Re: drasft-green--secsh-ecc-08 support for certificates
Jeffrey Hutzelman <jhutz@cmu.edu> Fri, 19 June 2009 21:29 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@core3.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 288FB3A6C2A for <ietfarch-secsh-tyoxbijeg7-archive@core3.amsl.com>; Fri, 19 Jun 2009 14:29:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.313
X-Spam-Level:
X-Spam-Status: No, score=-5.313 tagged_above=-999 required=5 tests=[AWL=1.286, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pTQ2bv2CblIG for <ietfarch-secsh-tyoxbijeg7-archive@core3.amsl.com>; Fri, 19 Jun 2009 14:29:08 -0700 (PDT)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe52:9ab6]) by core3.amsl.com (Postfix) with ESMTP id 8AE073A6C43 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Fri, 19 Jun 2009 14:29:00 -0700 (PDT)
Received: by mail.netbsd.org (Postfix, from userid 0) id 1B77263B1DC; Fri, 19 Jun 2009 21:29:07 +0000 (UTC)
Delivered-To: ietf-ssh@NetBSD.org
Received: from jackfruit.srv.cs.cmu.edu (JACKFRUIT.SRV.CS.CMU.EDU [128.2.201.16]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "smtp.srv.cs.cmu.edu", Issuer "CS CA Web 2" (not verified)) by mail.netbsd.org (Postfix) with ESMTPS id 1BD9163B1EF for <ietf-ssh@NetBSD.org>; Fri, 19 Jun 2009 21:29:03 +0000 (UTC)
Received: from [192.168.1.109] (SIRIUS.FAC.CS.CMU.EDU [128.2.216.216]) (authenticated bits=0) by jackfruit.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id n5JLT0Id003030 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 19 Jun 2009 17:29:01 -0400 (EDT)
Date: Fri, 19 Jun 2009 17:28:58 -0400
From: Jeffrey Hutzelman <jhutz@cmu.edu>
To: Douglas Stebila <douglas@stebila.ca>, "Igoe, Kevin M." <kmigoe@nsa.gov>
cc: ietf-ssh@NetBSD.org, jhutz@cmu.edu
Subject: Re: drasft-green--secsh-ecc-08 support for certificates
Message-ID: <C2A5EDCCA2C4EBD4B14195DF@atlantis.pc.cs.cmu.edu>
In-Reply-To: <BF0E1227-4F05-44EA-9CFA-89E4799A3996@stebila.ca>
References: <80F9AC969A517A4DA0DE3E7CF74CC1BB03495B@MSIS-GH1-UEA06.corp.nsa.gov> <BF0E1227-4F05-44EA-9CFA-89E4799A3996@stebila.ca>
X-Mailer: Mulberry/4.0.8 (Linux/x86)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Scanned-By: mimedefang-cmuscs on 128.2.201.16
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh
Precedence: list
--On Friday, June 19, 2009 09:12:56 AM +1000 Douglas Stebila <douglas@stebila.ca> wrote: >> > Public key algorithms are defined in the transport layer >> > specification [SSH-TRANS]. The 'public key blob' may contain >> > certificates. >> I've been assuming that the K_S string can, like the "public key >> Blob" string, contain a certificate. Do you concur with that >> interpretaiion? I'm concerned you might be misinterpreting the language in the transport and userauth documents. When the userauth document says "The 'public key block' may contain certificates", it doesn't mean that it is permissible to send a certificate instead of a public key. What it means is that for some SSH public key algorithms, the specified public key format may include or permit use of a certificate. Implementations of key-exchange methods and public-key userauth must send public keys in the format specified for the SSH public key algorithm in use; anything else is not in compliance with the protocol and will not interoperate. In particular, if you "require the use of certificates...", then at least for the existing ssh-rsa and ssh-dsa public key algorithms, and for the ECDSA algorithm specified in the present draft, you are requiring noncompliance with the protocol specification. Now, this could be worked around by defining new public key algorithms whose public key format allows the use of certificates. Some work was done on this before the working group concluded, but it never went very far due to lack of sufficient interest to get it done. Note that even if such new algorithms were to be defined, either by the IETF or by another party, they would likely not be as widely deployed as the current algorithms. Perhaps more importantly, requiring the use of certificates means requiring a mode of operation that is inconsistent with the way people deploy and use SSH in real life. Much use of SSH depends on the "leap of faith" model to avoid the need for pre-established PKI, and a standard which prohibited that mode of operation would make SSH considerably less useful for anyone required to comply. I suggest considering these issues very carefully before introducing such a requirement. -- Jeff
- Re: drasft-green--secsh-ecc-08 support for certif… Jeffrey Hutzelman
- Re: drasft-green--secsh-ecc-08 support for certif… Douglas Stebila
- RE: drasft-green--secsh-ecc-08 support for certif… Igoe, Kevin M.
- Re: drasft-green--secsh-ecc-08 support for certif… Nicolas Williams
- Re: drasft-green--secsh-ecc-08 support for certif… Jeffrey Hutzelman
- Re: drasft-green--secsh-ecc-08 support for certif… Nicolas Williams
- Re: drasft-green--secsh-ecc-08 support for certif… Nicolas Williams
- Re: drasft-green--secsh-ecc-08 support for certif… Nicolas Williams
- Re: drasft-green--secsh-ecc-08 support for certif… Douglas Stebila
- RE: drasft-green--secsh-ecc-08 support for certif… Igoe, Kevin M.