IETF Logo Mail Archive

[Ssh] Re: New draft: draft-miller-sshm-strict-kex

Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 12 November 2025 01:44 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: ssh@mail2.ietf.org
Delivered-To: ssh@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id D7C5E87D300A for <ssh@mail2.ietf.org>; Tue, 11 Nov 2025 17:44:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=cs.auckland.ac.nz
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n-Vr9VI8FL2v for <ssh@mail2.ietf.org>; Tue, 11 Nov 2025 17:44:49 -0800 (PST)
Received: from SY2PR01CU004.outbound.protection.outlook.com (mail-australiaeastazon11021084.outbound.protection.outlook.com [40.107.39.84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 78F2C87D2FF7 for <ssh@ietf.org>; Tue, 11 Nov 2025 17:44:48 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=g967tMkDQbdWGJvzMeRlTC31ikyKi7NxYc7vADrxrnGb3Xin+CoLUar+eKIxIUV+MNwdnthwwGMZ3e2GRISkwUzKga+RdDmW+GfHTeVqx7wCRSnIK/kdiVKytgUSNnIaqdtv+rmrBBHpC0/mIft6U8kUBxx8PHi8rGljz5yWq1/1a1FeoOZOTGddFHJOJ63w4PqkpBeCUnwgg0TWzQ6UwEyHUG/W0CONsmy8q15aR0GWXbgi2tMqNFPJ3Zj8PuNC9J+Kv8wyQPQnVM+wI1aPpDdl9deiqeoEZYzB9LLsuHRqI4YlYSEJ/ilP/wrV9AZruuHaGGmfMzEvkOzC4bFNQQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dPTts3dtxPXOCPCJHav0LMn0APJ3QB5FerIICTth4p8=; b=K0bk1L5/Gf3kv8TI0Xeno58nnfPEnoJUGNdko0lOPTsmWN7iJCtqde4HG1Aheov52Wm2G2eToUZdGk/A5oyirFvDF0jzSSfObR+skVPlXhXFZf5YOz+Yu9+vvZylgNcKLsSBOq6QM5s/rTaDZwN7QIigBMXib3+q98gGHsmO0MKdq/83+QkPpw9uLRSYy+YF+Ub/4IeVFHwjxKQLtbnrHqdqfwy/C6B1hEgVQl1mAFl8QvhTe6b4bJGGnWOgtDr+MQpFCwPaekCcrBPqhJWt7Z9WuYQ/tPqMA15m5nYorCKzTel2JnrLPMqHYlP5CLtKDohSnXRcSOroSZccrJLe1Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.auckland.ac.nz; dmarc=pass action=none header.from=cs.auckland.ac.nz; dkim=pass header.d=cs.auckland.ac.nz; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.auckland.ac.nz; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dPTts3dtxPXOCPCJHav0LMn0APJ3QB5FerIICTth4p8=; b=NgGYa7iv0HPlU1ebh2JPzgVnXpTrJJCqCeVppCVsRJqXiyA1i4KTISN1V0OJ6wBN3cWHJcljSekU7jjJ2/pLpd6hNvv6aIgoxguXK4Bf8nkfR6pcZtZ9/B9uxV2xWgqxkd76+IEUotUN/96eyw6Y1VDTz94ipwCBYTFXI9PjyM1aINtt9WydcnJ0aE4XhgO3LbXb+dNIZVJXEPxPMiiUhh9EKMXLiFthEc4Bqdsdr7JZgjoYok4MHJj0m+ULh6JIPMjEMlUOuHv0HiFT6W+w3dQGMKARhFa5rifOtXDdk1ZDCa8QaDil9mfT+R9iMZJk9mBcWOGOLvO53H9upoliug==
Received: from ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM (2603:10c6:220:229::18) by SY7P300MB0065.AUSP300.PROD.OUTLOOK.COM (2603:10c6:10:233::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9320.16; Wed, 12 Nov 2025 01:44:38 +0000
Received: from ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM ([fe80::2b6:430a:4d2a:5c52]) by ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM ([fe80::2b6:430a:4d2a:5c52%4]) with mapi id 15.20.9320.013; Wed, 12 Nov 2025 01:44:38 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Damien Miller <djm@mindrot.org>, Loganaden Velvindron <loganaden@gmail.com>
Thread-Topic: [Ssh] Re: New draft: draft-miller-sshm-strict-kex
Thread-Index: AQHbl1K5vGZsphl0mkmF2SCoe8QvOLTuX6yAgAEuAbaAAC8VWw==
Date: Wed, 12 Nov 2025 01:44:38 +0000
Message-ID: <ME0P300MB0713A24246E20C0CABC7477BEECCA@ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM>
References: <c4d033ca-85c9-b16d-5939-51435f888b27@mindrot.org> <2f0cb470-f7fe-4344-a847-890f8ea8811d@rub.de> <6e19fdc4-2234-9ea4-08a7-2f5a5640cc48@mindrot.org> < CAOp4FwSGA16qKCaNx4qQAWGVnxv5dLyrbBG7Psb5ZAPxq91E8g%mail.gmail.com@mailhub.eait.uq.edu.au> <f1dce2fe-1f23-35f7-7a6b-5fd25bd09fc7@mindrot.org>
In-Reply-To: <f1dce2fe-1f23-35f7-7a6b-5fd25bd09fc7@mindrot.org>
Accept-Language: en-NZ, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.auckland.ac.nz;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: ME0P300MB0713:EE_|SY7P300MB0065:EE_
x-ms-office365-filtering-correlation-id: 0a07f048-f582-4a59-a7e7-08de218d0aa2
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|1800799024|376014|38070700021;
x-microsoft-antispam-message-info: fuRnZSSCsCtWpjI1ldUzXg2mLFDKCPSbTLrSJqHMe2ScXGufwsOvfXGnOS5/kOv0ZVVsMh/TepYC25TNlf1F8kjCkJDT+cVAQyLRYGIRuTGwG4yRpu9zXYD5kqkQpEmI/ulmLccXU+vZxB4wk/HICFKgyepdbMGr/XpWWGkqiBT3TdFgwXURCvSGKh0TEI0k8N7dwrMOFcR6j+uoqAH0rJPmKNcKnmck3KlwxhZkTTDMAa9rRXDkrL7tGsykXBsEzzW6aYgLGC/61nf0HNLRg5ea+umZwdigXxdJ3m9Z9Vqd/maMbDtPQZrLDVzsNfVTd+/+sJJJEl+8hnkZf7v+tCvNx0srUjGMAaAjiKPDU+z8C/QD9fdnAMNhbJuzULM45SWnTKx290ZbcmseS2PTQ7Qn7cD/3K5ugHNkeZH2vxBD7Ri5CxflIzFl1CwOhqlmu/yP59dVPbKjUb2/VuXkT9F3I00hKCb3HrE3txvQrPzhaU8ABJ405uuZnYmQfWi6bguCZeDD7Y4llYLEOf61ab+hb1AaNUvYWYT66IFoo0GNKwq98YQLn34GIcj0RBHaVXtlakKADN3/flTH08HXU8R59dsWiHB/chl5n6gQwrpjZFhk2uXY/zKvyfPQyXdMky1orDzR/VevGBtiUH3TDktOzKw7MnsfVqJ0HKBRQa17FNplLUxbuGuOxb16hhux4uhShy1gCBbTK3mpM4MqGFeqxVQ4oZsze1hw5paeChUADEVLSYn7mhF+Xv8nJLvRtkXFtHpAD+fnY9RVahThZJuZcHKJv0I+hPqpvvKLk71hK+lmzYFtHI+Xj1x07M/XQ+ojcaCE2gji6qo2QoLqT7GXk3Xo4SCVfmxN0d52b8BdydQdRh5G/WTQJewFKThY7s/JK3MpHZnsxmjhyzgu1bd1scdt6vgLEssYxWdB0PrCqjbw8C+RIyXCr//BuN37iQt9MqbAuiqhTUe4bVtZeckLN1RWc/m9wvvLCW30SEBh+xJp8zvcZXjBowlifYmRqvVv5YPkU1lQH1RnRY1mBH8PGl+WzmgrzD86XXUzn+xsY8Sl//+kNbNctnjM4atWiLvQ4fZPdcciHhsIy+vUDZccePqIt5RjUyYmjMHULeCfYv0ntmBFbFfu1PZPj6jwyTCsvctMeL5gaWw4uqS0OdPjhWnPaQa8vWZViLg6uKpqNk8UmM3sWHziNo6md/0X0d4NfnBZt8nc1bXCsOBxTH6r6IDkOwVUAxgpoghuEbHg8XZjQ1pndIwNv1FkkXigvFBC53kvWTwcoAXUIwdr6LOums/bsj3l6PVrvg7x+sYAwj0sVjneHqxFzzrRXJgtXmu+8wWPn5Hxbr3WV6pobOnQyxCip2U+YCmkFmugPfMwj65BBVXXNHoqhXlxC3O2SCVg3hawDzc1xhyBm20D5ooqiKySWl0EuUuiKd4uiiPraWQ6x2j32sVblEVEhpYnPa5jkoweu/IRUqpG7QBe01mULEDLxO8hVK96APa/4yHnN07vXNvM6j2D6jzLZZZS
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(38070700021);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: pFUzvV7Iw1qmp8DkYCo/ku2p3s+LMIgHUreDFnfElqdU5r1movTwsF+MiXEPuPkI7SX9+xUuemPfQZSzLBamK/awMQdiD9PhJD8VzeQePp159KX0pvdBwqUf89jACqpD4mNUCnMYeuKShxe2qA0UwP3BHRzN5BC150nDggk9AgcDZ+PphbAXuqcokw+oaz4pHDHlgXKm9NM37brm5Vqg8d3tjKegG8fD94unk3lv9JOB7mQKxzU/NTPeepN1mvxiTafiywYmyLgaGZ1al/YA00hXnHlDYqivqZadK6fsyCZW7fvVnFwNc+uXfkdRPgf1GUCEa+sfuhyC29RqFSLM9wAqF/OLXINhN9NBzXw+P90s5fxGkg53KvjpNRR4GZ5qxSVtv5OTge7mLGFBQ9cnnRcLfq1Q5j8fpWxgQS65r9vQnvSbeWAi0kfxMAE16KWr0mV/2RmfUd66iD5ek2gLxdFpBKh5Cqprovi31pJ707M3/4dHZ5UD3B4V+LPEW4zbR1Yy2ZjcQuwiagkURH4g38+DDKCggk3ikAn8s0Z1+IXwXgQAaaukrHlUYQTc/GqjlzmYLhcsI3y5NsKxGeeBlEkP+xhGsRI1nguavggi2oit+4xMrYfuVyAscLN60zHvq1tvlTleZpZBeXZr/7qrFCsvsoLF4Y/lb5oeoQgiPTXhwXYgMFX00VW5fQtB7AogntvsMVM3AKfxrM3A31r9A9dk986ANzhzEc3kzySEJpmyiqQFjuGvCcAe602eEY41kFPva8TOsJ/LnwYBmZWw1WzuDfknDxFURW0Q2WwtBz7P3dQ1lF1W11yviyZxD7ezr4nnBLJDAFN3R/wV43cIfnRKVu6Dh2IuZE7VWa0Pkymgyn31vQjhpr8Ja3sAYBRXneTOYNIW+M7XCuKUU5b17O71eNERC7U0bOg4VGOoydhivSFvhmjlaMHHEIi7lYo7lBzNB1LC4uiWa7qk01xZt4RHMpOBqgBrvkFtZSWX0sbilxJv4yOZ1/c+glt0xwkggFnJqlpD+imBit6W0CA2tgY4zWksmAGkBBl323hz+yhmBrYDWyJCzlZc5JP/TiyckAa2ILdnz1sACbohnRmMd2mJ2pZwJYwIVxXN5683dEOeKUL4J2cPkmi2EUM21aue17s0238qi10dhwgMLn6mg3d+5c3TlwfffSfcumBmZXdn+fQHuIm23ZE+vYAZqln891Y0NTZl3O0SQPrO6WOSLwUPzo4RcwUdcRK1NpqKAOaevwHDDHvbb8cNBkCjiFxRRWvTmVJO8eoYsggig08xo12tVjpOC+yG/u+9cCOwHHSZjIS8da6970TklHg5tSTi80EJbgf3izRcKqmTKbqLIxzTmVGeisywxw/2I6ZGqKruIJ2J1XvhabYvsH1+V2cJ8UbtMQfB019xhxyrG7pKUWuJDmGnJpoW4vWLVIaWG5+p5k6/31PAWXSmJ5rqIkxslP2Q48VEFC/KtL9py7Kz4nYI6Qs153ubMnLsPb++8DJVAhKGNrola8De+1jfDQgwuID+qxBSxMpZh9tmZ0E3BwfuYCOenG/x8AqwTGVZMBtkzbu+B/L7F5Zf4eQipRpF
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 0a07f048-f582-4a59-a7e7-08de218d0aa2
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Nov 2025 01:44:38.5331 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: tf+jJVNGGBG1Uq5k4vjlRYr4Ld0yQcVkvBXAaqDaZmb26n46F0/zf/M//iuzwTYq41AEhUzeHgvcj9/1qFQoEn1kJT6ssgPLVkivB6msNtc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SY7P300MB0065
Message-ID-Hash: M3JSNJCEB2VP3DNV5BAWFY3P4ITZJ23E
X-Message-ID-Hash: M3JSNJCEB2VP3DNV5BAWFY3P4ITZJ23E
X-MailFrom: pgut001@cs.auckland.ac.nz
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Fabian Bäumer <fabian.baeumer@rub.de>, "ssh@ietf.org" <ssh@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Ssh] Re: New draft: draft-miller-sshm-strict-kex
List-Id: "The SSH mail list will allow discussions on improving aspects of the Secure Shell (SSH) protocol." <ssh.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ssh/OrVjODeKPLEqS7m79Po-Tg5AKEk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ssh>
List-Help: <mailto:ssh-request@ietf.org?subject=help>
List-Owner: <mailto:ssh-owner@ietf.org>
List-Post: <mailto:ssh@ietf.org>
List-Subscribe: <mailto:ssh-join@ietf.org>
List-Unsubscribe: <mailto:ssh-leave@ietf.org>

Damien Miller <djm@mindrot.org> writes:

>Strict KEX improves the properties of the key exchange regardless of the
>transport cipher/MAC, so IMO it's highly desirable.

It's also so tricky to implement that it's incredibly hard to get right, see
"Finding SSH Strict Key Exchange Violations by State Learning", only two
implementations they tested didn't contain strict KEX violations (one of them
was OpenSSH).  And those were significant public implementations, not the long
tail of lesser-visible SSH implementations which are likely to be much worse.

Based on the data we have I think it's safe to assume that the strict KEX
band-aid doesn't work in practice because it's too difficult to get right.

>At some point in the future, OpenSSH will warn when strict KEX is not offered
>by the peer

What will it do if the peer doesn't offer the vulnerable mechanism that needs
the strict KEX band-aid in the first place?

Peter.

v2.36.0 | Report a Bug | By Email | System Status