Re: Binary packet protocol rethink (was: Re: ChaCha20-Poly1305 for SSH)
"Mark D. Baushke" <mdb@juniper.net> Sun, 29 November 2015 17:58 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A877F1B2B70 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sun, 29 Nov 2015 09:58:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.485
X-Spam-Level:
X-Spam-Status: No, score=-2.485 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.585] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ayOVOFjiffTy for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sun, 29 Nov 2015 09:58:30 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:4f8:3:7::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE1691B2B6F for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Sun, 29 Nov 2015 09:58:29 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id 6DF2114A3A9; Sun, 29 Nov 2015 17:58:27 +0000 (UTC)
Delivered-To: ietf-ssh@NetBSD.org
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id A4D6B14A3A4 for <ietf-ssh@NetBSD.org>; Sun, 29 Nov 2015 17:58:22 +0000 (UTC)
X-Virus-Scanned: amavisd-new at NetBSD.org
Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id sx0hc9pN3Xyt for <ietf-ssh@NetBSD.org>; Sun, 29 Nov 2015 17:58:22 +0000 (UTC)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0765.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:765]) by mail.netbsd.org (Postfix) with ESMTP id 7D7D214A3A1 for <ietf-ssh@NetBSD.org>; Sun, 29 Nov 2015 17:58:20 +0000 (UTC)
Received: from BY2PR05CA039.namprd05.prod.outlook.com (10.141.250.29) by BY2PR0501MB1670.namprd05.prod.outlook.com (10.163.154.148) with Microsoft SMTP Server (TLS) id 15.1.331.20; Sun, 29 Nov 2015 17:58:08 +0000
Received: from BL2FFO11FD029.protection.gbl (2a01:111:f400:7c09::134) by BY2PR05CA039.outlook.office365.com (2a01:111:e400:2c5f::29) with Microsoft SMTP Server (TLS) id 15.1.331.20 via Frontend Transport; Sun, 29 Nov 2015 17:58:08 +0000
Authentication-Results: spf=softfail (sender IP is 66.129.241.18) smtp.mailfrom=juniper.net; lysator.liu.se; dkim=none (message not signed) header.d=none; lysator.liu.se; dmarc=none action=none header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.241.18 as permitted sender)
Received: from p-emfe01b-sac.jnpr.net (66.129.241.18) by BL2FFO11FD029.mail.protection.outlook.com (10.173.160.69) with Microsoft SMTP Server (TLS) id 15.1.331.11 via Frontend Transport; Sun, 29 Nov 2015 17:58:07 +0000
Received: from magenta.juniper.net (172.17.27.123) by p-emfe01b-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Sun, 29 Nov 2015 08:57:17 -0800
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by magenta.juniper.net (8.11.3/8.11.3) with ESMTP id tATGvED38238; Sun, 29 Nov 2015 08:57:14 -0800 (PST) (envelope-from mdb@juniper.net)
Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id 1CD2A11446; Sun, 29 Nov 2015 08:57:14 -0800 (PST)
To: Damien Miller <djm@mindrot.org>
CC: Simon Tatham <anakin@pobox.com>, Niels Möller <nisse@lysator.liu.se>, Simon Josefsson <simon@josefsson.org>, ietf-ssh@NetBSD.org
Subject: Re: Binary packet protocol rethink (was: Re: ChaCha20-Poly1305 for SSH)
In-Reply-To: <alpine.BSO.2.20.1511292242300.12629@natsu.mindrot.org>
References: <87egfdxebo.fsf@latte.josefsson.org> <87egfdxebo.fsf@latte.josefsson.org> <nny4dksr3i.fsf@armitage.lysator.liu.se> <1448554180-sup-7145@atreus.tartarus.org> <alpine.BSO.2.20.1511292242300.12629@natsu.mindrot.org>
Comments: In-reply-to: Damien Miller <djm@mindrot.org> message dated "Sun, 29 Nov 2015 22:48:48 +1100."
From: "Mark D. Baushke" <mdb@juniper.net>
Date: Sun, 29 Nov 2015 08:57:14 -0800
Message-ID: <46776.1448816234@eng-mail01.juniper.net>
MIME-Version: 1.0
Content-Type: text/plain
X-EOPAttributedMessage: 0
X-Microsoft-Exchange-Diagnostics: 1; BL2FFO11FD029; 1:uVZTG8lnKayHvfl6xwxzSr6zWAVDoJ+kTOg6fP2hvskON75cS1AsKQ6/rKkbsCu9Slv8SwCXSVIm0ldF6KGDgY5l+KzxVxK0P1GKLcKKUxr+UIxidJj+yRY6K7Ngr5c0bL5gUtaKDvGotXlgq0VLFhNnl4uWxgkI0tS7HgBdDrajYqI9lgU2isXJO+fqJAlpkZ7xRBkGHt4WzFAhgdrp5UeqxHbhNjkNZvTb3B/axLz6lZaHxx1SRl8RDq9AjdL/HlR2KSidshZlZ+cwPVGYVn/mVzH3R9a7IfWGALZBso+mLFiUTOZ7sKCCTfjLbMDA7esgoD1poYwbieYYVacJaBLqUalywe8vfpN5jtzQxXZjmsP5LfdFC52nE+xa7DM1ovvGkpFX+FnM1nFfHKjUQzFDO2omfraPVuYDGwFtq/2T3VYq/FwNnkQh+NkSojI5
X-Forefront-Antispam-Report: CIP:66.129.241.18; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(2980300002)(199003)(189002)(50466002)(105596002)(76176999)(106466001)(11100500001)(87936001)(189998001)(1096002)(5003600100002)(5003940100001)(586003)(50986999)(54356999)(47776003)(53416004)(86362001)(48376002)(1220700001)(76506005)(97736004)(81156007)(6806005)(77096005)(93886004)(92566002)(19580405001)(2950100001)(110136002)(69596002)(5001960100002)(117636001)(19580395003)(7059030)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR0501MB1670; H:p-emfe01b-sac.jnpr.net; FPR:; SPF:SoftFail; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; BY2PR0501MB1670; 2:ACusnadA2UnIHc7AhvHRQbK+e1wBcnAaUehXy7TkRG9hKbNMGeSrpqzO0TeT9kQi8pwJS3Me5d0Sz/AASqgCxclrTmFhm8RbrvaPyt5xz9zhP7o7uA4BRCwmWeo7UkJxZVytolPrKzEbB0uT+gAfYg==; 3:cm+RCJ1eaoiVjNzpyPcjkoQ4/gcK0C/wdBccdvw1eoF2DgBA+oTgLNQl7Uc47yKBTzzop2Kt1HIQ1w2UQ9/uZXl3KhSClKEfSEeKUj9XbFIvc5KQp7X9LofkfGg5gl1mvi7LoxKETe5o8J78WAKG5zQMRFvy4BdoswgvGwk+Uj4nBHXWoHrma9CXGyZF1k/Ask8Y7H60JGO+pRZNhaVQHZZYUpRSRyIJ8yQn7QERsI4=; 25:f91jpi1+hJWrRXwj/e4959/QhQmOUHLKU0yOOV61Pv3OZ4qJIyxJuy4gYXhebuKJvc+3rCzvGacAwMW92tx2ywynn6Bkn5h9RkaokrVm4BQDZ5i2fflMBrgC/3bN864gJYc5BsOheYE7AbynCeK4YPbS64tCAmw2i5Up9oxUy8WBh9mQ4tU4c4pm7qSB3yUhpDeiGvF5Ve7/QvsqHqNsro7LPVsGZoG+jDE0x9IsL2DtgcsegwL7uSVHTYmtHCUr
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR0501MB1670;
X-Microsoft-Exchange-Diagnostics: 1; BY2PR0501MB1670; 20:5dwol1/2+ohn4SbfYGYaOXcHv5VysSa2juQO0b00rYayAuFWzCCzvndocRay2zC/dV0jzl9LQ2QjeGAHnz7fdTpmWOFWWw1hFpuQCsAkeWn/RHEaXz3xu5c7vVITyW/vR2k7v3Eh25QeHKuzIfcZxh41clmbpug3hYQLBdtPHg6zqzO3DG4BG7QFqzLMldfcpjYodHlIy1pmSa+/WJV5OkOYuexp1bEUjOgypMRqgCYUtUgT4iRnSB3+qqFYZWvjSLy+vVdblkJA9JNrJ5jHuObdwCpB7bjC3dBZ4Z3uMPi180D6Q1RGm15Ie6+9x/set+DWrisMWNRIxVirzOrRDx3JlDNzlTszAi+k8GVWvkHOlWAHePhGvLzoQ4+5kAjgkbwkxyI5MhWGc2tBSqIGaQOsSNcMS5aut/pWKwo4rGMoTaMxF0JakJZ5xY09f57rlcf13YaCyxIzNgjaah8u6fpSaqLat5CvzjBmDEsP8ODIqoJp/O0DqFUgCBwBy2y8; 4:7AaOItTEAHgR/S3CnxbZ8GckPk0H2xC2KWyML4i/JNGX7syDkVCfD9U34l8muzRLQDzGTOAJwkHkdEa2tuKm5TMArdvGaEWqCUV+++bHAXkOVJsFROrxnQKrI6BZzjDY7zoxY8vi9wWGSqTUyf+Rq07ENfMRsO+zFVx/KKFBFg+E/9huea+QnTzCn5lfRXTfrpvqs69UpJL6AJ8puU4pB0iMJyX4UxHK9ZlOa7jAN5CeruxQhV+l4d8Tew27Q/EiwehcIpSaWIq1ollfE0y7AjVo5l0wcr86L8Xa59a/Fe+GqSejLoaITJS9t7RIFbfnKGWMVI4sc8KOg/ek6A6EX7UFhrfU5sK1SB8fyUivbp94tqqNU6EnCqadwS07gPfg
X-Microsoft-Antispam-PRVS: <BY2PR0501MB167050D3082FE02985A847A0BF010@BY2PR0501MB1670.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401047)(5005006)(520078)(8121501046)(10201501046)(3002001); SRVR:BY2PR0501MB1670; BCL:0; PCL:0; RULEID:; SRVR:BY2PR0501MB1670;
X-Forefront-PRVS: 0775716B9D
X-Microsoft-Exchange-Diagnostics: 1; BY2PR0501MB1670; 23:BcKDT8OIP5EmUO9yZT1xJxjm/m0jrcr+iW4/+RGQk3R60zhFzZnVUBLP6Qv+jSWRFmmijVup0y5ed4ONI1jUZnamej3w8WWirTU6x45CmoJXirn4kH4zMS9OZQy/ha5SRN0L66I3qJ7EDwHmDWNbsnNkHCUsZxNnryIsgMPlRRLaRE8DMDZb7uzb9ev+7BjV4CPR1l8M2p+oER2py7SA3/B+2c+L+k5cIfiIeDFT2LbxtGzK/K30WVQEU39dXD7b/MUfS0OlpggA55SacaKoA6adSgdwGeECjbtnwBoB8uaDo6kd2Pz+S72Zly69MWth2RHwVtaABGuZ90VhsEQ9SakgIALK2fUohLx7pa+KZSBqnnb2bvIc/Rc07/fjjGtV9fVgumsSEMzuJEc7FApFTsopPFiTokreDGuRVKu1C7iyOzr/nfZwitlZ9Ozo1ox0YqZNSgolCnQTT3Nj5IUF2k6Xnuz1NXy3oXtjA1IsbVjwZ1pkfSOJj4qqEIiGny0ILA3vkn8gpnRWSG5oEnllRbw91xbAAGysgSz3fY/82KDRAeLuHJvMofZWR7rPMykFFrqByClfSiIm0puA8IYxPbOF/YG97Z23Sh/xjvOeBgZ98Wj3FmTGtHFVC2poADroGG7uZ4tkgQJweumaPkotuCy4G7CeSGBiKPoFk5fjkstVsfRQE14B3jCwpaenUGgAf6ELb25/ACzNKWDLh28RkBU25odqDpRIV2/3Nq+HLnaS9yz6SiN/u+TI5cCS/LUU1dbzZ9N/lh2dWFWJrDAO8cR+90bJH88rMj62l+g4uOAsfrrx+oMCWFOPn2IPbaLaNwiEcSw4xlRKnL+q89N9/++HbTgpvujzAXBXW9I/lpIPPLOL9A8PgZM/K5r7LDMWQxYQkL9mGwWZ3xnpNQvTApOi/K1fgxRKxUd+lXDgNkAzkeGop+zWXCcnSTVm8PWBZhKsxGS36UqqkSnS+orLTQWsypSL0hcd+n5bF5BXnYPxb3U4zy7LKza7lCXaSriU
X-Microsoft-Exchange-Diagnostics: 1; BY2PR0501MB1670; 5:Uz3C27wYlNSBAa9dfT0n5M5EkPulrCT4aPnLS8HD3eo4YPvz667Pp/RgcJwgW1vbyaab0uMiMcocQGE8uM2Yr3J8dD478Ir0MKNO1zMXdkGOLsRD3j//9HWnZIHuM+gGQLb9x9Y4w+umQwVKTLfn1Q==; 24:kjKHJAY0f0+AUo+g5KanpEWUQnLCPc0l9EwXr7QT+u/nLcL1QoqpY+XXoUulNisTI1vJSGrpyO9piY0gKpUZtwo4WC9D2M4CDMfWJ426870=
SpamDiagnosticOutput: 1:23
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Nov 2015 17:58:07.2258 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.241.18]; Helo=[p-emfe01b-sac.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR0501MB1670
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
Damien Miller <djm@mindrot.org> writes: > While we're dropping wishlist items for SSH v.3, here's one of mine: > > Key exchange negotiates an AEAD rather than a cipher and a MAC > separately, and does so from a greatly trimmed set of options. E.g. > AES-GCM, chacha20+poly1305 and an AES-CTR+HMAC mode. +1 This would be useful. -- Mark
- ChaCha20-Poly1305 for SSH Simon Josefsson
- Re: ChaCha20-Poly1305 for SSH Niels Möller
- Re: Binary packet protocol rethink Niels Möller
- Binary packet protocol rethink (was: Re: ChaCha20… Simon Tatham
- Re: Binary packet protocol rethink Simon Josefsson
- RE: Binary packet protocol rethink (was: Re: ChaC… Peter Gutmann
- RE: Binary packet protocol rethink (was: Re: ChaC… Damien Miller
- Re: ChaCha20-Poly1305 for SSH Damien Miller
- Re: Binary packet protocol rethink (was: Re: ChaC… Damien Miller
- Re: Binary packet protocol rethink (was: Re: ChaC… Mark D. Baushke
- Re: ChaCha20-Poly1305 for SSH Niels Möller
- RE: Binary packet protocol rethink (was: Re: ChaC… Peter Gutmann
- Re: Binary packet protocol rethink Niels Möller
- RE: Binary packet protocol rethink Peter Gutmann
- RE: Binary packet protocol rethink Simon Tatham
- Re: Binary packet protocol rethink (was: Re: ChaC… Simon Josefsson
- Re: Binary packet protocol rethink Niels Möller
- Re: Binary packet protocol rethink Niels Möller
- Re: Binary packet protocol rethink Niels Möller
- Re: Binary packet protocol rethink Bryan Ford
- Re: Binary packet protocol rethink Bryan Ford
- RE: Binary packet protocol rethink Peter Gutmann
- RE: Binary packet protocol rethink Peter Gutmann
- Re: Binary packet protocol rethink Niels Möller
- Re: Binary packet protocol rethink Niels Möller
- RE: Binary packet protocol rethink Peter Gutmann
- Re: Binary packet protocol rethink Bryan Ford
- Re: ChaCha20-Poly1305 for SSH Stefan Bühler
- Re: ChaCha20-Poly1305 for SSH Niels Möller
- Re: ChaCha20-Poly1305 for SSH Stefan Bühler
- Re: ChaCha20-Poly1305 for SSH Niels Möller
- Re: ChaCha20-Poly1305 for SSH Damien Miller
- Re: ChaCha20-Poly1305 for SSH Stefan Bühler
- Re: ChaCha20-Poly1305 for SSH Damien Miller