IETF Logo Mail Archive

Re: Fixing exchange of host keys in the SSH key exchange

Peter Gutmann <pgut001@cs.auckland.ac.nz> Sun, 26 March 2017 08:53 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A24AF124B0A for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sun, 26 Mar 2017 01:53:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b6MRJq14LELH for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sun, 26 Mar 2017 01:53:25 -0700 (PDT)
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4D4E12420B for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Sun, 26 Mar 2017 01:53:25 -0700 (PDT)
Received: by mail.netbsd.org (Postfix, from userid 605) id 81CF1855B0; Sun, 26 Mar 2017 08:53:24 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 58D46855A1 for <ietf-ssh@netbsd.org>; Sun, 26 Mar 2017 08:53:22 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id HcLT3LqfSXJY for <ietf-ssh@netbsd.org>; Sun, 26 Mar 2017 08:53:21 +0000 (UTC)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id 47BD184CDD for <ietf-ssh@netbsd.org>; Sun, 26 Mar 2017 08:53:20 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1490518401; x=1522054401; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=mdb0BejDVks1bB3c2GA6N97JiPexb56ixio/Y33Gkos=; b=mg1QGmyMt5mb1ToDLMIXCNxL/7ighegMHLErDODUGfVcjgjh4nFd+B0C XskltTSkBsSqDE0P+odSWGS1aWHytj6t53FsiioveNYBJ0cAK6h6fTG3Y /IteTdoux+vmvFXJ3Pi4b5CTjC+uuEnMzbno47NBOriMBM3/OFdjEgQLJ 9vM21E+xP8t1gXH/rTJGbHz3riMDetK3mvXjd3c1mX0iizzT5UVf0aaPM qdfUfTNdqBr0aaSzKkN9/8cTfce+2l9C6GbUu4pzxzQr8FyNQ0eNeKNKJ Gxg0KantQwWOuH/J8Fmg/WY1hqdTEwV64DySKG15TgqH/0WdoXm5p/4yJ Q==;
X-IronPort-AV: E=Sophos;i="5.36,225,1486378800"; d="scan'208";a="145554127"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.2.2 - Outgoing - Outgoing
Received: from uxcn13-ogg-a.uoa.auckland.ac.nz ([10.6.2.2]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 26 Mar 2017 21:53:18 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-ogg-a.UoA.auckland.ac.nz (10.6.2.2) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Sun, 26 Mar 2017 21:53:18 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) with mapi id 15.00.1263.000; Sun, 26 Mar 2017 21:53:18 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Mouse <mouse@Rodents-Montreal.ORG>, "ietf-ssh@NetBSD.org" <ietf-ssh@NetBSD.org>
Subject: Re: Fixing exchange of host keys in the SSH key exchange
Thread-Topic: Fixing exchange of host keys in the SSH key exchange
Thread-Index: AQHSo6JCh/pnJs1+UUq8ewlt+ue/5qGjlx6QgAEOD4CAAi+kRQ==
Date: Sun, 26 Mar 2017 08:53:18 +0000
Message-ID: <1490518384910.80699@cs.auckland.ac.nz>
References: <2216143EDEE342A3A5C9BB786F7FEF7A@Khan> <1490340148872.12344@cs.auckland.ac.nz>, <201703251227.IAA20189@Stone.Rodents-Montreal.ORG>
In-Reply-To: <201703251227.IAA20189@Stone.Rodents-Montreal.ORG>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list

Mouse <mouse@Rodents-Montreal.ORG> writes:

>As far as I can see, this affects the user only in that "pick up the host key
>on first connect" no longer works.

It breaks TOFU.  Since this is how the vast majority of all users use SSH
(ref: https://www.usenix.org/system/files/login/articles/105484-Gutmann.pdf),
it means it would break SSH for them.  Conversely, it means the vast majority
won't use it.

>Then this suggestion has the additional feature that it will smoke out such
>bugs!

Trying to smoke out non-standards-compliant implementations at this point,
about twenty-odd after SSH2 started getting deployed, is probably a bit late
in the game.

Also, does this mean any implemenation that doesn't correctly implement a MUST
or MUST NOT can regarded as broken and discarded?

Peter.

v2.23.0 | Report a Bug | By Email