Re: Fixing exchange of host keys in the SSH key exchange
"S.P.Zeidler" <spz@serpens.de> Tue, 04 April 2017 05:18 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF53C124D37 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Mon, 3 Apr 2017 22:18:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aUdt4Ma6okOk for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Mon, 3 Apr 2017 22:18:50 -0700 (PDT)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:470:a085:999::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E2B5124D68 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Mon, 3 Apr 2017 22:18:50 -0700 (PDT)
Received: by mail.netbsd.org (Postfix, from userid 605) id DC5E9855AB; Tue, 4 Apr 2017 05:18:47 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: by mail.netbsd.org (Postfix, from userid 1347) id 972558558D; Tue, 4 Apr 2017 05:18:47 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id B2793855C3 for <ietf-ssh@netbsd.org>; Mon, 3 Apr 2017 20:03:42 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id jiBPlkzqRxcV for <ietf-ssh@netbsd.org>; Mon, 3 Apr 2017 20:03:42 +0000 (UTC)
Received: from serpens.de (serpens.de [195.22.142.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id E219D84CDB for <ietf-ssh@netbsd.org>; Mon, 3 Apr 2017 20:03:40 +0000 (UTC)
Received: from serpens.de (spz@localhost [127.0.0.1]) by serpens.de (8.15.2/8.13.3) with ESMTPS id v33K325L028514 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 3 Apr 2017 22:03:21 +0200 (MEST)
Received: (from spz@localhost) by serpens.de (8.15.2/8.12.11) id v33K2sHZ001940; Mon, 3 Apr 2017 22:02:59 +0200 (MEST)
Date: Mon, 03 Apr 2017 22:02:51 +0200
From: "S.P.Zeidler" <spz@serpens.de>
To: "denis bider (Bitvise)" <ietf-ssh3@denisbider.com>
Cc: ietf-ssh@netbsd.org, djm@mindrot.org, Simon Tatham <anakin@pobox.com>
Subject: Re: Fixing exchange of host keys in the SSH key exchange
Message-ID: <20170403200250.GB21972@serpens.de>
References: <2216143EDEE342A3A5C9BB786F7FEF7A@Khan>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <2216143EDEE342A3A5C9BB786F7FEF7A@Khan>
X-message-flag: Please send plain text messages only. Thank you.
User-Agent: Mutt/1.8.0 (2017-02-23)
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
Hi, if I may stick an oar in sideways: if you go to all the trouble, could you add a mechanism by which the server could advise that the host key used by the client was still valid but deprecated, and to download the new host key once connected? Speaking as an admin of a bunch of servers whose users -do- ask when the host key changes, I currently feel a need for a better mechanism for updates to longer keys than "send mail". regards, spz -- spz@serpens.de (S.P.Zeidler)
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… denis bider (Bitvise)
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Fixing exchange of host keys in the SSH key excha… denis bider (Bitvise)
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… denis bider (Bitvise)
- Re: Fixing exchange of host keys in the SSH key e… denis bider (Bitvise)
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… denis bider (Bitvise)
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… denis bider (Bitvise)
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… denis bider (Bitvise)
- Re: Fixing exchange of host keys in the SSH key e… denis bider (Bitvise)
- Implementation-hazards list [was Re: Fixing excha… Mouse
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… denis bider (Bitvise)
- Re: Implementation-hazards list [was Re: Fixing e… Peter Gutmann
- Re: Implementation-hazards list [was Re: Fixing e… Darren Tucker
- Re: Implementation-hazards list [was Re: Fixing e… Mouse
- Re: Implementation-hazards list [was Re: Fixing e… denis bider (Bitvise)
- Re: Implementation-hazards list [was Re: Fixing e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… S.P.Zeidler
- Re: Fixing exchange of host keys in the SSH key e… denis bider (Bitvise)
- Re: Fixing exchange of host keys in the SSH key e… Mouse