Re: SSH key algorithm updates
"Mark D. Baushke" <mdb@juniper.net> Sat, 31 October 2015 16:52 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F09A1B2B5B for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sat, 31 Oct 2015 09:52:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.31
X-Spam-Level:
X-Spam-Status: No, score=-1.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_34=0.6, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IEjSLGwh9LUx for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sat, 31 Oct 2015 09:52:55 -0700 (PDT)
Received: from mail.netbsd.org (mail.NetBSD.org [IPv6:2001:4f8:3:7::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 062FF1B2B5A for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Sat, 31 Oct 2015 09:52:55 -0700 (PDT)
Received: by mail.netbsd.org (Postfix, from userid 605) id 74D1314A1E5; Sat, 31 Oct 2015 16:52:51 +0000 (UTC)
Delivered-To: ietf-ssh@NetBSD.org
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id DB91414A1DF for <ietf-ssh@NetBSD.org>; Sat, 31 Oct 2015 16:52:44 +0000 (UTC)
X-Virus-Scanned: amavisd-new at NetBSD.org
Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id gLWOX70AQLy6 for <ietf-ssh@NetBSD.org>; Sat, 31 Oct 2015 16:52:44 +0000 (UTC)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1on0737.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::737]) by mail.netbsd.org (Postfix) with ESMTP id 8EE5714A1DB for <ietf-ssh@NetBSD.org>; Sat, 31 Oct 2015 16:52:42 +0000 (UTC)
Received: from BLUPR05CA0076.namprd05.prod.outlook.com (10.141.20.46) by DM2PR0501MB1389.namprd05.prod.outlook.com (10.161.224.11) with Microsoft SMTP Server (TLS) id 15.1.312.18; Sat, 31 Oct 2015 16:52:40 +0000
Received: from BN1AFFO11FD022.protection.gbl (2a01:111:f400:7c10::154) by BLUPR05CA0076.outlook.office365.com (2a01:111:e400:855::46) with Microsoft SMTP Server (TLS) id 15.1.312.18 via Frontend Transport; Sat, 31 Oct 2015 16:52:39 +0000
Authentication-Results: spf=softfail (sender IP is 66.129.239.17) smtp.mailfrom=juniper.net; denisbider.com; dkim=none (message not signed) header.d=none; denisbider.com; dmarc=none action=none header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.17 as permitted sender)
Received: from p-emfe01a-sac.jnpr.net (66.129.239.17) by BN1AFFO11FD022.mail.protection.outlook.com (10.58.52.82) with Microsoft SMTP Server (TLS) id 15.1.318.9 via Frontend Transport; Sat, 31 Oct 2015 16:52:39 +0000
Received: from magenta.juniper.net (172.17.27.123) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Sat, 31 Oct 2015 09:52:38 -0700
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by magenta.juniper.net (8.11.3/8.11.3) with ESMTP id t9VGqaD82005; Sat, 31 Oct 2015 09:52:36 -0700 (PDT) (envelope-from mdb@juniper.net)
Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id 2D0EB1141B; Sat, 31 Oct 2015 09:52:36 -0700 (PDT)
To: Jeffrey Hutzelman <jhutz@cmu.edu>
CC: denis bider <ietf-ssh3@denisbider.com>, ietf-ssh@NetBSD.org, nisse@lysator.liu.se, stephen.farrell@cs.tcd.ie, jon@siliconcircus.com
Subject: Re: SSH key algorithm updates
In-Reply-To: <1446228753.32676.1.camel@destiny.pc.cs.cmu.edu>
References: <1297540000-2044@skroderider.denisbider.com> <51845.1446188002@eng-mail01.juniper.net> <1446228753.32676.1.camel@destiny.pc.cs.cmu.edu>
Comments: In-reply-to: Jeffrey Hutzelman <jhutz@cmu.edu> message dated "Fri, 30 Oct 2015 14:12:33 -0400."
From: "Mark D. Baushke" <mdb@juniper.net>
X-Phone: +1 408 745-2952 (Office)
X-Mailer: MH-E 8.5; nmh 1.2; GNU Emacs 24.3.1
X-Face: #8D_6URD2G%vC.hzU<dI&#Y9szHj$'mGtUq&d=rXy^L$-=G_-LmZ^5!Fszk:yXZp$k\nTF? 8Up0!v/%1Q[(d?ES0mQW8dRCXi18gK)luJu)loHk, }4{Vi`yX?p?crF5o:LL{6#eiO:(E:YMxLXULB k|'a*EjN.B&L+[J!PhJ*aX0n:5/
Date: Sat, 31 Oct 2015 09:52:36 -0700
Message-ID: <26715.1446310356@eng-mail01.juniper.net>
MIME-Version: 1.0
Content-Type: text/plain
X-EOPAttributedMessage: 0
X-Microsoft-Exchange-Diagnostics: 1; BN1AFFO11FD022; 1:i4P4cCqy163R+ChNB2Tpr/e1TCAl5ZjhydGxlwpcMGFFCQsmiXYsB7IP7ZosRFRZGQf/SMqfBKlHD8QztL1cM4l9YpMU8uJrG0Avj/MvcFotdUqDdz/qUAAC4vpuq8kr0nwo1bIQTKdkDRDhO+m0So3qYkYTwwSNLcEMXZgj08cwvE1oAbTEwU0iYiG7JfHMuhevq4+4fhSXijic8z8pIw2oxOHEVKylagK3NZrdluyZ8HOn0rKmI098hviqEnvwADPkvCw2WXchm2jHtwGqcvRkDqxOkXYLLyUTcjvPT620dWPYskzsQomIKb8pLWF3om1FYO1mymTfVIvz+0puWaEaWxcSBjqNkDLkgeryx7Mm/NzufFV7RCwPLo7ZZhpnNzGMTHh1noHrolWpTPbK8w==
X-Forefront-Antispam-Report: CIP:66.129.239.17; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(2980300002)(189002)(199003)(11100500001)(77096005)(69596002)(2950100001)(5007970100001)(106466001)(48376002)(97736004)(19580405001)(15975445007)(5003940100001)(50226001)(6806005)(81156007)(76176999)(19580395003)(50986999)(5001960100002)(92566002)(87936001)(5003600100002)(76506005)(2171001)(86362001)(53416004)(47776003)(117636001)(189998001)(105596002)(110136002)(50466002)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0501MB1389; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0501MB1389; 2:mLxrHXVLs/EJepdnMhdaoxV7OD3sxdY4oN/iOogfnNr9ug/T7jPw7ryuZTp497rIWcxkwhllGVtGYHU1e3z9Rt8lqUauxrkWRWPCyIngDbbK6ME2grgH1M84N+YRWiWnbblJYCA5J8xwdPpMB4kW7y1I7A4WDNmLXsfq9XFghDU=; 3:D+slv0MNRXJ4iYT2s9WqiXUNb5t2Sd6I1X/MlKnGvSbvbuc9PZTFk8KIUrg29B2c3A/oQO26BnHjcakTunc1FHKTuykWzFinB1NCzNElB9BCTNTYO2uWHO7Uh4zxweZwuV2iOHZUuwU0OgA1Ig3yaYSV8Mp0nN9URmY3nLbDqCxGQuFMy85lnDK4B0Jx8U/Ko6ZEx6aXQCFR8y9HCOpl/tdtPcF+Rbr9O8lB5OUfVwg=; 25:ybmeUL81uCXLS71olMNJcwyBLwD4O6X0K/bw4OZjZr0gCUSchiuJXvZwp16sSb50Q3RHsYGF8AsKTlZgMcjh2FPAnkscyx+OJH3189Ya3H1Dq7WvxdKsKiqFE9Cc6IVG+w2NaKix9ykQN2qHcM1BXHEOGQWlT4MUDOfLRryOKH7+JJkmGu/saqJI6tTPxD7ZBNGFaJvZsqomyNqSgdOMWWvFvb61mq9fXdQvJ61m2mlMnzpGvIZAz0zw7m5ahGhTBkk/xeT7mJmyXcFMlv9CyQ==
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DM2PR0501MB1389;
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0501MB1389; 20:Q+vFT02uIBwUh5oMynXEcSIrl8AkzOzLF4JUbC70IU694bwVn5qtxSMaZuVec0wsQZmk+iTiJyCnVIy7qmnUVpjaaI1aiyy/QsG9uzXr/T18gsQM2b4m2AVD5QbFld56s2E4g0/SOhn+mbNdxBFxqWYKsW/oQX4Mkxcr0BBOP0yy7Aqvgd6sPX6inM7v69h+tDL5nXqzvsT6Q1WJ2E+p3XyBl3RGvnmaEF3OTn3H2Quf+LeeRgQvu0qT3LwMINWqdpAUH+JdNDUgfSmRtq9bsb/cQ5O3kMsV2tdYz4o4CrKW6kd2PM+EankaYCEBsjfJSYjAGCizgj3g6qeYVnt5i4eZHzYQkVF5RbA+ea1pB74lK2EV2qVoHm9n/ZQGgStw3cTS9HXubfI5t8DU2AYE4sAnmS0HOfg0fJh/kojTr+ing/8JLeK6OX3LESGAO4lUkUxZlrRbF9d09zQ/fkXPpFvfpkni/w4Xgeecm4llgtVh3WPeh9ppKrog6YHlje0B; 4:G55Xd/TnaeK8LOnwLfKvDaKA9F+9IRnF9fp+rMdd6eFjnIt64bhIaItIT520y+1gEzb9zBmeGCQ1D8bBEDwtigC73HKJ/+CCqC6pqyFSZZdtVPpj3mYOPE34ULGutG93g8Ps1RuE0xqR6rZMFRqqNB57xzWAKeBdcx4uv5Elnv8g9bZGwtbc1UGXQWeGXyc/sRQoAYsIpTLUDAtdkPIfLWMR+X/ovEbMk6IYAQyLzSfHARlAN7fy3oWJTE8Bgs2WIQZQcCJLyNcT9PcTWgFV0q13J3hNDiwPPoaoCR5nHQ9GiHaqwgvBsCQ0Bd1Kw1v49PmLhitLfZSB3GxmzpsmSfWp6EwAq0rG9JY8WPMC+kX3GIFoIRwLOdGlmH/aeZey
X-Microsoft-Antispam-PRVS: <DM2PR0501MB13893A838FBC5262BB78D3F5BF2E0@DM2PR0501MB1389.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(520078)(5005006)(3002001)(10201501046); SRVR:DM2PR0501MB1389; BCL:0; PCL:0; RULEID:; SRVR:DM2PR0501MB1389;
X-Forefront-PRVS: 07467C4D33
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0501MB1389; 23:ySr9/3fAocHieJJNP5uIyEiMW5IwX48EQZda2oyR1+0aQYUfuxJqRrGxffIYqw7Z+u2YtpbE2KXVKMwAlO+hrpx4eUhiJwA26OHjE22+kS7K+WmerrGzRF0qFlPHVFb/aB86KLgn9FiSzPNkeoWYMxYl4c/xmduY+achh3bkrC0KDw8GqSFuoO7UUVQuSZfxtXB/xBBYcJj3lwKmwpaBA1xdBS198K4E+UFDofjxXoBeFLX4SbhNNvEVXZQtbC5wh71S4GAVj/+F7tpj0F0tkaT6uDMHfHXLycEm2lAJu22wTQbD+TkcmL0fXQzwb81dRXIOwK8MU2HA59fKzWfLDKxdNqE2rIiL8HySa8kFcoxtJDp1V1HYBeA+h8mIZhtsDZGbxYoR74ueweEODpVkl0oElX5rBHTIPhytS/wgytJI7j0qf3eretigxk5QPyCR773+Atbxp2H1CEdNLsgkbneuLvpg/9WRspAN6rJ1hS6FQXgGYHfvZbsdDVQevDGDWwX8Em8Uw38EXFsYpox6Vsd/GPI0fBJKY4HlyUA7Ird7IJ70iih8aUGnIlqdzTB8DW9OQRtcLdDO1HoCbcJ7VwJog3TwXAJUnmPVKXpIw8X0ya3vS+tHkOop2xw1UgqVLYjhwpHhDXOwqTl0FXca1f5dxCQ7x0g8C/n16oOTYoXxzm/cX+9i4tuC7nvy9onAAASQlwhXns62TjT18BG4ar1I7iJuf7cL1jK3VLk46rQm18B16eR+SE3FKusFM7g7KUXd11EnBdhPE+ecwEuXEy7SnnkSL6ixhjISejAkI40F8feNxJaVyqkFbuHnkZ+dZk870+rzwseGNq1F0ksXDrIEBk0f0CNlgBYTksOua7TJsKqyky3SJbQKbh/M+1iBaFdiPFXveGYQvEnsmsbDsHFzxs+cviYW98SI5mIv7IyHs0Z61g0edV2MnRqQErdoJDpwMcz2mZECMN27k4Jzoi08u2DhtywoMD4PPqpj6ws=
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0501MB1389; 5:pSJ/V2lVvxbyq3/Y9DVmErq9vOTWZt3Ay9MnSUYiT1m6GmhS3zea05Yj5Uh0NKgUPDNfi/K+ZEbpnzQxT/QGzNR+vNsDxvZQmRhd7j7xRNYIaGL8ZW1/O84ym9cLRY3crzHWK4O61/QaxfSRkSCThg==; 24:Wo/7yyNSRE7bwOoHc+EDd/obxpXlSeERaDMl5ZX9qqaVAk/ejj2zGMC6QxygOyQdoOzNXJGZgVhx/hEBLLjN9gEaBR++3BOXMf9H8q+r2rs=; 20:JPkpdMZANC6+4s42xOBy5zS56KDrNrNaOPcIE2M4Ia0phgFAmgjbuOLI+agOaXInMnge2bE8wjCsJwRVhqg+xA==
SpamDiagnosticOutput: 1:23
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 Oct 2015 16:52:39.0292 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.17]; Helo=[p-emfe01a-sac.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0501MB1389
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
Hi Jeff, > > Or, is this better left to another RFC? Perhaps moving the Ed25519 > > algorithm created by > > > > https://tools.ietf.org/html/draft-irtf-cfrg-eddsa-00 > > > > into a MUST algorithm while deprecating "ssh-dss" for SSH? > > That's an unfinished, -00 version internet draft from CFRG. It's > probably too soon to use it as the basis for an SSH public key algorithm > at all, let alone make such an algorithm mandatory to implement. Once > the document is ready, we can start with OPTIONAL, and consider > upgrading when the algorithm has proven itself and is reasonably widely > implemented in SSH. Hmmm.... OpenSSH has implemented an ssh-ed25519 and B. Harris has written: https://tools.ietf.org/html/draft-bjh21-ssh-ed25519-02 I am not sure how closely the IRTF Ed25519 an ssh-ed25519 implementations match, but I suspect it may be relevant to discuss both drafts and the SSH protocol sooner rather than later. Regading your table: > enc MAY ??? 4345 arcfour128 > enc MAY ??? 4345 arcfour256 To the best of my understanding, these use CBC and I suggest enc MAY SHOULD NOT 4345 arcfour128 enc MAY SHOULD NOT 4345 arcfour256 Regarding additional ciphers while the door is open. How about RFC7539 ChaCha and Poly1305? OpenSSH has implemented chacha20-poly1305@openssh.com The way that RFC5647 was written seems to not have been widely adopted although OpenSSH did implement aes128-gcm@openssh.com and aes256-gcm@openssh.com which are very similar. It might be nice to actually come up with a 'standards' track document dealing with AEAD ciphers and SSH and see if there is a better way to negotiate it within the existing framework of SSH's separation of MAC and Cipher. For example, maybe MAC=AEAD and Cipher=aes-gcm,chacha20-poly1305 would make more sense in the negotiation? It would be useful to see what other protocols various SSH implementers have been adding and see if there is a desire to move any of them into a recommended or optional standard. There is also the possibility of a encrypt-then-mac kinds of MAC choices to try to avoid attacks against block ciphers which are either mac-then-encrypt or AEAD. fwiw: I would have no problem with an ssh-rsa-sha2 pk. -- Mark
- Proposal and intent to implement "dsa-sha2-256" S… denis bider
- Re: Proposal and intent to implement "dsa-sha2-25… Niels Möller
- Re: Proposal and intent to implement "dsa-sha2-25… Mark D. Baushke
- Re: Proposal and intent to implement "dsa-sha2-25… Stephen Farrell
- Re: Proposal and intent to implement "dsa-sha2-25… Niels Möller
- Re: Proposal and intent to implement "dsa-sha2-25… denis bider
- Re: Proposal and intent to implement "dsa-sha2-25… Jeffrey Hutzelman
- Re: Proposal and intent to implement "dsa-sha2-25… denis bider
- Re: Proposal and intent to implement "dsa-sha2-25… Jon Bright
- Re: Proposal and intent to implement "dsa-sha2-25… Mark D. Baushke
- Re: Proposal and intent to implement "dsa-sha2-25… Jeffrey Hutzelman
- Re: Proposal and intent to implement "dsa-sha2-25… denis bider
- Re: SSH key algorithm updates Stephen Farrell
- Re: SSH key algorithm updates Stephen Farrell
- Re: Proposal and intent to implement "dsa-sha2-25… Jeffrey Hutzelman
- Re: Proposal and intent to implement "dsa-sha2-25… Jeffrey Hutzelman
- SSH key algorithm updates Jeffrey Hutzelman
- Re: SSH key algorithm updates Jeffrey Hutzelman
- Re: SSH key algorithm updates Phil Lello
- Re: SSH key algorithm updates Mark D. Baushke
- RE: SSH key algorithm updates Peter Gutmann
- Re: SSH key algorithm updates Damien Miller
- Re: SSH key algorithm updates Niels Möller
- Re: SSH key algorithm updates Niels Möller
- Re: SSH key algorithm updates Max Horn
- Re: SSH key algorithm updates Jeffrey Hutzelman
- Re: SSH key algorithm updates Niels Möller
- RE: SSH key algorithm updates Peter Gutmann