Re: Fixing exchange of host keys in the SSH key exchange
"denis bider \(Bitvise\)" <ietf-ssh3@denisbider.com> Tue, 28 March 2017 05:38 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72BAB1293E1 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Mon, 27 Mar 2017 22:38:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=denisbider.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fT5MH073jyeF for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Mon, 27 Mar 2017 22:37:58 -0700 (PDT)
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3366B128D44 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Mon, 27 Mar 2017 22:37:54 -0700 (PDT)
Received: by mail.netbsd.org (Postfix, from userid 605) id 5C4DD855DA; Tue, 28 Mar 2017 05:37:43 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: by mail.netbsd.org (Postfix, from userid 1347) id 07FE48561F; Tue, 28 Mar 2017 05:37:43 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id D16348556B for <ietf-ssh@NetBSD.org>; Mon, 27 Mar 2017 21:18:08 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (2048-bit key) header.d=denisbider.com
Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id EhT0UnPRFwLK for <ietf-ssh@netbsd.org>; Mon, 27 Mar 2017 21:18:08 +0000 (UTC)
Received: from skroderider.denisbider.com (skroderider.denisbider.com [50.18.172.175]) (using TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id 358BA84CED for <ietf-ssh@NetBSD.org>; Mon, 27 Mar 2017 21:18:08 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=denisbider.com; s=mail; h=from:subject:date:message-id:to:mime-version:content-type:in-reply-to: references; bh=6Lyj/Vnt2hn+rhMWDNERNQ9h5jq1tU2kqpB99QxJMi0=; b=l4rOnAI1k5/Z1ZDwqnNx2qAj0216Ahz1/MF4cViRZDzhe6ASSd2Jx4KH37IrssPe2CUwxetwUea7B EOic7Wz6erxBmbGl3n88lEfOfVoeFfgZZirnIfcAbdjb/quH8k9msJMyb3imvpYxGyp75qMEEin93V OHdQ4ozLO9HAJ52v8ljDc54KFlT/KJI07SCx3BfX/BufOupviro2F12LOvkH6g7j0l5wSYgNhoNYHm 32dYDIfsayDL2OnrIxfWgaWSYVATCHjo8931X28d+cTGx2VWvhdDaw4Wzjkh9ndat4YUU0BI3fSS4O /6rqKHobAZyyxhKRUOGPerbc1G575xg==
X-Footer: ZGVuaXNiaWRlci5jb20=
Received: from localhost ([127.0.0.1]) by skroderider.denisbider.com with ESMTPSA (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)); Mon, 27 Mar 2017 22:17:55 +0100
Message-ID: <BE0AC8D434BC4010842179F29664E7A7@Khan>
From: "denis bider (Bitvise)" <ietf-ssh3@denisbider.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, Mouse <mouse@Rodents-Montreal.ORG>, ietf-ssh@NetBSD.org
References: <2216143EDEE342A3A5C9BB786F7FEF7A@Khan> <201703231224.IAA22091@Stone.Rodents-Montreal.ORG><589D55C2CF5942E9910482788CBDB445@Khan> <201703260243.WAA05983@Stone.Rodents-Montreal.ORG>, <B27F1BAE8F974449B6EE8B7DF50ED3A9@Khan> <1490595711031.1686@cs.auckland.ac.nz>
In-Reply-To: <1490595711031.1686@cs.auckland.ac.nz>
Subject: Re: Fixing exchange of host keys in the SSH key exchange
Date: Mon, 27 Mar 2017 15:18:10 -0600
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0293_01D2A70D.584954E0"
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3528.331
X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3528.331
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
That sounds like a good idea. I would be interested to follow and participate. The obstacle seems to be getting people together. Those of us who’ve been around for 15 years may be on this mailing list. I’m not sure if this is true for authors of newer implementations, who might benefit from this information most. From: Peter Gutmann Sent: Monday, March 27, 2017 00:21 To: denis bider (Bitvise) ; Mouse ; ietf-ssh@NetBSD.org Subject: Re: Fixing exchange of host keys in the SSH key exchange denis bider (Bitvise) <ietf-ssh3@denisbider.com> writes: >For the most recent example, an older version of a popular library used to >have the "maximum channel packet size" concept completely borked up. For a >channel opened by the remote party, this library would overwrite its own >maximum packet size with the remote one. This caused at least two different >kinds of session-ending problems to arise. It seems like every implementer has stories like this, but no-one can really mention them in public because you don't want to embarrass a particular vendor... would there be any interest in having a private list of email addresses of people to exchange information like this with? That way we could compare notes on necessary fixes that otherwise would need to be rediscovered for each new implementation. Peter.
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… denis bider (Bitvise)
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Fixing exchange of host keys in the SSH key excha… denis bider (Bitvise)
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… denis bider (Bitvise)
- Re: Fixing exchange of host keys in the SSH key e… denis bider (Bitvise)
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… denis bider (Bitvise)
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… denis bider (Bitvise)
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… denis bider (Bitvise)
- Re: Fixing exchange of host keys in the SSH key e… denis bider (Bitvise)
- Implementation-hazards list [was Re: Fixing excha… Mouse
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… denis bider (Bitvise)
- Re: Implementation-hazards list [was Re: Fixing e… Peter Gutmann
- Re: Implementation-hazards list [was Re: Fixing e… Darren Tucker
- Re: Implementation-hazards list [was Re: Fixing e… Mouse
- Re: Implementation-hazards list [was Re: Fixing e… denis bider (Bitvise)
- Re: Implementation-hazards list [was Re: Fixing e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… S.P.Zeidler
- Re: Fixing exchange of host keys in the SSH key e… denis bider (Bitvise)
- Re: Fixing exchange of host keys in the SSH key e… Mouse