IETF Logo Mail Archive

Updated RSA SHA-2 draft / New draft: SSH Extension Negotiation

denis bider <ietf-ssh3@denisbider.com> Sun, 08 November 2015 15:36 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EDBF1B30AB for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sun, 8 Nov 2015 07:36:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.209
X-Spam-Level:
X-Spam-Status: No, score=-4.209 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oMFSh85XRPpB for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sun, 8 Nov 2015 07:36:37 -0800 (PST)
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B14D1B30B6 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Sun, 8 Nov 2015 07:36:37 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id DB82814A15C; Sun, 8 Nov 2015 15:36:36 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: by mail.netbsd.org (Postfix, from userid 1347) id 7E95E14A156; Sun, 8 Nov 2015 15:36:36 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 9DAB414A4B1 for <ietf-ssh@netbsd.org>; Sun, 8 Nov 2015 02:14:52 +0000 (UTC)
X-Virus-Scanned: amavisd-new at NetBSD.org
Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id DK9R6cBkon87 for <ietf-ssh@netbsd.org>; Sun, 8 Nov 2015 02:14:51 +0000 (UTC)
Received: from skroderider.denisbider.com (skroderider.denisbider.com [50.18.172.175]) (using TLSv1.1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id CAC8414A4AF for <ietf-ssh@netbsd.org>; Sun, 8 Nov 2015 02:14:51 +0000 (UTC)
X-Footer: ZGVuaXNiaWRlci5jb20=
Received: from localhost ([127.0.0.1]) by skroderider.denisbider.com for ietf-ssh@netbsd.org; Sun, 8 Nov 2015 02:14:47 +0000
Date: Sun, 08 Nov 2015 02:14:47 +0000
Subject: Updated RSA SHA-2 draft / New draft: SSH Extension Negotiation
X-User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0
Message-ID: <2070897157-568@skroderider.denisbider.com>
X-Priority: 3
Importance: Normal
MIME-Version: 1.0
From: denis bider <ietf-ssh3@denisbider.com>
To: ietf-ssh@netbsd.org
Cc: Jeffrey Hutzelman <jhutz@cmu.edu>, NielsMöller <nisse@lysator.liu.se>, "Mark D. Baushke" <mdb@juniper.net>, stephen.farrell@cs.tcd.ie, jon@siliconcircus.com, djm@mindrot.org, Peter Gutmann <pgut001@cs.auckland.ac.nz>, Max Horn <postbox@quendi.de>
Content-Type: multipart/alternative; boundary="=-3lmUV6PzGmKn6PWxIWqj"
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list

(1) I have uploaded a new version of the RSA SHA-2 draft:

https://tools.ietf.org/html/draft-rsa-dsa-sha2-256-02

Changes:

- Based on feedback from Peter, now again includes rsa-sha2-256 as RECOMMENDED.
- rsa-sha2-512 is now OPTIONAL.
- The signature algorithm discovery method described in -01 is removed. Instead:


(2) I have written a new draft for a general SSH Extension Negotiation mechanism:

https://tools.ietf.org/html/draft-ssh-ext-info-00

Summary:

* Special indicator names are included in KEXINIT to indicate support for this mechanism.

I have looked at alternatives, but:
- libssh handles the KEXINIT reserved field incorrectly (ignores actual value, so key exchange fails if it's not zero)
- I'm hesitant to increase the protocol version number for a change that does not affect security, and does not touch KEXINIT, or affect key exchange
- Fields cannot be added to existing packets without negotiation, due to reasons discussed previously (implementations take a restrictive view of packet formats)

* If both parties indicate support for extension negotiation, the SERVICE_REQUEST and SERVICE_ACCEPT messages are replaced with a new message, SSH_MSG_EXT_INFO.

This is more useful than SERVICE_REQUEST, and saves at least half a round-trip because the server sends EXT_INFO immediately, and does not wait for client.

* The EXT_INFO message contains a list of name-value pairs, each identifying an extension and optional parameters.

* Three extensions are defined upfront:

server-sig-algs: Allows efficient discovery of signature algorithms supported by the server. For public key authentication, the client only needs to wait for the EXT_INFO message sent by the server. This should arrive half a round-trip sooner than SERVICE_ACCEPT. The client can then immediately send a public key authentication request with an appropriate signature method.

client-req-ok: Allows clients to affirm that the server can send a global request (especially an unrecognized global request) without risking the client disconnecting. This should be supported by all clients. It is necessary so that servers can enable active keep-alive, which is not otherwise possible generally because some clients do disconnect when they receive a global request.

no-handbrake: Peter ought to like this. :) A few years late, but this makes window size infinite for both directions in a channel, at the cost of restricting the session to one simultaneous channel. This should help file transfer applications for which the channel flow control in SSH is an impediment, rather than a feature.

If you guys like this, then - if anyone else has an extension they would like to add, now might be the time to define them!

denis

v2.23.0 | Report a Bug | By Email