Re: Feedback on draft-ssh-ext-info-00
nisse@lysator.liu.se (Niels Möller ) Fri, 11 December 2015 08:39 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 087221ACDCE for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Fri, 11 Dec 2015 00:39:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.61
X-Spam-Level:
X-Spam-Status: No, score=-1.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hCd93GvVwMtZ for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Fri, 11 Dec 2015 00:39:48 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:470:a085:999::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 498BC1ACDCB for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Fri, 11 Dec 2015 00:39:46 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id 3E3EF85F07; Fri, 11 Dec 2015 08:39:30 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id B481085EFC for <ietf-ssh@netbsd.org>; Fri, 11 Dec 2015 08:39:27 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id C9ylgZwtzygv for <ietf-ssh@netbsd.org>; Fri, 11 Dec 2015 08:39:27 +0000 (UTC)
Received: from mail.lysator.liu.se (mail.lysator.liu.se [IPv6:2001:6b0:17:f0a0::3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id C80C785E6C for <ietf-ssh@netbsd.org>; Fri, 11 Dec 2015 08:39:25 +0000 (UTC)
Received: from mail.lysator.liu.se (localhost [127.0.0.1]) by mail.lysator.liu.se (Postfix) with ESMTP id E133040012; Fri, 11 Dec 2015 09:39:22 +0100 (CET)
Received: from armitage.lysator.liu.se (armitage.lysator.liu.se [IPv6:2001:6b0:17:f0a0::83]) by mail.lysator.liu.se (Postfix) with SMTP id BF7394000F; Fri, 11 Dec 2015 09:39:21 +0100 (CET)
Received: by armitage.lysator.liu.se (sSMTP sendmail emulation); Fri, 11 Dec 2015 09:39:21 +0100
From: nisse@lysator.liu.se
To: denis bider <ietf-ssh3@denisbider.com>
Cc: Damien Miller <djm@mindrot.org>, Markus Friedl <mfriedl@gmail.com>, ietf-ssh@netbsd.org
Subject: Re: Feedback on draft-ssh-ext-info-00
References: <1656686251-2152@skroderider.denisbider.com>
Date: Fri, 11 Dec 2015 09:39:21 +0100
In-Reply-To: <1656686251-2152@skroderider.denisbider.com> (denis bider's message of "Thu, 3 Dec 2015 07:26:53 +0000")
Message-ID: <nnh9jpl6py.fsf@armitage.lysator.liu.se>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Virus-Scanned: ClamAV using ClamSMTP
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
denis bider <ietf-ssh3@denisbider.com> writes: > Okay, I'll modify the draft to this effect. This may take me a bit, I currently have a few urgent things to attend to. > > I would appreciate your thoughts on the question of EXT_INFO windows for client and server. > > Do you find it acceptable if the proposal requires both client and server to send their first EXT_INFO immediately after NEWKEYS? I think that's a reasonable place to send it. I view EXT_INFO as a part of the transport layer, and then the spec ought to not depend on messages belonging to the ssh-userauth or the ssh-connection service. But maybe I'm missing the issue... As a client, you want to know what extensions are supported *before* you send the SERVICE_REQUEST message? But it it's optional, you can't know if the server is not sending any EXT_INFO, or if it's going to send it but you haven't received it yet. Is that right? Since the protocol is specified as running over a byte stream, we ought not to reason in terms of the EXT_INFO arriving in the same packet as the NEWKEYS, even if that probably would work in practice. To remove the ambiguity, negotiation has to be a bit more complex. We'd need four more magic symbols, ext_info_{send,recv}_{c,s} and specify that the server MUST send EXT_INFO if and only if the client advertised ext_info_recv_c and the server advertised ext_info_send_s. Then the client knows unabiguously if there will be an EXT_INFO following the NEWKEYS. And similarly for the other direction. Is there any simpler way to do it? Regards, /Niels -- Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26. Internet email is subject to wholesale government surveillance.
- Feedback on draft-ssh-ext-info-00 Damien Miller
- Re: Feedback on draft-ssh-ext-info-00 Markus Friedl
- RE: Feedback on draft-ssh-ext-info-00 Peter Gutmann
- RE: Feedback on draft-ssh-ext-info-00 Damien Miller
- Re: Feedback on draft-ssh-ext-info-00 Damien Miller
- Re: Feedback on draft-ssh-ext-info-00 Damien Miller
- Re: Feedback on draft-ssh-ext-info-00 Damien Miller
- Re: Feedback on draft-ssh-ext-info-00 Damien Miller
- Re: Feedback on draft-ssh-ext-info-00 Niels Möller
- Re: Feedback on draft-ssh-ext-info-00 Niels Möller
- Re: Feedback on draft-ssh-ext-info-00 Markus Friedl
- Re: Feedback on draft-ssh-ext-info-00 Niels Möller
- Re: Feedback on draft-ssh-ext-info-00 Niels Möller
- RE: Feedback on draft-ssh-ext-info-00 Peter Gutmann
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 Markus Friedl
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 Markus Friedl
- Re: Feedback on draft-ssh-ext-info-00 Markus Friedl
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Updated EXT_INFO draft - draft-ssh-ext-info-02 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Feedback on draft-ssh-ext-info-00 Damien Miller
- RE: Feedback on draft-ssh-ext-info-00 Peter Gutmann
- Re: Feedback on draft-ssh-ext-info-00 Niels Möller
- Re: Feedback on draft-ssh-ext-info-00 Matt Johnston
- Re: Feedback on draft-ssh-ext-info-00 Niels Möller
- Re: Feedback on draft-ssh-ext-info-00 denis bider
- Re: Updated EXT_INFO draft - draft-ssh-ext-info-02 Niels Möller
- Re: Feedback on draft-ssh-ext-info-00 Niels Möller