Re: Fixing exchange of host keys in the SSH key exchange
"denis bider \(Bitvise\)" <ietf-ssh3@denisbider.com> Tue, 28 March 2017 05:49 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F444129630 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Mon, 27 Mar 2017 22:49:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=denisbider.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P21uvDhT0xy0 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Mon, 27 Mar 2017 22:49:20 -0700 (PDT)
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76A911294CE for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Mon, 27 Mar 2017 22:49:20 -0700 (PDT)
Received: by mail.netbsd.org (Postfix, from userid 605) id BBEC7855BD; Tue, 28 Mar 2017 05:37:53 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: by mail.netbsd.org (Postfix, from userid 1347) id 671A7855B0; Tue, 28 Mar 2017 05:37:53 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 632FB85598 for <ietf-ssh@NetBSD.org>; Tue, 28 Mar 2017 00:22:48 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (2048-bit key) header.d=denisbider.com
Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id oi3NsrcPEJMe for <ietf-ssh@netbsd.org>; Tue, 28 Mar 2017 00:22:47 +0000 (UTC)
Received: from skroderider.denisbider.com (skroderider.denisbider.com [50.18.172.175]) (using TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id 9F09A84CED for <ietf-ssh@NetBSD.org>; Tue, 28 Mar 2017 00:22:47 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=denisbider.com; s=mail; h=from:subject:date:message-id:to:mime-version:content-type:in-reply-to: references; bh=F3QYvWDvrAF79nLllVwzsFHeSSKfu+gQeGr0mnqAnR0=; b=YUjjdYu4P7mO21V+DsMh0A3HbPUnduES5jjeevLMQWtenasfAz7uX92EJbZAb0bIUK7I58hZXx9wQ 37nQ3Z5aiojUK4IHHFUWF4cboxDfv2TKtD4ahy0j3Ou8vuXKzCeARGLSbWl3cgbJgnggsl78OZTYs3 OhNax+Yg08ZbQj2dNBVZwADWeqpGv1kLj4y9LByAsFUqbybzZ0ksScm0caB+9AMu5MAlJ/tvDeUV5x w7fud3QYQ/SPsXZUK99hMk5VX7FzEGb3rDXOWwmtMe1Yw4N1DjhnmK9CR9sUXBvFR5KS7xxziShdK4 e/cJY9UIcu5f1GMEid337guudT4cZrw==
X-Footer: ZGVuaXNiaWRlci5jb20=
Received: from localhost ([127.0.0.1]) by skroderider.denisbider.com with ESMTPSA (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)); Tue, 28 Mar 2017 01:22:39 +0100
Message-ID: <4F251D0448CB4B2EB006DE86972EBB81@Khan>
From: "denis bider (Bitvise)" <ietf-ssh3@denisbider.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, Mouse <mouse@Rodents-Montreal.ORG>, ietf-ssh@NetBSD.org, Max Horn <postbox@quendi.de>
References: <2216143EDEE342A3A5C9BB786F7FEF7A@Khan> <201703231224.IAA22091@Stone.Rodents-Montreal.ORG><589D55C2CF5942E9910482788CBDB445@Khan> <201703260243.WAA05983@Stone.Rodents-Montreal.ORG>, <B27F1BAE8F974449B6EE8B7DF50ED3A9@Khan> <1490595711031.1686@cs.auckland.ac.nz>, <BE0AC8D434BC4010842179F29664E7A7@Khan> <1490659054508.71711@cs.auckland.ac.nz>
In-Reply-To: <1490659054508.71711@cs.auckland.ac.nz>
Subject: Re: Fixing exchange of host keys in the SSH key exchange
Date: Mon, 27 Mar 2017 18:22:28 -0600
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_00E4_01D2A727.175F2440"
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3528.331
X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3528.331
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
This is currently the most comprehensive list of SSH implementations I’m familiar with: http://ssh-comparison.quendi.de/ It’s done by Max Horn, who participated on this list as recently as in September, so he might be reading. Come to think of it – Max’s SSH comparison might be an excellent way to figure out how many servers will reject text from the client before the SSH version string. I understand that this might be quite a bit of work. However, Bitvise would be willing to sponsor such an effort. Max? Are you there? :-) From: Peter Gutmann Sent: Monday, March 27, 2017 17:57 To: denis bider (Bitvise) ; Mouse ; ietf-ssh@NetBSD.org Subject: Re: Fixing exchange of host keys in the SSH key exchange denis bider (Bitvise) <ietf-ssh3@denisbider.com> writes: >The obstacle seems to be getting people together. Those of us who’ve been >around for 15 years may be on this mailing list. I’m not sure if this is true >for authors of newer implementations, who might benefit from this information >most. We can't solve every possible problem with incompatibilities, but we can at least get good coverage of a lot of them. I think there are quite a few oddball SSH implementations whose developers have never been on this list and who we can't get to, but it can at least help those on the list. Just thinking about this a bit more, we'd maybe need two things, a means of discussing quirks of other implementations, and an (informal) registry of SSH ID strings and who to contact if you find a problem with that ID, because that's been another problem, "I've found a bug with X, who do I report it to?". Going through standard tech-support channels often doesn't work because you're not a customer and there's no obvious way to get past the front-end people to talk to a developer. Peter.
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… denis bider (Bitvise)
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Fixing exchange of host keys in the SSH key excha… denis bider (Bitvise)
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… denis bider (Bitvise)
- Re: Fixing exchange of host keys in the SSH key e… denis bider (Bitvise)
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… denis bider (Bitvise)
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… denis bider (Bitvise)
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… denis bider (Bitvise)
- Re: Fixing exchange of host keys in the SSH key e… denis bider (Bitvise)
- Implementation-hazards list [was Re: Fixing excha… Mouse
- Re: Fixing exchange of host keys in the SSH key e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… denis bider (Bitvise)
- Re: Implementation-hazards list [was Re: Fixing e… Peter Gutmann
- Re: Implementation-hazards list [was Re: Fixing e… Darren Tucker
- Re: Implementation-hazards list [was Re: Fixing e… Mouse
- Re: Implementation-hazards list [was Re: Fixing e… denis bider (Bitvise)
- Re: Implementation-hazards list [was Re: Fixing e… Mouse
- Re: Fixing exchange of host keys in the SSH key e… S.P.Zeidler
- Re: Fixing exchange of host keys in the SSH key e… denis bider (Bitvise)
- Re: Fixing exchange of host keys in the SSH key e… Mouse