-2960@skroderider.denisbider.com>
Date: Tue, 15 Dec 2015 09:44:56 +0100
In-Reply-To: <420676586-2960@skroderider.denisbider.com> (denis bider's message of "Mon, 14 Dec 2015 00:27:44 +0000")
Message-ID: <nnmvtcje2f.fsf@armitage.lysator.liu.se>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Virus-Scanned: ClamAV using ClamSMTP
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list

denis bider <ietf-ssh3@denisbider.com> writes:

> This is what I would prefer also. However, as far as I've understood,
> it's not what Markus implemented for OpenSSH.

And to be clear, the problem with that way of doing it is that the
client has no way to know reliably whether or not to expect
SSH_EXT_INFO, and in particular, to know it *before* deciding what to
put in its SERVICE_REQUEST.

I think it's desirable to be able to know whether or not the peer is
going to send SSH_EXT_INFO, even if I don't agree at all with your
dislike for SERVICE_REQUEST.

One scenario where it matters, is if we define an extension that lists
which services the server is offering.

> However, it would be counter-productive to knowingly specify behavior
> different from this major implementation.

I wouldn't put it that way. I'd say that we should strive for consensus,
and it's pretty important that that our consensus includes the openssh
folks.

Regards,
/Niels

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.

v2.23.0 | Report a Bug | By Email