From owner-ietf-ssh@clinet.fi Wed Jul 5 23:26:50 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id XAA07603 for ; Wed, 5 Jul 2000 23:26:49 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id XAA06762 for ; Wed, 5 Jul 2000 23:26:48 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id WAA12297 for ietf-ssh-outgoing; Wed, 5 Jul 2000 22:28:16 +0300 Received: from syrinx.oankali.net (syrinx.oankali.net [206.243.169.50]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id WAA12294 for ; Wed, 5 Jul 2000 22:28:14 +0300 Received: (from res@localhost) by syrinx.oankali.net (8.9.3/8.9.3) id PAA25971; Wed, 5 Jul 2000 15:26:46 -0400 Date: Wed, 5 Jul 2000 15:26:46 -0400 Message-Id: <200007051926.PAA25971@syrinx.oankali.net> From: "Richard E. Silverman" To: SECSH Discussion List Subject: comment in the 1.5 protocol spec Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 1249 Lines: 24 In the old RFC documenting the SSH-1.5 protocol, in the description of RSA user authentication, there is the following: ... and the challenge put in the remaining bytes. This is then encrypted with the public key. (The padding and encryption algorithm is the same as that used for the session key.) The client decrypts the challenge using its private key, concatenates it with the session id, and computes an MD5 checksum of the resulting 48 bytes. The MD5 output is returned as 16 bytes in a SSH_CMSG_AUTH_RSA_RESPONSE message. (Note that the MD5 is necessary to avoid chosen plaintext attacks against RSA; the session id binds it to a specific session.) And this is indeed the way the current SSH1 software operates. I don't understand the comment about MD5. A chosen-plaintext attack would require the client to be encrypting the server-chosen challenge with its private key, that is, if it were returning a signature on an (unhashed) nonce. But in this case, if the client simply returned the plaintext challenge, it would not be revealing anything not already known to the server. An observer would obtain a plaintext/ciphertext pair of the client's *public* key -- but so what? Am I missing something? - Richard From owner-ietf-ssh@clinet.fi Thu Jul 6 13:03:24 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id NAA24331 for ; Thu, 6 Jul 2000 13:03:23 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id NAA18201 for ; Thu, 6 Jul 2000 13:03:22 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id LAA21933 for ietf-ssh-outgoing; Thu, 6 Jul 2000 11:59:51 +0300 Received: from samantha.lysator.liu.se (root@samantha.lysator.liu.se [130.236.254.202]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id LAA21921 for ; Thu, 6 Jul 2000 11:59:47 +0300 Received: from sture.lysator.liu.se (nisse@sture.lysator.liu.se [130.236.254.21]) by samantha.lysator.liu.se (8.9.3/8.9.3) with ESMTP id KAA23195; Thu, 6 Jul 2000 10:59:45 +0200 (MET DST) Received: (from nisse@localhost) by sture.lysator.liu.se (8.9.0/8.8.7) id KAA13505; Thu, 6 Jul 2000 10:59:42 +0200 (MET DST) To: "Richard E. Silverman" Cc: SECSH Discussion List Subject: Re: comment in the 1.5 protocol spec References: <200007051926.PAA25971@syrinx.oankali.net> From: nisse@lysator.liu.se (Niels Möller) Date: 06 Jul 2000 10:59:41 +0200 In-Reply-To: "Richard E. Silverman"'s message of "Wed, 5 Jul 2000 15:26:46 -0400" Message-ID: X-Mailer: Gnus v5.7/Emacs 20.7 Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 2784 Lines: 61 "Richard E. Silverman" writes: > In the old RFC documenting the SSH-1.5 protocol, in the description of RSA > user authentication, there is the following: > > ... and the challenge put in the remaining bytes. This is then encrypted > with the public key. (The padding and encryption algorithm is the same as > that used for the session key.) The client decrypts the challenge using its > private key, concatenates it with the session id, and computes an MD5 > checksum of the resulting 48 bytes. The MD5 output is returned as 16 bytes > in a SSH_CMSG_AUTH_RSA_RESPONSE message. (Note that the MD5 is necessary to > avoid chosen plaintext attacks against RSA; the session id binds it to a Protection against chosen-plaintext attacks on a public key cryptosystem doesn't make much sense; anyone who knows the _public_ key can encrypt any plaintext he likes. Perhaps the author really meant chosen _cipher_-text attack or some such? On the other hand, I don't see how the hashing makes any difference for chosen-ciphertext-attacks like the attack on PKCS#1 a few years ago. > specific session.) > > And this is indeed the way the current SSH1 software operates. I don't > understand the comment about MD5. A chosen-plaintext attack would require the > client to be encrypting the server-chosen challenge with its private key, that > is, if it were returning a signature on an (unhashed) nonce. Decrypting (as specified in the protocol) and signing is very similar, from the point of view of someone trying to get to the private RSA key. I think your phrases "encrypt something with the private key" is a little confusing. > But in this case, if the client simply returned the plaintext > challenge, it would not be revealing anything not already known to > the server. An observer would obtain a plaintext/ciphertext pair of > the client's *public* key -- but so what? I don't think you can assume that the plaintext is known to server. The server may have constructed the "encrypted challenge" it sends to the client in some other way than encrypting a known value. He may have got the challenge from eavesdropping on some other ssh sesion, or he may be trying some chosen-cipher-text attack. > Am I missing something? If you were returning the plaintext challenge, you provide the world[1] with a decryption oracle for your private key. That seems like an unwise thing to do, no matter if there is any practical way to exploit it. [1] Ok, not really the entire world; only the part of the world that can trick you to try to connect to them using ssh1. (I don't remember much of the ssh-1.5 protocol, so I may well be missing some crucial context. I also think the ssh-1.5 protocol is somewhat off-topic here). Regards, /Niels From owner-ietf-ssh@clinet.fi Thu Jul 6 20:32:53 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id UAA04550 for ; Thu, 6 Jul 2000 20:32:52 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id UAA08155 for ; Thu, 6 Jul 2000 20:32:51 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id TAA20832 for ietf-ssh-outgoing; Thu, 6 Jul 2000 19:41:10 +0300 Received: from syrinx.oankali.net (syrinx.oankali.net [206.243.169.50]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id TAA20829 for ; Thu, 6 Jul 2000 19:41:08 +0300 Received: (from res@localhost) by syrinx.oankali.net (8.9.3/8.9.3) id MAA27069; Thu, 6 Jul 2000 12:39:38 -0400 Date: Thu, 6 Jul 2000 12:39:38 -0400 (EDT) From: "Richard E. Silverman" X-Sender: res@syrinx.oankali.net Reply-To: "Richard E. Silverman" To: SECSH Discussion List Subject: Re: comment in the 1.5 protocol spec In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=X-UNKNOWN Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by mail.clinet.fi id TAA20830 Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 2536 Lines: 56 On 6 Jul 2000, Niels Möller wrote: > Protection against chosen-plaintext attacks on a public key > cryptosystem doesn't make much sense; anyone who knows the _public_ > key can encrypt any plaintext he likes. Well, such protection makes sense in a crypto*system*, since a public-key system contains private keys, and RSA is susceptible to chosen-plaintext attacks. However, the second half of this sentence restates my point exactly: I don't see how a chosen-plaintext attack applies in this situation. Perhaps we mean the same thing. > Decrypting (as specified in the protocol) and signing is very similar, > from the point of view of someone trying to get to the private RSA > key. I think your phrases "encrypt something with the private key" is > a little confusing. I don't see that they're similar at all. In the first, you get a chosen-plaintext/ciphertext pair encrypted with the public key; in the second, a pair from the private key. The first is useless since it is publically available knowledge; the second can provide valuable information in recovering the private key. > I don't think you can assume that the plaintext is known to server. > The server may have constructed the "encrypted challenge" it sends to > the client in some other way than encrypting a known value. He may > have got the challenge from eavesdropping on some other ssh sesion, or > he may be trying some chosen-cipher-text attack. This is a good point, thanks. > If you were returning the plaintext challenge, you provide the world[1] > with a decryption oracle for your private key. That seems like an unwise > thing to do, no matter if there is any practical way to exploit it. Ah, yes, I see; this is the real danger. If that key were used for encryption as well as signing, outside of SSH -- say for encrypting data files or email -- then this could be disastrous. I might be able to trick SSH into decrypting the bulk key for a sealed document sent to you, just by attempting to log in as you. > I also think the ssh-1.5 protocol is somewhat off-topic here The 1.5 protocol is in widespread use, much more widespread than 2.0. Given that, and the fact that several people on this list work for SSH Communications Security, which maintains the SSH1 software and distributes the 1.5 protocol spec with it, I had assumed that correct understanding of the 1.5 protocol would be a relevant topic for the secsh working group. I it isn't, I apologize. Nonetheless, thanks for your reply. -- Richard Silverman slade@shore.net From owner-ietf-ssh@clinet.fi Fri Jul 7 14:20:19 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id OAA02418 for ; Fri, 7 Jul 2000 14:20:18 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id OAA10859 for ; Fri, 7 Jul 2000 14:20:13 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id MAA16510 for ietf-ssh-outgoing; Fri, 7 Jul 2000 12:43:40 +0300 Received: from samantha.lysator.liu.se (root@samantha.lysator.liu.se [130.236.254.202]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id MAA16498 for ; Fri, 7 Jul 2000 12:43:37 +0300 Received: from sture.lysator.liu.se (nisse@sture.lysator.liu.se [130.236.254.21]) by samantha.lysator.liu.se (8.9.3/8.9.3) with ESMTP id LAA00621; Fri, 7 Jul 2000 11:43:35 +0200 (MET DST) Received: (from nisse@localhost) by sture.lysator.liu.se (8.9.0/8.8.7) id LAA25056; Fri, 7 Jul 2000 11:43:31 +0200 (MET DST) To: "Richard E. Silverman" Cc: SECSH Discussion List Subject: Re: comment in the 1.5 protocol spec References: From: nisse@lysator.liu.se (Niels Möller) Date: 07 Jul 2000 11:43:31 +0200 In-Reply-To: "Richard E. Silverman"'s message of "Thu, 6 Jul 2000 12:39:38 -0400 (EDT)" Message-ID: X-Mailer: Gnus v5.7/Emacs 20.7 Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 3121 Lines: 67 "Richard E. Silverman" writes: > On 6 Jul 2000, Niels Möller wrote: > > > Decrypting (as specified in the protocol) and signing is very similar, > > from the point of view of someone trying to get to the private RSA > > key. I think your phrases "encrypt something with the private key" is > > a little confusing. > > I don't see that they're similar at all. In the first, you get a > chosen-plaintext/ciphertext pair encrypted with the public key; in the > second, a pair from the private key. The first is useless since it is > publically available knowledge; the second can provide valuable > information in recovering the private key. As I see it, there are two games one can play with an RSA-subsystem: 1. Choose a message, and operate upon it using the public key. 2. Choose a message, and operate upon it using the private key (most likely by asking someone who knows the private key to do the actual operation). As the "operation" here, I'm primarily thinking of the exponentiation; if the chosen message is hashed before the exponentiation, we get a third game that is quite different. Game 1 is trivial, in the sense that there is no point to try to guard against it: If one can break RSA by playing game 1, the conclusion is that the public keys must be kept secret, which kind of breaks the entire point of using RSA as a public-key cryptosystem. Game 2 is more interesting. A setup where you sign arbitrary messages (without hashing; i.e. "encrypting with the private key"), or where you decrypt arbitrary alleged cryptotexts (as in the ssh1-spec, if the hashing step is omitted), both allow an attacker to play game 2. It is in this sense that a signing oracle and a decryption oracle are similar. Perhaps we're just using different language. > Ah, yes, I see; this is the real danger. If that key were used for > encryption as well as signing, outside of SSH -- say for encrypting data > files or email -- then this could be disastrous. I might be able to trick > SSH into decrypting the bulk key for a sealed document sent to you, just > by attempting to log in as you. One could perhaps also use it for a real-time MITM attack on an unrelated ssh session; this may be difficult to mount in practice but it would still be a very serious protocol flaw. > > I also think the ssh-1.5 protocol is somewhat off-topic here > > The 1.5 protocol is in widespread use, much more widespread than 2.0. > Given that, and the fact that several people on this list work for SSH > Communications Security, which maintains the SSH1 software and distributes > the 1.5 protocol spec with it, I had assumed that correct understanding of > the 1.5 protocol would be a relevant topic for the secsh working group. I > it isn't, I apologize. Ok, I see your point. Perhaps I'm the only member on the list that doesn't have much familiarity or interest in ssh-1 details. In fact, if I read this discussion as "how to use RSA for authentication" rather than "why does ssh-1 do things this particular way", I do find it interesting. So please disregard my complaint. Regards, /Niels From owner-ietf-ssh@clinet.fi Sat Jul 8 01:03:33 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id BAA06042 for ; Sat, 8 Jul 2000 01:03:32 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id BAA25511 for ; Sat, 8 Jul 2000 01:03:31 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id XAA19335 for ietf-ssh-outgoing; Fri, 7 Jul 2000 23:58:20 +0300 Received: from inner.net (avarice.inner.net [199.33.248.2]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id XAA19332 for ; Fri, 7 Jul 2000 23:58:18 +0300 Received: from mosquito ([216.52.8.30]) by inner.net (8.7.6/8.9.3) with ESMTP id UAA31492; Fri, 7 Jul 2000 20:43:26 GMT Message-Id: <4.2.0.58.20000706171806.0098fa50@avarice.inner.net> X-Sender: rja@avarice.inner.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Fri, 07 Jul 2000 16:54:35 -0400 To: "Richard E. Silverman" From: RJ Atkinson Subject: Re: comment in the 1.5 protocol spec Cc: SECSH Discussion List In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 942 Lines: 25 At 12:39 06/07/00 , Richard E. Silverman wrote: >This message uses a character set that is not supported by the Internet >Service. To view the original message content, open the attached >message. If the text doesn't display correctly, save the attachment to >disk, and then open it using a viewer that can display the original >character set. [attachment deleted] The above is totally unacceptable outcome for email sent to any IETF mailing list. IETF mailing lists ought only to have plain-text email with MIME-compliant headers and body and International Standard character sets. For IETF mailing lists, one has to assume that the mail is being read on some TTY/video-terminal and cannot assume Windows is on everyone's desktop. Please resend the original note using a MIME-compliant encoding of an International Standard character set (e.g. US-ASCII, ISO-646, ISO-8859-X). Thanks very much, Ran rja@inet.org From owner-ietf-ssh@clinet.fi Sat Jul 8 02:35:29 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id CAA09380 for ; Sat, 8 Jul 2000 02:35:29 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id CAA29232 for ; Sat, 8 Jul 2000 02:35:28 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id BAA25369 for ietf-ssh-outgoing; Sat, 8 Jul 2000 01:22:59 +0300 Received: from syrinx.oankali.net (syrinx.oankali.net [206.243.169.50]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id BAA25366 for ; Sat, 8 Jul 2000 01:22:57 +0300 Received: (from res@localhost) by syrinx.oankali.net (8.9.3/8.9.3) id SAA06501; Fri, 7 Jul 2000 18:20:43 -0400 Date: Fri, 7 Jul 2000 18:20:43 -0400 (EDT) From: "Richard E. Silverman" X-Sender: res@syrinx.oankali.net Reply-To: "Richard E. Silverman" To: RJ Atkinson cc: SECSH Discussion List Subject: Re: comment in the 1.5 protocol spec In-Reply-To: <4.2.0.58.20000706171806.0098fa50@avarice.inner.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 1681 Lines: 42 On Fri, 7 Jul 2000, RJ Atkinson wrote: > At 12:39 06/07/00 , Richard E. Silverman wrote: > >This message uses a character set that is not supported by the Internet > >Service. To view the original message content, open the attached > >message. If the text doesn't display correctly, save the attachment to > >disk, and then open it using a viewer that can display the original > >character set. [attachment deleted] This is incorrect. I did not write this, nor was that text part of the message I sent, nor was there an attachment. The message as it left my system was plain-text and not MIME-multipart. The text you quote, and the message structure, were introduced elsewhere on its path to you. If I had to guess, I'd say your mail reader (Eudora) did it, in response to the character set issue. When Niels sent his first reply, it was technically malformatted (at least according to my understanding of the relevant RFCs): it contained an 8-bit ISO-8859-1 character (o-umlaut) in the From: header (his last name), without using RFC-1522 encoding. Since I quoted his name in my reply, my mail reader marked the message: Content-Type: TEXT/PLAIN; charset=X-UNKNOWN I have since reset it to mark messages with an unknown character set as ISO-8859-1 instead, which will probably work most of the time for typically broken messages. > ... and cannot assume Windows is on everyone's desktop. I don't know where you got this from; I use Pine under Linux. > Please resend the original note using a MIME-compliant > encoding of an International Standard character set > (e.g. US-ASCII, ISO-646, ISO-8859-X). Fine. -- Richard Silverman slade@shore.net From owner-ietf-ssh@clinet.fi Sat Jul 8 02:56:56 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id CAA09961 for ; Sat, 8 Jul 2000 02:56:55 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id CAA00070 for ; Sat, 8 Jul 2000 02:56:55 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id BAA26194 for ietf-ssh-outgoing; Sat, 8 Jul 2000 01:36:51 +0300 Received: from syrinx.oankali.net (syrinx.oankali.net [206.243.169.50]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id BAA26189 for ; Sat, 8 Jul 2000 01:36:49 +0300 Received: (from res@localhost) by syrinx.oankali.net (8.9.3/8.9.3) id SAA06564; Fri, 7 Jul 2000 18:35:32 -0400 Date: Fri, 7 Jul 2000 18:35:31 -0400 (EDT) From: "Richard E. Silverman" X-Sender: res@syrinx.oankali.net Reply-To: "Richard E. Silverman" To: SECSH Discussion List Subject: Re: comment in the 1.5 protocol spec (RESENT) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by mail.clinet.fi id BAA26191 Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 2537 Lines: 57 On 6 Jul 2000, Niels Möller wrote: > Protection against chosen-plaintext attacks on a public key > cryptosystem doesn't make much sense; anyone who knows the _public_ > key can encrypt any plaintext he likes. Well, such protection makes sense in a crypto*system*, since a public-key system contains private keys, and RSA is susceptible to chosen-plaintext attacks. However, the second half of this sentence restates my point exactly: I don't see how a chosen-plaintext attack applies in this situation. Perhaps we mean the same thing. > Decrypting (as specified in the protocol) and signing is very similar, > from the point of view of someone trying to get to the private RSA > key. I think your phrases "encrypt something with the private key" is > a little confusing. I don't see that they're similar at all. In the first, you get a chosen-plaintext/ciphertext pair encrypted with the public key; in the second, a pair from the private key. The first is useless since it is publically available knowledge; the second can provide valuable information in recovering the private key. > I don't think you can assume that the plaintext is known to server. > The server may have constructed the "encrypted challenge" it sends to > the client in some other way than encrypting a known value. He may > have got the challenge from eavesdropping on some other ssh sesion, or > he may be trying some chosen-cipher-text attack. This is a good point, thanks. > If you were returning the plaintext challenge, you provide the world[1] > with a decryption oracle for your private key. That seems like an unwise > thing to do, no matter if there is any practical way to exploit it. Ah, yes, I see; this is the real danger. If that key were used for encryption as well as signing, outside of SSH -- say for encrypting data files or email -- then this could be disastrous. I might be able to trick SSH into decrypting the bulk key for a sealed document sent to you, just by attempting to log in as you. > I also think the ssh-1.5 protocol is somewhat off-topic here The 1.5 protocol is in widespread use, much more widespread than 2.0. Given that, and the fact that several people on this list work for SSH Communications Security, which maintains the SSH1 software and distributes the 1.5 protocol spec with it, I had assumed that correct understanding of the 1.5 protocol would be a relevant topic for the secsh working group. I it isn't, I apologize. Nonetheless, thanks for your reply. -- Richard Silverman slade@shore.net From owner-ietf-ssh@clinet.fi Sat Jul 8 02:43:27 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id CAA09643 for ; Sat, 8 Jul 2000 02:43:27 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id CAA29637 for ; Sat, 8 Jul 2000 02:43:26 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id BAA26787 for ietf-ssh-outgoing; Sat, 8 Jul 2000 01:45:43 +0300 Received: from inner.net (avarice.inner.net [199.33.248.2]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id BAA26783 for ; Sat, 8 Jul 2000 01:45:42 +0300 Received: from mosquito ([216.52.8.30]) by inner.net (8.7.6/8.9.3) with ESMTP id WAA31602; Fri, 7 Jul 2000 22:31:02 GMT Message-Id: <4.2.0.58.20000707184022.009857a0@avarice.inner.net> X-Sender: rja@avarice.inner.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Fri, 07 Jul 2000 18:42:14 -0400 To: "Richard E. Silverman" From: RJ Atkinson Subject: Re: comment in the 1.5 protocol spec Cc: SECSH Discussion List In-Reply-To: References: <4.2.0.58.20000706171806.0098fa50@avarice.inner.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 827 Lines: 28 At 18:20 07/07/00 , Richard E. Silverman wrote: > Since I quoted his name in my reply, my mail reader marked the message: > > Content-Type: TEXT/PLAIN; charset=X-UNKNOWN THanks for the detailed clarification. >I have since reset it to mark messages with an unknown character set as >ISO-8859-1 instead, which will probably work most of the time for >typically broken messages. Great. Thanks very much. > > ... and cannot assume Windows is on everyone's desktop. > >I don't know where you got this from; I use Pine under Linux. I made an educated guess, which turned out to be wrong. :-( This turns out to be a really really widespread problem lately. The most common cause (by far) is folks stuck using MS-Exchange, which often sends mail using some weird non-ISO, non-ASCII proprietary character set. Thanks, Ran From owner-ietf-ssh@clinet.fi Sat Jul 15 00:04:39 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id AAA03170 for ; Sat, 15 Jul 2000 00:04:39 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id AAA12665 for ; Sat, 15 Jul 2000 00:04:38 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id WAA01657 for ietf-ssh-outgoing; Fri, 14 Jul 2000 22:57:29 +0300 Received: from sultan.cceb.upenn.edu (SULTAN.CCEB.UPENN.EDU [165.123.126.23]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id WAA01652 for ; Fri, 14 Jul 2000 22:57:25 +0300 Received: from cceb.upenn.edu ([165.123.126.136]) by sultan.cceb.upenn.edu (Netscape Messaging Server 3.6) with ESMTP id AAA25BC for ; Fri, 14 Jul 2000 15:57:22 -0400 Message-ID: <396F70A4.FB70EA45@cceb.upenn.edu> Date: Fri, 14 Jul 2000 15:57:24 -0400 From: "Govind Vinjamuri" X-Mailer: Mozilla 4.72 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: ietf-ssh@clinet.fi Subject: ssh nad root Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 112 Lines: 6 Does anyone know the flag for disabling root ssh login thanks only if you have a solution, just kidding. Gov From owner-ietf-ssh@clinet.fi Sat Jul 15 05:59:38 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id FAA19748 for ; Sat, 15 Jul 2000 05:59:38 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id FAA24593 for ; Sat, 15 Jul 2000 05:59:37 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id FAA26403 for ietf-ssh-outgoing; Sat, 15 Jul 2000 05:14:51 +0300 Received: from sp2n17.missouri.edu (sp2n17-t.missouri.edu [128.206.2.27]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id FAA26400 for ; Sat, 15 Jul 2000 05:14:49 +0300 Received: from tortoise15 (Mizzou-AS-228096.missouri.edu [128.206.228.96]) by sp2n17.missouri.edu (8.9.0/8.9.0) with SMTP id VAA23936; Fri, 14 Jul 2000 21:14:07 -0500 From: "Calvin Bebermeyer" To: "Govind Vinjamuri" , Subject: RE: ssh nad root Date: Fri, 14 Jul 2000 21:15:17 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal In-Reply-To: <396F70A4.FB70EA45@cceb.upenn.edu> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 427 Lines: 21 yes we do ... PermitRootLogin no Calvin Bebermeyer 2000-2001 MU-ACM Program Chair calvinb@acm.org -----Original Message----- From: owner-ietf-ssh@clinet.fi [mailto:owner-ietf-ssh@clinet.fi]On Behalf Of Govind Vinjamuri Sent: Friday, July 14, 2000 2:57 PM To: ietf-ssh@clinet.fi Subject: ssh nad root Does anyone know the flag for disabling root ssh login thanks only if you have a solution, just kidding. Gov From owner-ietf-ssh@clinet.fi Thu Jul 20 20:48:50 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id UAA18954 for ; Thu, 20 Jul 2000 20:48:49 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id UAA20904 for ; Thu, 20 Jul 2000 20:48:48 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id SAA24054 for ietf-ssh-outgoing; Thu, 20 Jul 2000 18:58:09 +0300 Received: from snark.piermont.com (snark.piermont.com [206.1.51.10]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id SAA24050 for ; Thu, 20 Jul 2000 18:58:07 +0300 Received: by snark.piermont.com (Postfix, from userid 1000) id A34D31E00A4; Thu, 20 Jul 2000 11:58:05 -0400 (EDT) From: "Perry E. Metzger" To: ietf-ssh@clinet.fi Subject: New working group chair Date: 20 Jul 2000 11:58:05 -0400 Message-ID: <87aefc23qq.fsf@snark.piermont.com> Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 840 Lines: 19 I'm pleased to announce that Bill Sommerfeld (sommerfeld@east.sun.com) will be taking over from me as working group chair. As everyone has doubtless noticed, the documents have been languishing for quite some time. This has largely been because I've been too busy to devote enough effort to pushing the work product out the door. Many of you know Bill from his long time association with other IETF working groups, especially in the security area. He is eminently qualified for this role, both from the viewpoint of technical expertise and temperament, and I'm very happy that he has agreed to take on the task of seeing the working group through to completion. Welcome aboard, Bill, and thanks for taking the baton! -- Perry E. Metzger perry@wasabisystems.com -- Quality NetBSD Sales, Support & Service. http://www.wasabisystems.com/ From owner-ietf-ssh@clinet.fi Thu Jul 20 21:39:06 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id VAA21836 for ; Thu, 20 Jul 2000 21:39:06 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id VAA24292 for ; Thu, 20 Jul 2000 21:39:06 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id UAA31162 for ietf-ssh-outgoing; Thu, 20 Jul 2000 20:49:21 +0300 Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id UAA31158 for ; Thu, 20 Jul 2000 20:49:20 +0300 Received: from eastmail1.East.Sun.COM ([129.148.1.240]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id KAA02648 for ; Thu, 20 Jul 2000 10:48:58 -0700 (PDT) Received: from thunk.east.sun.com (thunk.East.Sun.COM [129.148.174.66]) by eastmail1.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v1.7) with ESMTP id NAA02594 for ; Thu, 20 Jul 2000 13:48:02 -0400 (EDT) Received: from thunk.east.sun.com (localhost [127.0.0.1]) by thunk.east.sun.com (8.10.2+Sun/8.10.2) with ESMTP id e6KHlfJ117017 for ; Thu, 20 Jul 2000 13:47:41 -0400 (EDT) Message-Id: <200007201747.e6KHlfJ117017@thunk.east.sun.com> From: Bill Sommerfeld To: ietf-ssh@clinet.fi Subject: secsh meeting in pittsburgh: call for agenda items. In-reply-to: Your message of "20 Jul 2000 11:58:05 EDT." <87aefc23qq.fsf@snark.piermont.com> Reply-to: sommerfeld@east.sun.com Date: Thu, 20 Jul 2000 13:47:41 -0400 Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 1059 Lines: 31 As Perry mentioned, I've been persuaded to take over as working group chair. I've arranged for this working group to meet at the Pittsburgh IETF; according to the current schedule, we'll be meeting Wednesday afternoon at 1pm. We need an agenda for the meeting, so I'll shortly be going through back traffic to this mailing list looking for any open issues/problems with the existing drafts. If there are topics you believe should discussed in the meeting, please let me know; in the interests of getting the core secsh documents moving again, priority will be given to discussions of the existing drafts. It is my hope that we can start the documents on their way through last calls and on their way to the IESG shortly after the Pittsburgh meeting. Now would be a good time for folks to do a careful review of the four existing drafts: draft-ietf-secsh-architecture-05.txt draft-ietf-secsh-transport-07.txt draft-ietf-secsh-userauth-07.txt draft-ietf-secsh-connect-07.txt Please send comments to this list. Thanks for your time, - Bill From owner-ietf-ssh@clinet.fi Sun Jul 23 03:26:52 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id DAA15943 for ; Sun, 23 Jul 2000 03:26:51 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id DAA24996 for ; Sun, 23 Jul 2000 03:26:50 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id CAA22460 for ietf-ssh-outgoing; Sun, 23 Jul 2000 02:22:08 +0300 Received: from asgard.tky.hut.fi (asgard.tky.hut.fi [130.233.29.146]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id CAA22455 for ; Sun, 23 Jul 2000 02:22:07 +0300 Received: (from sjl@localhost) by asgard.tky.hut.fi (8.9.3/8.9.3) id CAA25531; Sun, 23 Jul 2000 02:20:11 +0300 From: Sami Lehtinen MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Message-ID: <14714.11307.410023.751051@asgard.tky.hut.fi> Date: Sun, 23 Jul 2000 02:20:11 +0300 (EEST) To: sommerfeld@east.sun.com Cc: ietf-ssh@clinet.fi, ylo@ssh.fi Subject: secsh meeting in pittsburgh: call for agenda items. In-Reply-To: <200007201747.e6KHlfJ117017@thunk.east.sun.com> References: <87aefc23qq.fsf@snark.piermont.com> <200007201747.e6KHlfJ117017@thunk.east.sun.com> X-Mailer: VM 6.72 under 21.1 (patch 10) "Capitol Reef" XEmacs Lucid Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 945 Lines: 24 Bill Sommerfeld, on July 20. 2000, wrote: : Now would be a good time for folks to do a careful review of the four : existing drafts: : : draft-ietf-secsh-architecture-05.txt : draft-ietf-secsh-transport-07.txt : draft-ietf-secsh-userauth-07.txt : draft-ietf-secsh-connect-07.txt : : Please send comments to this list. As Markus Friedl, Niels Möller and I have already commented on this list, I will be removing the unnecessary ``length'' fields from the certificate and public key encoding. It will also be removed from the encoded signature. This is because the signatures and public keys are encoded as strings in all the messages they are used. This change will only affect the transport draft. Regards, -- [sjl@ssh.com -- Sami J. Lehtinen -- sjl@iki.fi] [work:+358 9 85657425][gsm:+358 50 5170 258][http://www.iki.fi/~sjl] [SSH Communications Security Corp http://www.ssh.com/] From owner-ietf-ssh@clinet.fi Mon Jul 24 01:34:46 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id BAA12014 for ; Mon, 24 Jul 2000 01:34:45 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id BAA04695 for ; Mon, 24 Jul 2000 01:34:43 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id AAA20889 for ietf-ssh-outgoing; Mon, 24 Jul 2000 00:40:20 +0300 Received: from inner.net (avarice.inner.net [199.33.248.2]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id AAA20886 for ; Mon, 24 Jul 2000 00:40:17 +0300 Received: from mosquito ([216.52.8.30]) by inner.net (8.7.6/8.9.3) with ESMTP id VAA19577; Sun, 23 Jul 2000 21:36:48 GMT Message-Id: <4.2.0.58.20000723173237.0097b100@avarice.inner.net> X-Sender: rja@avarice.inner.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Sun, 23 Jul 2000 17:35:49 -0400 To: Sami Lehtinen From: RJ Atkinson Subject: Re: secsh meeting in pittsburgh: call for agenda items. Cc: ietf-ssh@clinet.fi, ylo@ssh.fi In-Reply-To: <14714.11307.410023.751051@asgard.tky.hut.fi> References: <200007201747.e6KHlfJ117017@thunk.east.sun.com> <87aefc23qq.fsf@snark.piermont.com> <200007201747.e6KHlfJ117017@thunk.east.sun.com> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 642 Lines: 18 At 19:20 22/07/00 , Sami Lehtinen wrote: >As Markus Friedl, Niels Möller and I have already commented on this >list, I will be removing the unnecessary ``length'' fields from the >certificate and public key encoding. It will also be removed from the >encoded signature. This is because the signatures and public keys are >encoded as strings in all the messages they are used. > >This change will only affect the transport draft. Ought this not receive broader WG discussion before being made ? At least in theory this is an open IETF standard, rather than the private specification of SSH Communications Security... :-) Ran rja@inet.org From owner-ietf-ssh@clinet.fi Mon Jul 24 18:27:37 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id SAA18971 for ; Mon, 24 Jul 2000 18:27:36 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id SAA10849 for ; Mon, 24 Jul 2000 18:27:35 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id RAA16051 for ietf-ssh-outgoing; Mon, 24 Jul 2000 17:01:34 +0300 Received: from ssh.com (fw.hel.fi.ssh.com [193.64.193.124]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id RAA16047 for ; Mon, 24 Jul 2000 17:01:33 +0300 Received: from torni.hel.fi.ssh.com (torni.hel.fi.ssh.com [10.1.0.43]) by ssh.com (8.9.3/8.9.3/SSH-1.16) with ESMTP id RAA17276 for ; Mon, 24 Jul 2000 17:01:33 +0300 (EEST) Received: (from sshlist@localhost) by torni.hel.fi.ssh.com (8.9.3/8.9.3/SSH-1.17) id RAA23039 for ietf-ssh@clinet.fi; Mon, 24 Jul 2000 17:01:33 +0300 (EET DST) Received: (from ylo@localhost) by torni.hel.fi.ssh.com (8.9.3/8.9.3/SSH-1.17) id AAA16672; Mon, 24 Jul 2000 00:40:13 +0300 (EET DST) Date: Mon, 24 Jul 2000 00:40:13 +0300 (EET DST) Message-Id: <200007232140.AAA16672@torni.hel.fi.ssh.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit From: Tatu Ylonen To: sommerfeld@east.sun.com Cc: Sami Lehtinen , ietf-ssh@clinet.fi Subject: secsh meeting in pittsburgh: call for agenda items. In-Reply-To: <14714.11307.410023.751051@asgard.tky.hut.fi> References: <87aefc23qq.fsf@snark.piermont.com> <200007201747.e6KHlfJ117017@thunk.east.sun.com> <14714.11307.410023.751051@asgard.tky.hut.fi> X-Mailer: VM 6.34 under Emacs 19.34.2 Organization: SSH Communications Security, Finland Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 1263 Lines: 34 I'm writing a draft on Kerberos V5 support in SSH2, and would like to have a short presentation/discussion on that at the meeting. The general idea is very simple: Two new authentication methods, "kerberos" and "kerberos-tgt", plus allowing the user name passed in the authentication protocol to be in the form "@", in addition to just user name. The "kerberos" method passes a "host" ticket, whereas the "kerberos-tgt" passes a ticket granting ticket. The only method-specific field in the authentication packets is a string containing the ticket. If "user@realm" syntax is used for the user name, it should be mapped to a local name. The "password" method should also check for kerberos passwords. If successfully authenticating using either "kerberos-tgt" or "password" (using kerberos passwords), the ticket granting ticket should be stored in the user's credentials cache (as if kinit had been done for the user). I should have the draft ready in a couple of days (or maybe even later today), and I will send it to this list before the IETF. Tatu -- SSH Communications Security http://www.ssh.com/ SSH IPSEC Toolkit http://www.ipsec.com/ SSH(R) Secure Shell(TM) http://www.ssh.com/ssh From owner-ietf-ssh@clinet.fi Mon Jul 24 19:00:12 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id TAA20774 for ; Mon, 24 Jul 2000 19:00:11 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id TAA13392 for ; Mon, 24 Jul 2000 19:00:10 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id RAA21009 for ietf-ssh-outgoing; Mon, 24 Jul 2000 17:45:41 +0300 Received: from inner.net (avarice.inner.net [199.33.248.2]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id RAA21004 for ; Mon, 24 Jul 2000 17:45:37 +0300 Received: from mosquito ([216.52.8.30]) by inner.net (8.7.6/8.9.3) with ESMTP id OAA20144; Mon, 24 Jul 2000 14:42:02 GMT Message-Id: <4.2.0.58.20000724103533.0096f550@avarice.inner.net> X-Sender: rja@avarice.inner.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Mon, 24 Jul 2000 10:41:29 -0400 To: RJ Atkinson From: RJ Atkinson Subject: Re: secsh meeting in pittsburgh: call for agenda items. Cc: Sami Lehtinen , ietf-ssh@clinet.fi, ylo@ssh.fi In-Reply-To: <4.2.0.58.20000723173237.0097b100@avarice.inner.net> References: <14714.11307.410023.751051@asgard.tky.hut.fi> <200007201747.e6KHlfJ117017@thunk.east.sun.com> <87aefc23qq.fsf@snark.piermont.com> <200007201747.e6KHlfJ117017@thunk.east.sun.com> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 1642 Lines: 40 >At 19:20 22/07/00 , Sami Lehtinen wrote: > > >As Markus Friedl, Niels Möller and I have already commented on this > >list, I will be removing the unnecessary ``length'' fields from the > >certificate and public key encoding. It will also be removed from the > >encoded signature. This is because the signatures and public keys are > >encoded as strings in all the messages they are used. > > > >This change will only affect the transport draft. I'll try again and maybe be more clear. Various folks (including my employer and its myriad customers) have already SHIPPED and DEPLOYED SSHv2, therefore changing the protocol on the wire is highly undesirable at this point in time. If we are merely sending data that isn't needed, but is not actually incorrect or harmful, we probably ought not be changing the spec (and thereby removing what interoperability exists at present). There are more than 3 implementers at this point, so ALL changes ought to go through a normal IETF "propose to the mailing list", "list discusses proposal", then "document is changed if and only if there is clear consensus to make the change" process. Generally speaking, the goal at this point ought to be to AVOID changing the protocol, though updating documents to reflect the as-built, as-shipped, as-deployed protocol would obviously be useful and a good thing. If there is a specific flaw in the currently specified protocol, then that ought to be outlined before the WG (as a whole, not one or two individuals) so the group collective can figure out how to proceed. All IMHO. Ran rja@inet.org From owner-ietf-ssh@clinet.fi Mon Jul 24 18:59:55 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id SAA20702 for ; Mon, 24 Jul 2000 18:59:55 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id SAA13338 for ; Mon, 24 Jul 2000 18:59:54 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id RAA21293 for ietf-ssh-outgoing; Mon, 24 Jul 2000 17:49:46 +0300 Received: from asgard.tky.hut.fi (asgard.tky.hut.fi [130.233.29.146]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id RAA21290 for ; Mon, 24 Jul 2000 17:49:45 +0300 Received: (from sjl@localhost) by asgard.tky.hut.fi (8.9.3/8.9.3) id RAA27000; Mon, 24 Jul 2000 17:47:48 +0300 From: Sami Lehtinen MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14716.22292.55071.340992@asgard.tky.hut.fi> Date: Mon, 24 Jul 2000 17:47:48 +0300 (EEST) To: Tatu Ylonen Cc: RJ Atkinson , ietf-ssh@clinet.fi Subject: Re: secsh meeting in pittsburgh: call for agenda items. In-Reply-To: <200007232156.AAA18723@torni.hel.fi.ssh.com> References: <200007201747.e6KHlfJ117017@thunk.east.sun.com> <87aefc23qq.fsf@snark.piermont.com> <14714.11307.410023.751051@asgard.tky.hut.fi> <4.2.0.58.20000723173237.0097b100@avarice.inner.net> <200007232156.AAA18723@torni.hel.fi.ssh.com> X-Mailer: VM 6.72 under 21.1 (patch 10) "Capitol Reef" XEmacs Lucid Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 863 Lines: 18 Tatu Ylonen, on July 24. 2000, wrote: [length field in signatures and certificate/public key encoding] : > Ought this not receive broader WG discussion before being made ? : > : > At least in theory this is an open IETF standard, rather than : > the private specification of SSH Communications Security... :-) : : Markus is working on OpenSSH, and Niels is doing the GNU LSH : implementation. Neither of them works for SSH Communications : Security. In any case, this *is* the secsh WG mailing list... :-) Also, the change has already been discussed here at length. If you (RJ) have differing views, please post them to the list. -- [sjl@ssh.com -- Sami J. Lehtinen -- sjl@iki.fi] [work:+358 9 85657425][gsm:+358 50 5170 258][http://www.iki.fi/~sjl] [SSH Communications Security Corp http://www.ssh.com/] From owner-ietf-ssh@clinet.fi Mon Jul 24 23:08:49 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id XAA02876 for ; Mon, 24 Jul 2000 23:08:48 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id XAA00994 for ; Mon, 24 Jul 2000 23:08:42 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id VAA07213 for ietf-ssh-outgoing; Mon, 24 Jul 2000 21:51:35 +0300 Received: from ssh.com (fw.hel.fi.ssh.com [193.64.193.124]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id VAA07210 for ; Mon, 24 Jul 2000 21:51:34 +0300 Received: from torni.hel.fi.ssh.com (torni.hel.fi.ssh.com [10.1.0.43]) by ssh.com (8.9.3/8.9.3/SSH-1.16) with ESMTP id VAA27419 for ; Mon, 24 Jul 2000 21:51:34 +0300 (EEST) Received: (from sshlist@localhost) by torni.hel.fi.ssh.com (8.9.3/8.9.3/SSH-1.17) id VAA28582 for ietf-ssh@clinet.fi; Mon, 24 Jul 2000 21:51:34 +0300 (EET DST) Received: (from sjl@localhost) by asgard.tky.hut.fi (8.9.3/8.9.3) id RAA27009; Mon, 24 Jul 2000 17:58:58 +0300 From: Sami Lehtinen MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14716.22962.521316.19481@asgard.tky.hut.fi> Date: Mon, 24 Jul 2000 17:58:58 +0300 (EEST) To: RJ Atkinson Cc: ietf-ssh@clinet.fi, ylo@ssh.com Subject: Re: secsh meeting in pittsburgh: call for agenda items. In-Reply-To: <4.2.0.58.20000724103533.0096f550@avarice.inner.net> References: <14714.11307.410023.751051@asgard.tky.hut.fi> <200007201747.e6KHlfJ117017@thunk.east.sun.com> <87aefc23qq.fsf@snark.piermont.com> <4.2.0.58.20000724103533.0096f550@avarice.inner.net> X-Mailer: VM 6.72 under 21.1 (patch 10) "Capitol Reef" XEmacs Lucid Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 1879 Lines: 38 RJ Atkinson, on July 24. 2000, wrote: : Various folks (including my employer and its myriad : customers) have already SHIPPED and DEPLOYED SSHv2, therefore : changing the protocol on the wire is highly undesirable at : this point in time. If we are merely sending data that isn't : needed, but is not actually incorrect or harmful, we probably : ought not be changing the spec (and thereby removing what : interoperability exists at present). : : There are more than 3 implementers at this point, : so ALL changes ought to go through a normal IETF "propose to : the mailing list", "list discusses proposal", then "document : is changed if and only if there is clear consensus to make : the change" process. These have already been established, though I don't know whether you have access to those messages. The change hasn't yet been made, as the responsible person for this change (=me) was in vacation. : Generally speaking, the goal at this point ought to be : to AVOID changing the protocol, though updating documents to : reflect the as-built, as-shipped, as-deployed protocol would : obviously be useful and a good thing. If there is a specific : flaw in the currently specified protocol, then that ought to : be outlined before the WG (as a whole, not one or two individuals) : so the group collective can figure out how to proceed. Okay, let's see. LSH and OpenSSH and our SSH implementation (from v.2.2.0) follow the more "logical" style, ie. the length field is omitted. That means, if the draft isn't changed, atleast 3 implementors will have to change their implementation. -- [sjl@ssh.com -- Sami J. Lehtinen -- sjl@iki.fi] [work:+358 9 85657425][gsm:+358 50 5170 258][http://www.iki.fi/~sjl] [SSH Communications Security Corp http://www.ssh.com/] From owner-ietf-ssh@clinet.fi Mon Jul 24 19:09:54 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id TAA21425 for ; Mon, 24 Jul 2000 19:09:54 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id TAA14064 for ; Mon, 24 Jul 2000 19:09:53 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id SAA22626 for ietf-ssh-outgoing; Mon, 24 Jul 2000 18:06:12 +0300 Received: from inner.net (avarice.inner.net [199.33.248.2]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id SAA22621 for ; Mon, 24 Jul 2000 18:06:10 +0300 Received: from mosquito ([216.52.8.30]) by inner.net (8.7.6/8.9.3) with ESMTP id PAA20220; Mon, 24 Jul 2000 15:02:36 GMT Message-Id: <4.2.0.58.20000724105942.00973bf0@avarice.inner.net> X-Sender: rja@avarice.inner.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Mon, 24 Jul 2000 11:02:01 -0400 To: Sami Lehtinen From: RJ Atkinson Subject: Re: secsh meeting in pittsburgh: call for agenda items. Cc: ietf-ssh@clinet.fi In-Reply-To: <14716.22292.55071.340992@asgard.tky.hut.fi> References: <200007232156.AAA18723@torni.hel.fi.ssh.com> <200007201747.e6KHlfJ117017@thunk.east.sun.com> <87aefc23qq.fsf@snark.piermont.com> <14714.11307.410023.751051@asgard.tky.hut.fi> <4.2.0.58.20000723173237.0097b100@avarice.inner.net> <200007232156.AAA18723@torni.hel.fi.ssh.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 658 Lines: 20 At 10:47 24/07/00 , Sami Lehtinen wrote: >Also, the change has already been discussed here at length. If you >(RJ) have differing views, please post them to the list. I'll assume that those emails didn't reach me due to some SMTP weirdness. Any road, I haven't seen them. I've forgotten where the list archive lives, maybe someone can throw me a clue privately ? :-) I do object to changing the protocol on the wire because it adversely impacts what interoperability exists at present. I have commit access to an SSHv2 implementation that has already shipped and is in daily (hourly ?) use by customers. Ran rja@inet.org From owner-ietf-ssh@clinet.fi Mon Jul 24 19:26:05 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id TAA22435 for ; Mon, 24 Jul 2000 19:26:05 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id TAA15387 for ; Mon, 24 Jul 2000 19:26:03 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id SAA23894 for ietf-ssh-outgoing; Mon, 24 Jul 2000 18:22:29 +0300 Received: from inner.net (avarice.inner.net [199.33.248.2]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id SAA23891 for ; Mon, 24 Jul 2000 18:22:27 +0300 Received: from mosquito ([216.52.8.30]) by inner.net (8.7.6/8.9.3) with ESMTP id PAA20258; Mon, 24 Jul 2000 15:18:57 GMT Message-Id: <4.2.0.58.20000724111450.009e7c30@avarice.inner.net> X-Sender: rja@avarice.inner.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Mon, 24 Jul 2000 11:18:25 -0400 To: Sami Lehtinen From: RJ Atkinson Subject: Re: secsh meeting in pittsburgh: call for agenda items. Cc: ietf-ssh@clinet.fi In-Reply-To: <14716.22962.521316.19481@asgard.tky.hut.fi> References: <4.2.0.58.20000724103533.0096f550@avarice.inner.net> <14714.11307.410023.751051@asgard.tky.hut.fi> <200007201747.e6KHlfJ117017@thunk.east.sun.com> <87aefc23qq.fsf@snark.piermont.com> <4.2.0.58.20000724103533.0096f550@avarice.inner.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 859 Lines: 24 At 10:58 24/07/00 , Sami Lehtinen wrote: >Okay, let's see. LSH and OpenSSH and our SSH implementation (from >v.2.2.0) follow the more "logical" style, ie. the length field is >omitted. > >That means, if the draft isn't changed, atleast 3 implementors will >have to change their implementation. I'll rescind the objection if this is merely changing the document to reflect the majority of the running code (as the above seems to indicate). This was not clear in earlier comments that I have seen. Given that I'm not receiving all of the notes from the list and my other correspondents aren't indicating that they are having trouble reaching me, maybe we could migrate the list over to ietf.org ? This would also have the side-effect of making the list auto-archived with the archive accessible via web from www.ietf.org. Reactions ? Ran rja@inet.org From owner-ietf-ssh@clinet.fi Mon Jul 24 19:42:26 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id TAA23066 for ; Mon, 24 Jul 2000 19:42:25 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id TAA16561 for ; Mon, 24 Jul 2000 19:42:24 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id SAA25141 for ietf-ssh-outgoing; Mon, 24 Jul 2000 18:39:24 +0300 Received: from naughty.monkey.org (IDENT:smtp@naughty.monkey.org [63.77.239.20]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id SAA25136 for ; Mon, 24 Jul 2000 18:39:22 +0300 Received: by naughty.monkey.org (Postfix, from userid 1001) id C5633108686; Mon, 24 Jul 2000 11:39:20 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by naughty.monkey.org (Postfix) with ESMTP id C2300107740; Mon, 24 Jul 2000 11:39:20 -0400 (EDT) Date: Mon, 24 Jul 2000 11:39:20 -0400 (EDT) From: Dug Song To: Tatu Ylonen Cc: sommerfeld@east.sun.com, Sami Lehtinen , ietf-ssh@clinet.fi Subject: Re: secsh meeting in pittsburgh: call for agenda items. In-Reply-To: <200007232140.AAA16672@torni.hel.fi.ssh.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 552 Lines: 19 On Mon, 24 Jul 2000, Tatu Ylonen wrote: > I'm writing a draft on Kerberos V5 support in SSH2, and would like to > have a short presentation/discussion on that at the meeting. quick question - has any consideration been given to GSS as an authentication mechanism for SSH2? this is how krb5 support is actually implemented in FTP (via SASL), RPC (via RPCSEC_GSS), etc. the Globus folks have a GSS patch for ssh-1.2.27, if you're interested in how this might work: ftp://ftp.ncsa.uiuc.edu/aces/gssapi-ssh/ -d. --- http://www.monkey.org/~dugsong/ From owner-ietf-ssh@clinet.fi Mon Jul 24 20:42:59 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id UAA25748 for ; Mon, 24 Jul 2000 20:42:58 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id UAA20846 for ; Mon, 24 Jul 2000 20:42:57 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id TAA28899 for ietf-ssh-outgoing; Mon, 24 Jul 2000 19:26:14 +0300 Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id TAA28887 for ; Mon, 24 Jul 2000 19:26:13 +0300 Received: from eastmail1.East.Sun.COM ([129.148.1.240]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id JAA21537; Mon, 24 Jul 2000 09:25:55 -0700 (PDT) Received: from thunk.east.sun.com (thunk.East.Sun.COM [129.148.174.66]) by eastmail1.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v1.7) with ESMTP id MAA18003; Mon, 24 Jul 2000 12:23:07 -0400 (EDT) Received: from thunk.east.sun.com (localhost [127.0.0.1]) by thunk.east.sun.com (8.10.2+Sun/8.10.2) with ESMTP id e6OGMjS100462; Mon, 24 Jul 2000 12:22:45 -0400 (EDT) Message-Id: <200007241622.e6OGMjS100462@thunk.east.sun.com> From: Bill Sommerfeld To: Sami Lehtinen cc: "Richard E. Silverman" , SECSH Discussion List Subject: Re: "ssh-rsa" public-key type In-reply-to: Your message of "Sat, 17 Jun 2000 02:36:45 +0300." <14666.47629.645249.255747@asgard.tky.hut.fi> Reply-to: sommerfeld@east.sun.com Date: Mon, 24 Jul 2000 12:22:45 -0400 Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 801 Lines: 23 > "ssh-rsa" is supposed to be added to the draft as soon as the patent > expires. There's no particular reason to do this; certainly the patent issues have not stopped other wg's from publishing specs for how to use RSA encryption/signatures. As far as I'm concerned, the time to add this to the draft is right now. Even if you're concerned about patent issues, given the built-in time delays in the last-calls, IESG queue, and RFC Editor queue, etc., etc. if we were to start the WG last-call on the documents right now, there's no way they'd be published as RFC's until after the patent expiration. If the final spec differs from existing practice, we may need to change the name of the "ssh-rsa" to avoid interoperability problems with existing implementations. Other opinions? - Bill From owner-ietf-ssh@clinet.fi Mon Jul 24 23:15:19 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id XAA03359 for ; Mon, 24 Jul 2000 23:15:19 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id XAA01582 for ; Mon, 24 Jul 2000 23:15:18 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id VAA07377 for ietf-ssh-outgoing; Mon, 24 Jul 2000 21:52:24 +0300 Received: from ssh.com (fw.hel.fi.ssh.com [193.64.193.124]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id VAA07371 for ; Mon, 24 Jul 2000 21:52:23 +0300 Received: from torni.hel.fi.ssh.com (torni.hel.fi.ssh.com [10.1.0.43]) by ssh.com (8.9.3/8.9.3/SSH-1.16) with ESMTP id VAA27428 for ; Mon, 24 Jul 2000 21:52:23 +0300 (EEST) Received: (from sshlist@localhost) by torni.hel.fi.ssh.com (8.9.3/8.9.3/SSH-1.17) id VAA28463 for ietf-ssh@clinet.fi; Mon, 24 Jul 2000 21:52:23 +0300 (EET DST) Received: from anl.gov (apollo.ctd.anl.gov [146.137.96.39]) by achilles.ctd.anl.gov (8.9.1a/8.9.1) with ESMTP id NAA24787; Mon, 24 Jul 2000 13:07:28 -0500 (CDT) Message-ID: <397C85D1.EA497FF3@anl.gov> Date: Mon, 24 Jul 2000 13:07:13 -0500 From: "Douglas E. Engert" Reply-To: deengert@anl.gov Organization: Argonne National Laboratory X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Tatu Ylonen CC: sommerfeld@east.sun.com, Sami Lehtinen , ietf-ssh@clinet.fi Subject: Re: secsh meeting in pittsburgh: call for agenda items. References: <87aefc23qq.fsf@snark.piermont.com> <200007201747.e6KHlfJ117017@thunk.east.sun.com> <14714.11307.410023.751051@asgard.tky.hut.fi> <200007232140.AAA16672@torni.hel.fi.ssh.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 2010 Lines: 59 Tatu Ylonen wrote: > > I'm writing a draft on Kerberos V5 support in SSH2, and would like to > have a short presentation/discussion on that at the meeting. Have you also considered a GSSAPI authenticaiton, rather then Kerberos directly? (We talked breifly at the RSA conference last spring on this.) Would you also like to say a few words at the new Kerberos WG on Wednesday 1530? Let me know if you would. > > The general idea is very simple: > > Two new authentication methods, "kerberos" and "kerberos-tgt", plus > allowing the user name passed in the authentication protocol to be in > the form "@", in addition to just user name. > > The "kerberos" method passes a "host" ticket, whereas the > "kerberos-tgt" passes a ticket granting ticket. The only > method-specific field in the authentication packets is a string > containing the ticket. > > If "user@realm" syntax is used for the user name, it should be mapped > to a local name. > > The "password" method should also check for kerberos passwords. > > If successfully authenticating using either "kerberos-tgt" or > "password" (using kerberos passwords), the ticket granting ticket > should be stored in the user's credentials cache (as if kinit had been > done for the user). > > I should have the draft ready in a couple of days (or maybe even later > today), and I will send it to this list before the IETF. > > Tatu > > -- > SSH Communications Security http://www.ssh.com/ > SSH IPSEC Toolkit http://www.ipsec.com/ > SSH(R) Secure Shell(TM) http://www.ssh.com/ssh > > Jeffrey Altman * Sr.Software Designer > The Kermit Project * Columbia University > 612 West 115th St * New York, NY * 10025 * USA > http://www.kermit-project.org/ * kermit-support@kermit-project.org -- Douglas E. Engert Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 From owner-ietf-ssh@clinet.fi Mon Jul 24 23:13:44 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id XAA03254 for ; Mon, 24 Jul 2000 23:13:43 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id XAA01538 for ; Mon, 24 Jul 2000 23:13:42 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id VAA07886 for ietf-ssh-outgoing; Mon, 24 Jul 2000 21:58:01 +0300 Received: from citi.umich.edu (citi.umich.edu [141.211.92.141]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id VAA07881 for ; Mon, 24 Jul 2000 21:57:59 +0300 Received: from citi.umich.edu (ssh-mapper.citi.umich.edu [141.211.92.147]) by citi.umich.edu (Postfix) with ESMTP id B1DE3207C1; Mon, 24 Jul 2000 14:57:52 -0400 (EDT) Subject: Re: secsh meeting in pittsburgh: call for agenda items. From: Niels Provos In-Reply-To: Bill Sommerfeld, Thu, 20 Jul 2000 13:47:41 EDT To: sommerfeld@east.sun.com Cc: ietf-ssh@clinet.fi Date: Mon, 24 Jul 2000 14:57:52 -0400 Message-Id: <20000724185752.B1DE3207C1@citi.umich.edu> Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 493 Lines: 13 In message <200007201747.e6KHlfJ117017@thunk.east.sun.com>, Bill Sommerfeld wri tes: >We need an agenda for the meeting, so I'll shortly be going through >back traffic to this mailing list looking for any open issues/problems Markus Friedl, Bill Simpson and I authored a draft on "Diffie-Hellman Group Exchange for the SSH Transport Layer Protocol" It is available as draft-provos-secsh-dh-group-exchange-00.txt, and we would like the working group to consider it. Regards, Niels Provos. From owner-ietf-ssh@clinet.fi Tue Jul 25 02:38:04 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id CAA11234 for ; Tue, 25 Jul 2000 02:38:04 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id CAA11881 for ; Tue, 25 Jul 2000 02:38:03 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id BAA19327 for ietf-ssh-outgoing; Tue, 25 Jul 2000 01:36:21 +0300 Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id BAA19324 for ; Tue, 25 Jul 2000 01:36:19 +0300 Received: from eastmail2.East.Sun.COM ([129.148.1.241]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id PAA23324 for ; Mon, 24 Jul 2000 15:36:17 -0700 (PDT) Received: from thunk.east.sun.com (thunk.East.Sun.COM [129.148.174.66]) by eastmail2.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v1.7) with ESMTP id SAA23719 for ; Mon, 24 Jul 2000 18:36:16 -0400 (EDT) Received: from thunk.east.sun.com (localhost [127.0.0.1]) by thunk.east.sun.com (8.10.2+Sun/8.10.2) with ESMTP id e6OMZsS100807 for ; Mon, 24 Jul 2000 18:35:54 -0400 (EDT) Message-Id: <200007242235.e6OMZsS100807@thunk.east.sun.com> From: Bill Sommerfeld To: ietf-ssh@clinet.fi Subject: multiple implementations.. In-reply-to: Your message of "Mon, 24 Jul 2000 10:41:29 EDT." <4.2.0.58.20000724103533.0096f550@avarice.inner.net> Reply-to: sommerfeld@east.sun.com Date: Mon, 24 Jul 2000 18:35:54 -0400 Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 774 Lines: 19 {working group chair hat on}: while this isn't the case for the change which sparked this (there appears to be consensus that the proposed change to delete the duplicate length field is appropriate), I'll underline what Ran just said: There are more than 3 implementers at this point, so ALL changes ought to go through a normal IETF "propose to the mailing list", "list discusses proposal", then "document is changed if and only if there is clear consensus to make the change" process. I am personally aware of several other sshv2 implementations besides the 3 everyone knows about (SSH, Inc, LSH, and openssh). I'm sure there are others; it would be useful to hear from other SSHv2 protocol implementors if they have something to say.. - Bill From owner-ietf-ssh@clinet.fi Tue Jul 25 02:39:16 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id CAA11252 for ; Tue, 25 Jul 2000 02:39:16 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id CAA11897 for ; Tue, 25 Jul 2000 02:39:15 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id BAA19417 for ietf-ssh-outgoing; Tue, 25 Jul 2000 01:38:50 +0300 Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id BAA19414 for ; Tue, 25 Jul 2000 01:38:49 +0300 Received: from eastmail2.East.Sun.COM ([129.148.1.241]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id PAA24347; Mon, 24 Jul 2000 15:38:41 -0700 (PDT) Received: from thunk.east.sun.com (thunk.East.Sun.COM [129.148.174.66]) by eastmail2.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v1.7) with ESMTP id SAA24120; Mon, 24 Jul 2000 18:38:40 -0400 (EDT) Received: from thunk.east.sun.com (localhost [127.0.0.1]) by thunk.east.sun.com (8.10.2+Sun/8.10.2) with ESMTP id e6OMcIS100825; Mon, 24 Jul 2000 18:38:18 -0400 (EDT) Message-Id: <200007242238.e6OMcIS100825@thunk.east.sun.com> From: Bill Sommerfeld To: Tatu Ylonen cc: sommerfeld@east.sun.com, Sami Lehtinen , ietf-ssh@clinet.fi Subject: Re: secsh meeting in pittsburgh: call for agenda items. In-reply-to: Your message of "Mon, 24 Jul 2000 00:40:13 +0300." <200007232140.AAA16672@torni.hel.fi.ssh.com> Reply-to: sommerfeld@east.sun.com Date: Mon, 24 Jul 2000 18:38:18 -0400 Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 318 Lines: 9 > I should have the draft ready in a couple of days (or maybe even later > today), and I will send it to this list before the IETF. Since we're already past the internet-drafts deadline for this meeting, there's no need to go to extreme lengths to rush this out the door before the pittsburgh meeting.. - Bill From owner-ietf-ssh@clinet.fi Tue Jul 25 07:09:08 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id HAA25347 for ; Tue, 25 Jul 2000 07:09:08 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id HAA22055 for ; Tue, 25 Jul 2000 07:09:07 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id GAA30914 for ietf-ssh-outgoing; Tue, 25 Jul 2000 06:13:24 +0300 Received: from taka.swcp.com (taka.swcp.com [198.59.115.12]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id GAA30910 for ; Tue, 25 Jul 2000 06:13:22 +0300 Received: from viper2 (dpm4-04.swcp.com [204.134.5.197]) by taka.swcp.com (8.10.0.Beta12/8.10.0.Beta12) with SMTP id e6P3J7H06950 for ; Mon, 24 Jul 2000 21:19:07 -0600 (MDT) Message-ID: <000401bff5e8$a4261440$0201a8c0@vandyke.com> From: "Jeff P. Van Dyke" To: References: <200007201747.e6KHlfJ117017@thunk.east.sun.com> Subject: Re: secsh meeting in pittsburgh: call for agenda items. Date: Mon, 24 Jul 2000 21:29:58 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 739 Lines: 33 Bill Sommerfeld, on July 20. 2000, wrote: > Now would be a good time for folks to do a careful review of the four > existing drafts: > > draft-ietf-secsh-architecture-05.txt > draft-ietf-secsh-transport-07.txt > draft-ietf-secsh-userauth-07.txt > draft-ietf-secsh-connect-07.txt draft-ietf-secsh-connect-07.txt currently includes a reference to SSH-AGENT: 4.4. Authentication Agent Forwarding It is RECOMMENDED that authentication agent forwarding is allowed even when either or both parties do not support the SSH authentication agent protocol [SSH-AGENT]. Does this document exist? Is so, where can I download a copy? If not, what are the current plans to address this? Thank you. Jeff P. Van Dyke jpv@vandyke.com From owner-ietf-ssh@clinet.fi Tue Jul 25 07:53:07 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id HAA27820 for ; Tue, 25 Jul 2000 07:53:07 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id HAA24332 for ; Tue, 25 Jul 2000 07:52:57 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id GAA32303 for ietf-ssh-outgoing; Tue, 25 Jul 2000 06:51:44 +0300 Received: from taka.swcp.com (taka.swcp.com [198.59.115.12]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id GAA32300 for ; Tue, 25 Jul 2000 06:51:43 +0300 Received: from viper2 (dpm4-04.swcp.com [204.134.5.197]) by taka.swcp.com (8.10.0.Beta12/8.10.0.Beta12) with SMTP id e6P3vSH13234 for ; Mon, 24 Jul 2000 21:57:28 -0600 (MDT) Message-ID: <009001bff5ed$ff93bdf0$0201a8c0@vandyke.com> From: "Jeff P. Van Dyke" To: References: <200007241622.e6OGMjS100462@thunk.east.sun.com> Subject: Re: "ssh-rsa" public-key type Date: Mon, 24 Jul 2000 22:08:19 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 939 Lines: 31 > > "ssh-rsa" is supposed to be added to the draft as soon as the patent > > expires. > > There's no particular reason to do this; certainly the patent issues > have not stopped other wg's from publishing specs for how to use RSA > encryption/signatures. > > As far as I'm concerned, the time to add this to the draft is right > now. > > Even if you're concerned about patent issues, given the built-in time > delays in the last-calls, IESG queue, and RFC Editor queue, etc., etc. > if we were to start the WG last-call on the documents right now, > there's no way they'd be published as RFC's until after the patent > expiration. > > If the final spec differs from existing practice, we may need to > change the name of the "ssh-rsa" to avoid interoperability problems > with existing implementations. > > Other opinions? I would like to see "ssh-rsa" added to the next revision of the draft. Jeff P. Van Dyke jpv@vandyke.com From owner-ietf-ssh@clinet.fi Tue Jul 25 10:31:47 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id KAA05551 for ; Tue, 25 Jul 2000 10:31:46 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id KAA06833 for ; Tue, 25 Jul 2000 10:31:45 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id IAA04987 for ietf-ssh-outgoing; Tue, 25 Jul 2000 08:23:53 +0300 Received: from nimbus.anzio.com (IDENT:ras@nimbus.anzio.com [204.201.253.34]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id IAA04981 for ; Tue, 25 Jul 2000 08:23:51 +0300 Received: from localhost (ras@localhost) by nimbus.anzio.com (8.8.7/8.8.7) with ESMTP id WAA01562 for ; Mon, 24 Jul 2000 22:22:06 -0700 Date: Mon, 24 Jul 2000 22:22:05 -0700 (PDT) From: Bob Rasmussen To: ietf-ssh@clinet.fi Subject: Getting started with SSH Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 667 Lines: 24 Greetings, Since I'm about to dive headlong into SSH, I wonder if some of you folks could answer a couple of basic questions: 1. Is the SSH protocol 1 published anywhere, online or onpaper? 2. Where is information about this meeting in Pittsburg? 3. Would anyone care to summarize the status of trademark, patent, copyright, etc. issues re. version 1; version 2? Thanks in advance. -- Regards, ....Bob Rasmussen, President, Rasmussen Software, Inc. personal e-mail: ras@anzio.com company e-mail: rsi@anzio.com voice: (US) 503-624-0360 (9:00-6:00 Pacific Time) fax: (US) 503-624-0760 web: http://www.anzio.com From owner-ietf-ssh@clinet.fi Tue Jul 25 19:37:27 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id TAA24313 for ; Tue, 25 Jul 2000 19:37:27 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id TAA24150 for ; Tue, 25 Jul 2000 19:37:26 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id SAA13109 for ietf-ssh-outgoing; Tue, 25 Jul 2000 18:19:41 +0300 Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id SAA13104 for ; Tue, 25 Jul 2000 18:19:36 +0300 Received: from eastmail1.East.Sun.COM ([129.148.1.240]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id IAA12184 for ; Tue, 25 Jul 2000 08:19:25 -0700 (PDT) Received: from thunk.east.sun.com (thunk.East.Sun.COM [129.148.174.66]) by eastmail1.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v1.7) with ESMTP id LAA13453; Tue, 25 Jul 2000 11:19:21 -0400 (EDT) Received: from thunk.east.sun.com (localhost [127.0.0.1]) by thunk.east.sun.com (8.10.2+Sun/8.10.2) with ESMTP id e6PFIxS101060; Tue, 25 Jul 2000 11:18:59 -0400 (EDT) Message-Id: <200007251518.e6PFIxS101060@thunk.east.sun.com> From: Bill Sommerfeld To: "Jeff P. Van Dyke" cc: ietf-ssh@clinet.fi Subject: authentication agent forwarding. In-reply-to: Your message of "Mon, 24 Jul 2000 21:29:58 MDT." <000401bff5e8$a4261440$0201a8c0@vandyke.com> Reply-to: sommerfeld@east.sun.com Date: Tue, 25 Jul 2000 11:18:58 -0400 Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 918 Lines: 26 > draft-ietf-secsh-connect-07.txt currently includes a reference to > SSH-AGENT: > > 4.4. Authentication Agent Forwarding > > It is RECOMMENDED that authentication agent forwarding is allowed even > when either or both parties do not support the SSH authentication agent > protocol [SSH-AGENT]. Good catch. There's also a reference to agent forwarding in the architecture draft. >From a process standpoint, we cannot have unresolved external references in the document.. this reference needs to be resolved, or the refererences removed from the documents, before they can be advanced into the standards track. My personal opinion is that there should be a fifth draft to describe the SSHv2 authentication agent forwarding protocol, plus external references to the SSHv1 agent protocol. > If not, what are the current plans to address this? The document editors will need to answer this. - Bill From owner-ietf-ssh@clinet.fi Wed Jul 26 18:41:43 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id SAA21190 for ; Wed, 26 Jul 2000 18:41:43 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id SAA26409 for ; Wed, 26 Jul 2000 18:41:42 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id RAA01963 for ietf-ssh-outgoing; Wed, 26 Jul 2000 17:18:40 +0300 Received: from ssh.com (fw.hel.fi.ssh.com [193.64.193.124]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id RAA01957 for ; Wed, 26 Jul 2000 17:18:40 +0300 Received: from torni.hel.fi.ssh.com (torni.hel.fi.ssh.com [10.1.0.43]) by ssh.com (8.9.3/8.9.3/SSH-1.16) with ESMTP id RAA12386 for ; Wed, 26 Jul 2000 17:18:40 +0300 (EEST) Received: (from sshlist@localhost) by torni.hel.fi.ssh.com (8.9.3/8.9.3/SSH-1.17) id RAA29872 for ietf-ssh@clinet.fi; Wed, 26 Jul 2000 17:18:39 +0300 (EET DST) Received: (from jhm@localhost) by picard.cistron.nl (8.9.3/8.9.3/Debian 8.9.3-6) id SAA01511 for ietf-ssh@clinet.fi; Tue, 25 Jul 2000 18:48:43 +0200 Date: Tue, 25 Jul 2000 18:48:43 +0200 From: "J.H.M. Dassen (Ray)" To: ietf-ssh@clinet.fi Subject: Re: Getting started with SSH Message-ID: <20000725184843.A647@cistron.nl> Mail-Followup-To: ietf-ssh@clinet.fi References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii User-Agent: Mutt/1.0.1i In-Reply-To: ; from ras@anzio.com on Mon, Jul 24, 2000 at 10:22:05PM -0700 Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 1652 Lines: 40 On Mon, Jul 24, 2000 at 22:22:05 -0700, Bob Rasmussen wrote: > Since I'm about to dive headlong into SSH, I wonder if some of you folks > could answer a couple of basic questions: > > 1. Is the SSH protocol 1 published anywhere, online or onpaper? The SSH1 source, e.g. OpenSSH's, includes a draft protocol in nroff format. > 3. Would anyone care to summarize the status of trademark, patent, > copyright, etc. issues re. version 1; version 2? Please distinguish between the protocol and the implementation. Depending on your location, there may be patent issues regarding the RSA and IDEA algorithms used by SSH1. (RSA is primarily a problem in the US; IDEA primarily in Europe). The SSH2 protocol has been designed so as not to require use of patented algorithms (IIRC, it requires Diffie-Helman rather than RSA and an unencumbered block cipher (3DES?) rather than IDEA). The copyright status varies per implementation: neither SSH1 nor SSH2 are free software (in the Debian/GNU/OpenSource sense). OpenSSH is a free software implementation of the SSH1 protocol for Un*x systems that has recently been modified to handle the SSH2 protocol as well. lsh is a free software implementation of the SSH2 protocol for Un*x systems. PuTTY is a free software implementation of the SSH1 protocol for MS-Windows systems. There are several other implementations; I'm unfamiliar with their licensing terms. HTH, Ray -- UNFAIR Term applied to advantages enjoyed by other people which we tried to cheat them out of and didn't manage. See also DISHONESTY, SNEAKY, UNDERHAND and JUST LUCKY I GUESS. - The Hipcrime Vocab by Chad C. Mulligan From owner-ietf-ssh@clinet.fi Tue Jul 25 23:59:49 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id XAA06067 for ; Tue, 25 Jul 2000 23:59:49 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id XAA10338 for ; Tue, 25 Jul 2000 23:59:43 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id WAA27622 for ietf-ssh-outgoing; Tue, 25 Jul 2000 22:36:38 +0300 Received: from gungnir.fnal.gov (gungnir.fnal.gov [131.225.80.1]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id WAA27619 for ; Tue, 25 Jul 2000 22:36:34 +0300 Received: from gungnir.fnal.gov (localhost [127.0.0.1]) by gungnir.fnal.gov (8.9.1/8.9.1) with ESMTP id OAA25809; Tue, 25 Jul 2000 14:36:19 -0500 (CDT) Message-Id: <200007251936.OAA25809@gungnir.fnal.gov> To: Tatu Ylonen Cc: sommerfeld@east.sun.com, Sami Lehtinen , ietf-ssh@clinet.fi From: "Matt Crawford" Subject: Re: secsh meeting in pittsburgh: call for agenda items. In-reply-to: Your message of Mon, 24 Jul 2000 00:40:13 +0300. <200007232140.AAA16672@torni.hel.fi.ssh.com> Date: Tue, 25 Jul 2000 14:36:18 -0500 Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 1149 Lines: 26 > The "kerberos" method passes a "host" ticket, whereas the > "kerberos-tgt" passes a ticket granting ticket. The only > method-specific field in the authentication packets is a string > containing the ticket. OK, I'm stumped. How does the ssh server check the validity of a TGT? By getting a host ticket for itself from the KDC? Then it must have a sverice principal. And if it has that, why not just require the client to get the host-specific service ticket first? It already had to do a TGS exchange with the KDC in order to "forward" the TGT. It looks like you're encouraging the client to pass its credential to a server it can't have authenticated (by Kerberos) yet. > If successfully authenticating using either "kerberos-tgt" or > "password" (using kerberos passwords), the ticket granting ticket > should be stored in the user's credentials cache (as if kinit had been > done for the user). Can't you provide a way for the client to *optionally* forward its TGT after mutual client-server authentication has been done? Matt Crawford (Now I'll have to look at the ietf-ssh archive to see if this has already been answered.) From owner-ietf-ssh@clinet.fi Wed Jul 26 01:10:06 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id BAA09741 for ; Wed, 26 Jul 2000 01:10:06 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id BAA14040 for ; Wed, 26 Jul 2000 01:10:05 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id XAA31746 for ietf-ssh-outgoing; Tue, 25 Jul 2000 23:50:33 +0300 Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id XAA31734 for ; Tue, 25 Jul 2000 23:50:31 +0300 Received: from eastmail1.East.Sun.COM ([129.148.1.240]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id NAA29912 for ; Tue, 25 Jul 2000 13:50:29 -0700 (PDT) Received: from thunk.east.sun.com (thunk.East.Sun.COM [129.148.174.66]) by eastmail1.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v1.7) with ESMTP id QAA01027 for ; Tue, 25 Jul 2000 16:50:28 -0400 (EDT) Received: from thunk.east.sun.com (localhost [127.0.0.1]) by thunk.east.sun.com (8.10.2+Sun/8.10.2) with ESMTP id e6PKo6S103405 for ; Tue, 25 Jul 2000 16:50:06 -0400 (EDT) Message-Id: <200007252050.e6PKo6S103405@thunk.east.sun.com> From: Bill Sommerfeld To: ietf-ssh@clinet.fi Subject: we now have a mail archive. Reply-to: sommerfeld@east.sun.com Date: Tue, 25 Jul 2000 16:50:06 -0400 Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 398 Lines: 13 This WG has been without a mailing list archive for a while; this has now been corrected. Posts to this list sent on or after 21 July 2000 are now archived in files within: ftp://ftp.ietf.org/ietf-mail-archive/secsh/ If anyone has been privately archiving the list, I'd appreciate it if you can make your archive available so that we can fill in the history of the group. Thanks. - Bill From owner-ietf-ssh@clinet.fi Wed Jul 26 03:10:54 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id DAA13518 for ; Wed, 26 Jul 2000 03:10:53 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id DAA18970 for ; Wed, 26 Jul 2000 03:10:52 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id BAA05439 for ietf-ssh-outgoing; Wed, 26 Jul 2000 01:54:33 +0300 Received: from folly.informatik.uni-erlangen.de (muedi6-212-144-216-028.arcor-ip.net [212.144.216.28]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id BAA05432 for ; Wed, 26 Jul 2000 01:54:20 +0300 Received: by folly.informatik.uni-erlangen.de (Postfix, from userid 31451) id 0283314C9; Wed, 26 Jul 2000 00:49:58 +0200 (CEST) Date: Wed, 26 Jul 2000 00:49:58 +0200 From: Markus Friedl To: RJ Atkinson Cc: Sami Lehtinen , ietf-ssh@clinet.fi Subject: Re: secsh meeting in pittsburgh: call for agenda items. Message-ID: <20000726004958.E25606@folly.informatik.uni-erlangen.de> References: <200007232156.AAA18723@torni.hel.fi.ssh.com> <200007201747.e6KHlfJ117017@thunk.east.sun.com> <87aefc23qq.fsf@snark.piermont.com> <14714.11307.410023.751051@asgard.tky.hut.fi> <4.2.0.58.20000723173237.0097b100@avarice.inner.net> <200007232156.AAA18723@torni.hel.fi.ssh.com> <14716.22292.55071.340992@asgard.tky.hut.fi> <4.2.0.58.20000724105942.00973bf0@avarice.inner.net> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="z6Eq5LdranGa6ru8" Content-Transfer-Encoding: 8bit X-Mailer: Mutt 1.0.1i In-Reply-To: <4.2.0.58.20000724105942.00973bf0@avarice.inner.net>; from rja@inet.org on Mon, Jul 24, 2000 at 11:02:01AM -0400 Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 4829 Lines: 138 --z6Eq5LdranGa6ru8 Content-Type: text/plain; charset=us-ascii On Mon, Jul 24, 2000 at 11:02:01AM -0400, RJ Atkinson wrote: > I do object to changing the protocol on the wire because > it adversely impacts what interoperability exists at present. i don't consider this a 'change of the protocol on the wire'. the current draft is just ambiguous and inconsistent, see my previous e-mail. -markus --z6Eq5LdranGa6ru8 Content-Type: message/rfc822 Content-Transfer-Encoding: 8bit Date: Mon, 22 May 2000 00:13:41 +0200 From: Markus Friedl To: =?iso-8859-1?Q?Niels_M=F6ller?= Cc: ietf-ssh@clinet.fi, psst@net.lut.ac.uk, Sami Lehtinen , niels@openbsd.org, deraadt@openbsd.org Subject: Re: ssh-dss signatures Message-ID: <20000522001341.A360@folly.informatik.uni-erlangen.de> References: Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Mailer: Mutt 1.0.1i In-Reply-To: ; from nisse@lysator.liu.se on Sun, May 21, 2000 at 10:26:35PM +0200 Hello, On Sun, May 21, 2000 at 10:26:35PM +0200, Niels Möller wrote: > Sami Lehtinen notified me of a bug in LSH's implementation of ssh-dss > signatures. As I would like to have my interpretation of the spec > confirmed, and as I suspect that also openssh may have the same > problem (as it manages to interoperate with LSH), I'm writing to the > WG list. > > The transport draft, draft-ietf-secsh-transport-07.txt, defines an > ssh-dss signature as > > uint32 length > string "ssh-dss" > string dss_signature_blob The first field is omitted by OpenSSH as well as by SecureCRT and from my experiments with other implementations of SSH2 it seems that ssh-2.1.0 and ssh-2.0.13 both omit everything but dss_signature_blob not even the size of the dss_signature_blob is included. IMHO, the redundant field uint32 length seems inconsistent with the overall design of all other parts of the SSH2 specification so I would strongly support the change of the signature specification to string "ssh-dss" string dss_signature_blob Moreover, from reading the drafts now again it seems to me that the above mentioned (redundant) uint32 length is identical to the uint32 length field from the "string signature of H". Similar to this is the definition for "ssh-dss" from the same transport draft: uint32 length string "ssh-dss" mpint p mpint q mpint g mpint y In all implementations that I could test (ssh-2.1.0, ssh-2.0.13, lsh, SecureCRT, OpenSSH) the specified (redundant) length field is _never_ sent across the wire. e.g., in SSH_MSG_KEXDH_REPLY length field from the string string K_S, the host key is again identical to the length field from the "ssh-dss" definition. > The problem is the first field, which LSH omits. The signature is used > for instance inside the SSH_MSG_KEXDH_REPLY message, > > byte SSH_MSG_KEXDH_REPLY > string server public host key and certificates (K_S) > mpint f > string signature of H > > In LSH, this message looks something like this: > > SSH_MSG_KEXDH_REPLY (byte) > length of host key (uint32) > host key data (byte array) > length of f > digits of f > * length of signature (i.e. all below) > 7 (length of "ssh-dss") > "ssh-dss" (7 bytes) > length of signature blob (usually 40, and always even) > r digits (usually 20 bytes) > s digits (usually 20 bytes, but always the same length as for r) This is the same encoding OpenSSH generates and expects. SecureCRT expects the same format and it seems consistent with there overall design (there is never a explicit length field, only 'string'-type data has length fileds). And again: I would strongly favour the removal of the redundant length fields from the drafts since: 1) They are not usefull at all. Why should n bytes of data be encoded as: uint32 n+4 uint32 n n bytes data 2) There is no public implementation of the drafts that includes the redundant length field so 3) Requiring the length field breaks all public implementations of the drafts. This would hurt the acceptance of SSH2 much, since it adds yet another layer of incompatibility. > The extra length field is totally redundant here (and I believe it is > equally redundant in all other places where an ssh-dss signature is > used). I'm about to add it in LSH now, in order to comply with the > draft, but I would also like the WG to give some consideration to > removing the redundant length field in the definition of the ssh-dss > signature. As I said before, I see no reason why the length field is in the drafts and I even think it refers to the length field from the string encoding. -markus --z6Eq5LdranGa6ru8-- From owner-ietf-ssh@clinet.fi Wed Jul 26 03:31:40 2000 Return-Path: Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45]) by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id DAA14538 for ; Wed, 26 Jul 2000 03:31:40 +0200 (MET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id DAA19730 for ; Wed, 26 Jul 2000 03:31:39 +0200 (MET DST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id CAA06865 for ietf-ssh-outgoing; Wed, 26 Jul 2000 02:19:49 +0300 Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id CAA06862 for ; Wed, 26 Jul 2000 02:19:47 +0300 Received: from eastmail1.East.Sun.COM ([129.148.1.240]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id QAA00684 for ; Tue, 25 Jul 2000 16:19:43 -0700 (PDT) Received: from thunk.east.sun.com (thunk.East.Sun.COM [129.148.174.66]) by eastmail1.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v1.7) with ESMTP id TAA24340; Tue, 25 Jul 2000 19:19:36 -0400 (EDT) Received: from thunk.east.sun.com (localhost [127.0.0.1]) by thunk.east.sun.com (8.10.2+Sun/8.10.2) with ESMTP id e6PNJDS103611; Tue, 25 Jul 2000 19:19:13 -0400 (EDT) Message-Id: <200007252319.e6PNJDS103611@thunk.east.sun.com> From: Bill Sommerfeld To: Niels Provos cc: sommerfeld@east.sun.com, ietf-ssh@clinet.fi Subject: Re: secsh meeting in pittsburgh: call for agenda items. In-reply-to: Your message of "Mon, 24 Jul 2000 14:57:52 EDT." <20000724185752.B1DE3207C1@citi.umich.edu> Reply-to: sommerfeld@east.sun.com Date: Tue, 25 Jul 2000 19:19:13 -0400 Sender: owner-ietf-ssh@clinet.fi Precedence: bulk Content-Length: 1001 Lines: 24 > Markus Friedl, Bill Simpson and I authored a draft on > > "Diffie-Hellman Group Exchange for the SSH Transport Layer Protocol" > > It is available as draft-provos-secsh-dh-group-exchange-00.txt, and > we would like the working group to consider it. The document starts with the statement: This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026, except that the right to produce derivative works is not granted. Given that derivative works may not be produced, this document cannot form the basis of a potential standards track document, and it would thus not be appropriate to devote meeting time to discussing it. If there is other interest in this area, I can set aside some time for general discussion of DH parameter negotiation within the SSHv2 protocol, but unless you and your co-authors agree to change this clause in your document, someone else will have to write a new draft which is not derived from yours. - Bill