IETF Logo Mail Archive

Re: [Curdle] [SSH] GSS key exchange methods

Benjamin Kaduk <kaduk@MIT.EDU> Mon, 12 September 2016 16:59 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEC3F1200DF for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Mon, 12 Sep 2016 09:59:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.708
X-Spam-Level:
X-Spam-Status: No, score=-5.708 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.508, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MZAXpMHdbEz1 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Mon, 12 Sep 2016 09:59:19 -0700 (PDT)
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F2B9126FDC for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Mon, 12 Sep 2016 09:59:19 -0700 (PDT)
Received: by mail.netbsd.org (Postfix, from userid 605) id 97A8585EB5; Mon, 12 Sep 2016 16:59:17 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: by mail.netbsd.org (Postfix, from userid 1347) id 4117285EAE; Mon, 12 Sep 2016 16:59:17 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 879ED84CFD for <ietf-ssh@NetBSD.org>; Sun, 11 Sep 2016 18:42:27 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id SdpmPy0wweRZ for <ietf-ssh@netbsd.org>; Sun, 11 Sep 2016 18:42:27 +0000 (UTC)
Received: from dmz-mailsec-scanner-4.mit.edu (dmz-mailsec-scanner-4.mit.edu [18.9.25.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id C566884CF5 for <ietf-ssh@NetBSD.org>; Sun, 11 Sep 2016 18:42:26 +0000 (UTC)
X-AuditID: 1209190f-b0bff7000000371b-e4-57d5a591ab4e
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id 82.DD.14107.195A5D75; Sun, 11 Sep 2016 14:42:25 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id u8BIgO5o002627; Sun, 11 Sep 2016 14:42:25 -0400
Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id u8BIgLPq016616 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 11 Sep 2016 14:42:24 -0400
Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id u8BIgLXR005607; Sun, 11 Sep 2016 14:42:21 -0400 (EDT)
Date: Sun, 11 Sep 2016 14:42:20 -0400 (EDT)
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: "Basney, Jim" <jbasney@illinois.edu>
cc: Curdle <curdle@ietf.org>, "ietf-ssh@NetBSD.org" <ietf-ssh@NetBSD.org>
Subject: Re: [Curdle] [SSH] GSS key exchange methods
In-Reply-To: <D3FABF1A.157F49%jbasney@illinois.edu>
Message-ID: <alpine.GSO.1.10.1609111440500.5272@multics.mit.edu>
References: <D3FABF1A.157F49%jbasney@illinois.edu>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrKIsWRmVeSWpSXmKPExsUixCmqrDtx6dVwg+nHzS22LpzFbPHh3mM2 iyPntB2YPZYs+cnksWjqdiaPhQ97GAOYo7hsUlJzMstSi/TtErgyNt6ILZjMWdF79RJrA+MF 9i5GDg4JAROJb4cLuxi5OIQE2pgkTt1tY4RwNjJKHL10k7mLkRPIOcQkseeLCITdwCixcUcE iM0ioC1x7ehqsBo2ARWJmW82soEMFRHQkOjZqAwSZhbwlPh8cxcLiC0MtGvL/blg5ZwCxhKf n+xjA7F5BRwk5u/rZQRpFRIwkmh8kAMSFhXQkVi9fwoLRImgxMmZT1ggRmpJLJ++jWUCo8As JKlZSFILGJlWMcqm5Fbp5iZm5hSnJusWJyfm5aUW6Zro5WaW6KWmlG5iBIemJP8OxjkN3ocY BTgYlXh4A0KvhguxJpYVV+YeYpTkYFIS5fVfABTiS8pPqcxILM6ILyrNSS0+xCjBwawkwvth PlCONyWxsiq1KB8mJc3BoiTO2zXjQLiQQHpiSWp2ampBahFMVoaDQ0mCd+sSoEbBotT01Iq0 zJwShDQTByfIcB6g4aUgNbzFBYm5xZnpEPlTjIpS4rwMIAkBkERGaR5cLzh17GZSfcUoDvSK MO8VkCoeYNqB634FNJgJaPDTrZdBBpckIqSkGhi36Wu6snh539xqtu5+p0lpoq9d67mZGcFS t76xxFuuYr/qHC53w3rrCn7/+9/cObXrtSY2h9y7+zilsKHDfpZk4/bdP8vyKnf8/7h6S+cP S72zt25VLdnifup70+zlJ3YdTs/yzpJp/WAmPEvrxvKFXZN5Ly3i1jyTcDNrv16sBPPf9Gmt T3SVWIozEg21mIuKEwHSlf2x+AIAAA==
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list

On Sun, 11 Sep 2016, Basney, Jim wrote:

> On 9/10/16, 1:35 AM, denis bider (Bitvise) wrote:
> >Does anyone else second these suggestions?
>
> I do. Science projects like ligo.org and xsede.org rely on RFC 4462 SSH
> GSS-API Key Exchange using multiple GSS mechanisms including X.509 [1],
> SAML [2], and EAP [3]. We use patches [4] that add GSS-API Key Exchange
> support to OpenSSH, and we'd update the patches to support new GSS-API Key
> Exchange methods.

Do note that Simon is no longer actively maintaining those patchsets; I
believe the best place to send updates is a pull request to
https://github.com/gss-openssh/openssh-portable (which is itself a bit
under-loved), though I would be happy to hear that there is an alternate
home for such patches.

-Ben

> Regards,
> Jim
>
> [1] https://github.com/globus/gsi-openssh
> [2] https://github.com/fedushare/mech_saml_ec
> [3] https://wiki.moonshot.ja.net/display/Moonshot/Source+Access
> [4] http://www.sxw.org.uk/computing/patches/openssh
>
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle
>

v2.8.7 | Report a Bug | By Email