Re: Updated RSA SHA-2 draft / New draft: SSH Extension Negotiation
Damien Miller <djm@mindrot.org> Tue, 10 November 2015 08:18 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2B1E1A879C for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Tue, 10 Nov 2015 00:18:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n_4UFzLMEMBP for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Tue, 10 Nov 2015 00:18:47 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:4f8:3:7::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 661171A879A for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Tue, 10 Nov 2015 00:18:47 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id E7D5614A2D6; Tue, 10 Nov 2015 08:18:43 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 6C90714A2CE for <ietf-ssh@netbsd.org>; Tue, 10 Nov 2015 08:18:39 +0000 (UTC)
X-Virus-Scanned: amavisd-new at NetBSD.org
Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id kzOMndSqAai3 for <ietf-ssh@netbsd.org>; Tue, 10 Nov 2015 08:18:38 +0000 (UTC)
Received: from newmailhub.uq.edu.au (mailhub1.soe.uq.edu.au [130.102.132.208]) by mail.netbsd.org (Postfix) with ESMTP id 5703E14A2AA for <ietf-ssh@netbsd.org>; Tue, 10 Nov 2015 08:18:38 +0000 (UTC)
Received: from smtp1.soe.uq.edu.au (smtp1.soe.uq.edu.au [10.138.113.40]) by newmailhub.uq.edu.au (8.14.5/8.14.5) with ESMTP id tAA8IGZ8043362; Tue, 10 Nov 2015 18:18:16 +1000
Received: from mailhub.eait.uq.edu.au (hazel.eait.uq.edu.au [130.102.60.17]) by smtp1.soe.uq.edu.au (8.14.5/8.14.5) with ESMTP id tAA8IFBP044224 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 10 Nov 2015 18:18:15 +1000
Received: from natsu.mindrot.org (natsu.mindrot.org [130.102.96.2]) by mailhub.eait.uq.edu.au (8.15.1/8.15.1) with ESMTP id tAA8IBfM006300; Tue, 10 Nov 2015 18:18:12 +1000 (AEST)
Received: by natsu.mindrot.org (Postfix, from userid 1000) id 8C77BA4F2F; Tue, 10 Nov 2015 19:18:11 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1]) by natsu.mindrot.org (Postfix) with ESMTP id 87B59A4F07; Tue, 10 Nov 2015 19:18:11 +1100 (AEDT)
Date: Tue, 10 Nov 2015 19:18:11 +1100
From: Damien Miller <djm@mindrot.org>
To: denis bider <ietf-ssh3@denisbider.com>
cc: ietf-ssh@netbsd.org, Jeffrey Hutzelman <jhutz@cmu.edu>, NielsMöller <nisse@lysator.liu.se>, "Mark D. Baushke" <mdb@juniper.net>, stephen.farrell@cs.tcd.ie, jon@siliconcircus.com, Peter Gutmann <pgut001@cs.auckland.ac.nz>, Max Horn <postbox@quendi.de>
Subject: Re: Updated RSA SHA-2 draft / New draft: SSH Extension Negotiation
In-Reply-To: <2070897157-568@skroderider.denisbider.com>
Message-ID: <alpine.BSO.2.20.1511101833130.8324@natsu.mindrot.org>
References: <2070897157-568@skroderider.denisbider.com>
User-Agent: Alpine 2.20 (BSO 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
X-Scanned-By: MIMEDefang 2.73 on UQ Mailhub
X-Scanned-By: MIMEDefang 2.75 on 130.102.60.17
X-UQ-FilterTime: 1447143497
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
On Sun, 8 Nov 2015, denis bider wrote: > (1) I have uploaded a new version of the RSA SHA-2 draft: > > https://tools.ietf.org/html/draft-rsa-dsa-sha2-256-02 Some feedback on the draft: > 1. Overview and Rationale The DSA bits in here don't seem very relevant. Could I suggest ditching them or putting them in an appendix? > All aspects of the "ssh-rsa" format are kept, including the encoded > string "ssh-rsa", in order to allow users' existing RSA keys to be > used with the new signature formats, without requiring re-encoding, > or affecting already trusted key fingerprints. I can see the argument for keeping "ssh-rsa" as the key name and another name for the revised signature format. I'm not entirely sure about it, I guess because I'm used to there being an identity between key types and signature types in the SSH protocol. > 3. Discovery of signature algorithms supported by servers > > When a public key format can use multiple signature algorithms, it can > be useful for a mechanism to exist which a client can use to discover > signature algorithms accepted by a server for user authentication > without resorting to trial and error in authentication requests. > > Such a mechanism is defined in [SSH-EXT-INFO], which describes general > purpose extension negotiation for SSH, and specifies discovery of > signature algorithms as a usage case. IMO a "publickey2" (or somesuch) method that included a custom failure message to list the supported key types seems like a better way to offer this. > Public Key Algorithm Name Reference Note > rsa-sha2-256 [this document] Section 2 > rsa-sha2-512 [this document] Section 2 As mentioned in my other email, I don't feel super-strongly about naming, but "rsa-pss-sha2-*" seems slightly more descriptive and future-proof. Is it worthwhile to specify a minimum key size for the new signature schemes? -d
- RE: Updated RSA SHA-2 draft / New draft: SSH Exte… Peter Gutmann
- RE: Updated RSA SHA-2 draft / New draft: SSH Exte… Peter Gutmann
- Re: Updated RSA SHA-2 draft / New draft: SSH Exte… Jeffrey Hutzelman
- Experimental server for RSA SHA-2 denis bider
- Re: Updated RSA SHA-2 draft / New draft: SSH Exte… denis bider
- Updated RSA SHA-2 draft / New draft: SSH Extensio… denis bider
- Re: Updated RSA SHA-2 draft / New draft: SSH Exte… denis bider
- Re: Updated RSA SHA-2 draft / New draft: SSH Exte… denis bider
- Re: Updated RSA SHA-2 draft / New draft: SSH Exte… Niels Möller
- Re: Updated RSA SHA-2 draft / New draft: SSH Exte… Niels Möller
- RE: Experimental server for RSA SHA-2 Peter Gutmann
- RE: Updated RSA SHA-2 draft / New draft: SSH Exte… Peter Gutmann
- Re: Updated RSA SHA-2 draft / New draft: SSH Exte… denis bider
- Re: Updated RSA SHA-2 draft / New draft: SSH Exte… denis bider
- Re: Updated RSA SHA-2 draft / New draft: SSH Exte… denis bider
- Re: Updated RSA SHA-2 draft / New draft: SSH Exte… Niels Möller
- RE: Experimental server for RSA SHA-2 Damien Miller
- Re: Updated RSA SHA-2 draft / New draft: SSH Exte… Damien Miller
- RE: Experimental server for RSA SHA-2 Peter Gutmann
- Re: Updated RSA SHA-2 draft / New draft: SSH Exte… Mark D. Baushke
- RE: Experimental server for RSA SHA-2 Damien Miller
- RE: Experimental server for RSA SHA-2 Peter Gutmann
- Re: Experimental server for RSA SHA-2 t.petch
- Re: Updated RSA SHA-2 draft / New draft: SSH Exte… denis bider
- RE: Updated RSA SHA-2 draft / New draft: SSH Exte… Peter Gutmann
- Re: Updated RSA SHA-2 draft / New draft: SSH Exte… denis bider
- Re: Updated RSA SHA-2 draft / New draft: SSH Exte… denis bider
- Re: Updated RSA SHA-2 draft / New draft: SSH Exte… Niels Möller
- Re: Updated RSA SHA-2 draft / New draft: SSH Exte… Niels Möller
- Re: Updated RSA SHA-2 draft / New draft: SSH Exte… denis bider
- Re: Updated RSA SHA-2 draft / New draft: SSH Exte… denis bider
- Re: Updated RSA SHA-2 draft / New draft: SSH Exte… denis bider
- Re: Updated RSA SHA-2 draft / New draft: SSH Exte… denis bider
- Re: Updated RSA SHA-2 draft / New draft: SSH Exte… Niels Möller
- Re: Updated RSA SHA-2 draft / New draft: SSH Exte… Niels Möller
- Re: Updated RSA SHA-2 draft / New draft: SSH Exte… Niels Möller
- Re: Updated RSA SHA-2 draft / New draft: SSH Exte… denis bider