Re: Fixing exchange of host keys in the SSH key exchange

"S.P.Zeidler" <spz@serpens.de> Tue, 04 April 2017 05:18 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF53C124D37 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Mon, 3 Apr 2017 22:18:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aUdt4Ma6okOk for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Mon, 3 Apr 2017 22:18:50 -0700 (PDT)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:470:a085:999::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E2B5124D68 for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Mon, 3 Apr 2017 22:18:50 -0700 (PDT)
Received: by mail.netbsd.org (Postfix, from userid 605) id DC5E9855AB; Tue, 4 Apr 2017 05:18:47 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: by mail.netbsd.org (Postfix, from userid 1347) id 972558558D; Tue, 4 Apr 2017 05:18:47 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id B2793855C3 for <ietf-ssh@netbsd.org>; Mon, 3 Apr 2017 20:03:42 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id jiBPlkzqRxcV for <ietf-ssh@netbsd.org>; Mon, 3 Apr 2017 20:03:42 +0000 (UTC)
Received: from serpens.de (serpens.de [195.22.142.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id E219D84CDB for <ietf-ssh@netbsd.org>; Mon, 3 Apr 2017 20:03:40 +0000 (UTC)
Received: from serpens.de (spz@localhost [127.0.0.1]) by serpens.de (8.15.2/8.13.3) with ESMTPS id v33K325L028514 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 3 Apr 2017 22:03:21 +0200 (MEST)
Received: (from spz@localhost) by serpens.de (8.15.2/8.12.11) id v33K2sHZ001940; Mon, 3 Apr 2017 22:02:59 +0200 (MEST)
Date: Mon, 3 Apr 2017 22:02:51 +0200
From: "S.P.Zeidler" <spz@serpens.de>
To: "denis bider (Bitvise)" <ietf-ssh3@denisbider.com>
Cc: ietf-ssh@netbsd.org, djm@mindrot.org, Simon Tatham <anakin@pobox.com>
Subject: Re: Fixing exchange of host keys in the SSH key exchange
Message-ID: <20170403200250.GB21972@serpens.de>
References: <2216143EDEE342A3A5C9BB786F7FEF7A@Khan>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <2216143EDEE342A3A5C9BB786F7FEF7A@Khan>
X-message-flag: Please send plain text messages only. Thank you.
User-Agent: Mutt/1.8.0 (2017-02-23)
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list

Hi,

if I may stick an oar in sideways: if you go to all the trouble,
could you add a mechanism by which the server could advise that
the host key used by the client was still valid but deprecated,
and to download the new host key once connected?

Speaking as an admin of a bunch of servers whose users -do- ask
when the host key changes, I currently feel a need for a better
mechanism for updates to longer keys than "send mail".

regards,
	spz
-- 
spz@serpens.de (S.P.Zeidler)