RE: Feedback on draft-ssh-ext-info-00
Peter Gutmann <pgut001@cs.auckland.ac.nz> Sat, 05 December 2015 23:42 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 448491AC3F5 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sat, 5 Dec 2015 15:42:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f6JW-6bul01U for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sat, 5 Dec 2015 15:42:37 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:470:a085:999::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FB3D1AC3F2 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Sat, 5 Dec 2015 15:42:37 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id 6A50B85F08; Sat, 5 Dec 2015 23:42:36 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 7590D85EFC for <ietf-ssh@netbsd.org>; Sat, 5 Dec 2015 23:42:34 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id XcAzKiDVcTY1 for <ietf-ssh@netbsd.org>; Sat, 5 Dec 2015 23:42:33 +0000 (UTC)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id 2329785E57 for <ietf-ssh@netbsd.org>; Sat, 5 Dec 2015 23:42:32 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1449358953; x=1480894953; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=Fi4svz4FhEH3Zkbs1PIjXe+O+hN+NojVeAgtqsFR95U=; b=WzxC/4I6NjyiiI4SvXwWdi91v+kp6QOPaG0nOI405A1oBoZwBwrtgup6 5oVP1bKJAeZymelAVowYwek4/l9q2YhfKFzCg+KvTPKJF6D2xOnOs0dgN u/2Y3BBox7dTiHEuglJgKVvmt/thTgzwNafP0pJWsju2W2W8U8SV6VCdY QGdlmuPVz1OX4H6svF2nmEqVtO92/ND17ivHqHYoRUzn4+O8IBov41dgR EzNcwsZR678yD/wyy0ThcUBhAJjogGzjCD5HsCbHPmldqZ8bbCZjezjw/ XuaHf9cYOcu3hJQWhKYR8fQJY94q+agyhgXjJRJwfxngZAyoMM2doH2o8 g==;
X-IronPort-AV: E=Sophos;i="5.20,387,1444647600"; d="scan'208";a="57771440"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.125 - Outgoing - Outgoing
Received: from uxchange10-fe3.uoa.auckland.ac.nz ([130.216.4.125]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 06 Dec 2015 12:42:31 +1300
Received: from UXCN10-5.UoA.auckland.ac.nz ([169.254.5.153]) by uxchange10-fe3.UoA.auckland.ac.nz ([169.254.143.234]) with mapi id 14.03.0266.001; Sun, 6 Dec 2015 12:42:31 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Damien Miller <djm@mindrot.org>, denis bider <ietf-ssh3@denisbider.com>
CC: Markus Friedl <mfriedl@gmail.com>, "ietf-ssh@netbsd.org" <ietf-ssh@netbsd.org>
Subject: RE: Feedback on draft-ssh-ext-info-00
Thread-Topic: Feedback on draft-ssh-ext-info-00
Thread-Index: AQHRLX0POk6t5sv1I0ywABy5Xd0b7J63yusAgAVHG+k=
Date: Sat, 05 Dec 2015 23:42:30 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4B9B382@uxcn10-5.UoA.auckland.ac.nz>
References: <1642890958-3540@skroderider.denisbider.com>, <alpine.BSO.2.20.1512031456190.12629@natsu.mindrot.org>
In-Reply-To: <alpine.BSO.2.20.1512031456190.12629@natsu.mindrot.org>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
Damien Miller <djm@mindrot.org> writes: >I'll repeat my opinion: an extension mechanism is not the place to >fundamentally retcon parts of the protocol. Why not? I would have thought that's what it was there for. TLS has been using extensions to fix protocol problems for years without any real problems. Taking one case that I'm pretty familiar with, the encrypt-then-MAC extension, the impact was very minimal, you add an entry to an extension en/decoding table, and then have a boolean flag to swap the order of calls to encrypt and MAC routines. It was, I dunno, maybe a dozen lines of code and a hour's work to fix a problem that had been plagueing the protocol for at least fifteen years. It's a really easy way to fix issues in the protocol, I just wish SSH had had an extension mechanism of the kind that Denis is working on a long time ago. Peter.
- Feedback on draft-ssh-ext-info-00 Damien Miller
- Re: Feedback on draft-ssh-ext-info-00 Markus Friedl
- RE: Feedback on draft-ssh-ext-info-00 Peter Gutmann
- RE: Feedback on draft-ssh-ext-info-00 Damien Miller
- Re: Feedback on draft-ssh-ext-info-00 Damien Miller
- Re: Feedback on draft-ssh-ext-info-00 Damien Miller
- Re: Feedback on draft-ssh-ext-info-00 Damien Miller
- Re: Feedback on draft-ssh-ext-info-00 Damien Miller
- Re: Feedback on draft-ssh-ext-info-00 Niels Möller
- Re: Feedback on draft-ssh-ext-info-00 Niels Möller
- Re: Feedback on draft-ssh-ext-info-00 Markus Friedl
- Re: Feedback on draft-ssh-ext-info-00 Niels Möller
- Re: Feedback on draft-ssh-ext-info-00 Niels Möller
- RE: Feedback on draft-ssh-ext-info-00 Peter Gutmann
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 Markus Friedl
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 Markus Friedl
- Re: Feedback on draft-ssh-ext-info-00 Markus Friedl
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Updated EXT_INFO draft - draft-ssh-ext-info-02 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 Damien Miller
- RE: Feedback on draft-ssh-ext-info-00 Peter Gutmann
- Re: Feedback on draft-ssh-ext-info-00 Niels Möller
- Re: Feedback on draft-ssh-ext-info-00 Matt Johnston
- Re: Feedback on draft-ssh-ext-info-00 Niels Möller
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Updated EXT_INFO draft - draft-ssh-ext-info-02 Niels Möller
- Re: Feedback on draft-ssh-ext-info-00 Niels Möller