Re: Fixing exchange of host keys in the SSH key exchange

"denis bider \(Bitvise\)" <ietf-ssh3@denisbider.com> Sat, 08 April 2017 16:48 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D32FC12943B for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sat, 8 Apr 2017 09:48:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.19
X-Spam-Level:
X-Spam-Status: No, score=-2.19 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (body has been altered)" header.d=denisbider.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QHlpj8tkPSqg for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sat, 8 Apr 2017 09:48:06 -0700 (PDT)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:470:a085:999::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2279128D3E for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Sat, 8 Apr 2017 09:48:06 -0700 (PDT)
Received: by mail.netbsd.org (Postfix, from userid 605) id D363F84DBF; Sat, 8 Apr 2017 16:48:05 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: by mail.netbsd.org (Postfix, from userid 1347) id 8013D84DCA; Sat, 8 Apr 2017 16:48:05 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id E1A1E84DBA for <ietf-ssh@NetBSD.org>; Sat, 8 Apr 2017 11:00:45 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (2048-bit key) header.d=denisbider.com
Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id Bn1rXX8NqPX3 for <ietf-ssh@netbsd.org>; Sat, 8 Apr 2017 11:00:45 +0000 (UTC)
Received: from skroderider.denisbider.com (skroderider.denisbider.com [50.18.172.175]) (using TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id 4413F84DB5 for <ietf-ssh@NetBSD.org>; Sat, 8 Apr 2017 11:00:45 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=denisbider.com; s=mail; h=from:subject:date:message-id:to:mime-version:content-type:in-reply-to: references; bh=RkpXSyBSwHhbHwVUwDCT7PqYdIHAyWcKA+o+eYSl/0c=; b=HyIBZuN8Bpq5Lo/dQFhXUiVvX4tjy3EQTYo4z33Mk1y10yMr1AcLQAe/HJF3xsGg2psLNxCaObiFL USUwq/o+rqFzPVG4W2jzeqUjYh1KGJIsqPxzNNBTi3l9k1aY9VhV9izCsfSjCF5BAnZl2pSNF2QXtV QsYVAjc0KeiP64OzpPv6Qp1COGctUl2hjQzKjGx+cFLTJkd06jwTNdwlSXwYZsDYd0AB11yanDaLIs J9W7M28VqT6iEuPtpl3x5Rg8ZkhmXaMrp2IvaJWTOnZagrMX0ppNwTy0GidueBIJ8EDhNUqR3DOkjW FfL5s3YebmN+i0alKhmTLb6qzig2wEg==
X-Footer: ZGVuaXNiaWRlci5jb20=
Received: from localhost ([127.0.0.1]) by skroderider.denisbider.com with ESMTPSA (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)); Sat, 8 Apr 2017 12:00:20 +0100
Message-ID: <8B467D57DE1D4B71AA6539977B6F5D0F@Khan>
From: "denis bider \(Bitvise\)" <ietf-ssh3@denisbider.com>
To: "Peter Gutmann" <pgut001@cs.auckland.ac.nz>, "Mouse" <mouse@Rodents-Montreal.ORG>, <ietf-ssh@NetBSD.org>
References: <2216143EDEE342A3A5C9BB786F7FEF7A@Khan> <20170403200250.GB21972@serpens.de><05DC33124D144EC0B39A5BF58C8E3A33@Khan>, <201704071529.LAA27568@Stone.Rodents-Montreal.ORG> <1491623291953.19014@cs.auckland.ac.nz>
In-Reply-To: <1491623291953.19014@cs.auckland.ac.nz>
Subject: Re: Fixing exchange of host keys in the SSH key exchange
Date: Sat, 8 Apr 2017 05:00:31 -0600
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0169_01D2B025.0C6F8780"
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3528.331
X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3528.331
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20ietf-ssh&body=unsubscribe%20ietf-ssh>

Yes – that is my understanding as well.


From: Peter Gutmann 
Sent: Friday, April 7, 2017 21:48
To: Mouse ; ietf-ssh@NetBSD.org 
Subject: Re: Fixing exchange of host keys in the SSH key exchange

Mouse <mouse@Rodents-Montreal.ORG> writes:

>They say, when describing hostkeys-00@openssh.com and hostkeys-
>prove-00@openssh.comcom, that "[i]t also supports graceful key rotation: a
>server may offer multiple keys of the same type for a period (to give clients
>an opportunity to learn them using this extension) before removing the
>deprecated key from those offered".
>
>I cannot see how this is even possible, at least not without a custom kex
>algorithm. With, for example, Diffie-Hellman as defined in 4253 section 8,
>the server presents only one host key to the client, and must choose which
>one to present before kex (and thus authentication) completes.  This then
>gives no room to "offer multiple keys of the same type".

I assumed the offered keys are via "hostkeys-00@openssh.com".com", not in the
keyex.  As the text says, it offers those for awhile, then when it seems all
clients have got a copy it switches the keyex from the old to the new key.

Peter.