IETF Logo Mail Archive

Re: Fixing exchange of host keys in the SSH key exchange

Peter Gutmann <pgut001@cs.auckland.ac.nz> Mon, 27 March 2017 23:57 UTC

Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D6C61296CC for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Mon, 27 Mar 2017 16:57:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wa9XAQxj7tO9 for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Mon, 27 Mar 2017 16:57:52 -0700 (PDT)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:470:a085:999::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88CC71296CB for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Mon, 27 Mar 2017 16:57:50 -0700 (PDT)
Received: by mail.netbsd.org (Postfix, from userid 605) id D16BC8559C; Mon, 27 Mar 2017 23:57:42 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 8142585598 for <ietf-ssh@netbsd.org>; Mon, 27 Mar 2017 23:57:40 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id vdYvuH7zf0wB for <ietf-ssh@netbsd.org>; Mon, 27 Mar 2017 23:57:39 +0000 (UTC)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id C248584CED for <ietf-ssh@netbsd.org>; Mon, 27 Mar 2017 23:57:37 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1490659058; x=1522195058; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=NYwIAjI8Bqwxy5A6EJcGhNJyEhGVIZmrZQSofQCGLGA=; b=HkkllN4lXJAKJF6nyoJsVLJENMWsQge1o3p1ffBor5I1QQo1RZTqQ5EB 0qjSPASJkcalZMY1Y+avD1aBEE0PXcMt4gdn3r0KefCW4NmD11+MnqQOk 76Y9dtqUfwjqQin223FpX5f71XWafQtDo4yVJ0quB9GSa7UPbOQsymckw 0jqd/+VvJyLk0eMwo7xzNEBf5XJsh0Qez8VJhedbNkDBOeZeUIP+mAroJ 4fHsRX6ZkIxr0EiF+DTgZaitACh5A8iIMsG+CyXhRKUFNr4pXXnGvGwJm RydUaBL+QBxJTQ858ywNtfTrC01f7CtVH0+SQz0pE16A3JW018DA66XlM g==;
X-IronPort-AV: E=Sophos;i="5.36,234,1486378800"; d="scan'208";a="146053379"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.3.5 - Outgoing - Outgoing
Received: from uxcn13-tdc-d.uoa.auckland.ac.nz ([10.6.3.5]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 28 Mar 2017 12:57:35 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-tdc-d.UoA.auckland.ac.nz (10.6.3.5) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Tue, 28 Mar 2017 12:57:34 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) with mapi id 15.00.1263.000; Tue, 28 Mar 2017 12:57:34 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "denis bider (Bitvise)" <ietf-ssh3@denisbider.com>, Mouse <mouse@Rodents-Montreal.ORG>, "ietf-ssh@NetBSD.org" <ietf-ssh@NetBSD.org>
Subject: Re: Fixing exchange of host keys in the SSH key exchange
Thread-Topic: Fixing exchange of host keys in the SSH key exchange
Thread-Index: AQHSo6JCh/pnJs1+UUq8ewlt+ue/5qGhf50AgAOKXICAAIpbgIABd8WAgAExZamAACCUAIABBjdN
Date: Mon, 27 Mar 2017 23:57:34 +0000
Message-ID: <1490659054508.71711@cs.auckland.ac.nz>
References: <2216143EDEE342A3A5C9BB786F7FEF7A@Khan> <201703231224.IAA22091@Stone.Rodents-Montreal.ORG><589D55C2CF5942E9910482788CBDB445@Khan> <201703260243.WAA05983@Stone.Rodents-Montreal.ORG>, <B27F1BAE8F974449B6EE8B7DF50ED3A9@Khan> <1490595711031.1686@cs.auckland.ac.nz>, <BE0AC8D434BC4010842179F29664E7A7@Khan>
In-Reply-To: <BE0AC8D434BC4010842179F29664E7A7@Khan>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list

denis bider (Bitvise) <ietf-ssh3@denisbider.com> writes:

>The obstacle seems to be getting people together. Those of us who’ve been
>around for 15 years may be on this mailing list. I’m not sure if this is true
>for authors of newer implementations, who might benefit from this information
>most.

We can't solve every possible problem with incompatibilities, but we can at
least get good coverage of a lot of them.  I think there are quite a few
oddball SSH implementations whose developers have never been on this list and
who we can't get to, but it can at least help those on the list.

Just thinking about this a bit more, we'd maybe need two things, a means of
discussing quirks of other implementations, and an (informal) registry of SSH
ID strings and who to contact if you find a problem with that ID, because
that's been another problem, "I've found a bug with X, who do I report it
to?".  Going through standard tech-support channels often doesn't work because
you're not a customer and there's no obvious way to get past the front-end
people to talk to a developer.

Peter.

v2.23.0 | Report a Bug | By Email