IETF Logo Mail Archive

Re: Fixing exchange of host keys in the SSH key exchange

"denis bider \(Bitvise\)" <ietf-ssh3@denisbider.com> Tue, 28 March 2017 05:38 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72BAB1293E1 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Mon, 27 Mar 2017 22:38:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=denisbider.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fT5MH073jyeF for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Mon, 27 Mar 2017 22:37:58 -0700 (PDT)
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3366B128D44 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Mon, 27 Mar 2017 22:37:54 -0700 (PDT)
Received: by mail.netbsd.org (Postfix, from userid 605) id 5C4DD855DA; Tue, 28 Mar 2017 05:37:43 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: by mail.netbsd.org (Postfix, from userid 1347) id 07FE48561F; Tue, 28 Mar 2017 05:37:43 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id D16348556B for <ietf-ssh@NetBSD.org>; Mon, 27 Mar 2017 21:18:08 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (2048-bit key) header.d=denisbider.com
Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id EhT0UnPRFwLK for <ietf-ssh@netbsd.org>; Mon, 27 Mar 2017 21:18:08 +0000 (UTC)
Received: from skroderider.denisbider.com (skroderider.denisbider.com [50.18.172.175]) (using TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id 358BA84CED for <ietf-ssh@NetBSD.org>; Mon, 27 Mar 2017 21:18:08 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=denisbider.com; s=mail; h=from:subject:date:message-id:to:mime-version:content-type:in-reply-to: references; bh=6Lyj/Vnt2hn+rhMWDNERNQ9h5jq1tU2kqpB99QxJMi0=; b=l4rOnAI1k5/Z1ZDwqnNx2qAj0216Ahz1/MF4cViRZDzhe6ASSd2Jx4KH37IrssPe2CUwxetwUea7B EOic7Wz6erxBmbGl3n88lEfOfVoeFfgZZirnIfcAbdjb/quH8k9msJMyb3imvpYxGyp75qMEEin93V OHdQ4ozLO9HAJ52v8ljDc54KFlT/KJI07SCx3BfX/BufOupviro2F12LOvkH6g7j0l5wSYgNhoNYHm 32dYDIfsayDL2OnrIxfWgaWSYVATCHjo8931X28d+cTGx2VWvhdDaw4Wzjkh9ndat4YUU0BI3fSS4O /6rqKHobAZyyxhKRUOGPerbc1G575xg==
X-Footer: ZGVuaXNiaWRlci5jb20=
Received: from localhost ([127.0.0.1]) by skroderider.denisbider.com with ESMTPSA (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)); Mon, 27 Mar 2017 22:17:55 +0100
Message-ID: <BE0AC8D434BC4010842179F29664E7A7@Khan>
From: "denis bider (Bitvise)" <ietf-ssh3@denisbider.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, Mouse <mouse@Rodents-Montreal.ORG>, ietf-ssh@NetBSD.org
References: <2216143EDEE342A3A5C9BB786F7FEF7A@Khan> <201703231224.IAA22091@Stone.Rodents-Montreal.ORG><589D55C2CF5942E9910482788CBDB445@Khan> <201703260243.WAA05983@Stone.Rodents-Montreal.ORG>, <B27F1BAE8F974449B6EE8B7DF50ED3A9@Khan> <1490595711031.1686@cs.auckland.ac.nz>
In-Reply-To: <1490595711031.1686@cs.auckland.ac.nz>
Subject: Re: Fixing exchange of host keys in the SSH key exchange
Date: Mon, 27 Mar 2017 15:18:10 -0600
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0293_01D2A70D.584954E0"
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3528.331
X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3528.331
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list

That sounds like a good idea. I would be interested to follow and participate.

The obstacle seems to be getting people together. Those of us who’ve been around for 15 years may be on this mailing list. I’m not sure if this is true for authors of newer implementations, who might benefit from this information most.


From: Peter Gutmann 
Sent: Monday, March 27, 2017 00:21
To: denis bider (Bitvise) ; Mouse ; ietf-ssh@NetBSD.org 
Subject: Re: Fixing exchange of host keys in the SSH key exchange

denis bider (Bitvise) <ietf-ssh3@denisbider.com> writes:

>For the most recent example, an older version of a popular library used to
>have the "maximum channel packet size" concept completely borked up. For a
>channel opened by the remote party, this library would overwrite its own
>maximum packet size with the remote one. This caused at least two different
>kinds of session-ending problems to arise.

It seems like every implementer has stories like this, but no-one can really
mention them in public because you don't want to embarrass a particular
vendor... would there be any interest in having a private list of email
addresses of people to exchange information like this with?  That way we could
compare notes on necessary fixes that otherwise would need to be rediscovered
for each new implementation.

Peter.

v2.23.0 | Report a Bug | By Email