IETF Logo Mail Archive

Re: [saag] Using ED25519 in SSHFP Resource Records - draft-moonesamy-sshfp-ed25519-01

Tony Finch <dot@dotat.at> Fri, 28 March 2014 19:07 UTC

Return-Path: <fanf2@hermes.cam.ac.uk>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33CD31A078A for <saag@ietfa.amsl.com>; Fri, 28 Mar 2014 12:07:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wJDLRL2lI2jc for <saag@ietfa.amsl.com>; Fri, 28 Mar 2014 12:07:10 -0700 (PDT)
Received: from ppsw-41.csi.cam.ac.uk (ppsw-41-v6.csi.cam.ac.uk [IPv6:2001:630:212:8::e:f41]) by ietfa.amsl.com (Postfix) with ESMTP id 1A5721A094E for <saag@ietf.org>; Fri, 28 Mar 2014 12:07:09 -0700 (PDT)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Received: from hermes-1.csi.cam.ac.uk ([131.111.8.51]:40711) by ppsw-41.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.157]:25) with esmtpa (EXTERNAL:fanf2) id 1WTc78-0000ZZ-RA (Exim 4.82_3-c0e5623) (return-path <fanf2@hermes.cam.ac.uk>); Fri, 28 Mar 2014 19:06:50 +0000
Received: from fanf2 by hermes-1.csi.cam.ac.uk (hermes.cam.ac.uk) with local id 1WTc78-0000Eo-BS (Exim 4.72) (return-path <fanf2@hermes.cam.ac.uk>); Fri, 28 Mar 2014 19:06:50 +0000
Date: Fri, 28 Mar 2014 19:06:50 +0000
From: Tony Finch <dot@dotat.at>
X-X-Sender: fanf2@hermes-1.csi.cam.ac.uk
To: S Moonesamy <sm+ietf@elandsys.com>
In-Reply-To: <6.2.5.6.2.20140327104428.0d056f58@resistor.net>
Message-ID: <alpine.LSU.2.00.1403281857280.31260@hermes-1.csi.cam.ac.uk>
References: <6.2.5.6.2.20140204112023.0aec4c90@elandsys.com> <23AC0B40-66B5-468C-B96D-17B52F1F42A4@checkpoint.com> <530A45F8.1010202@cs.tcd.ie> <530AB805.1060308@redhat.com> <6.2.5.6.2.20140327104428.0d056f58@resistor.net>
User-Agent: Alpine 2.00 (LSU 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: Tony Finch <fanf2@hermes.cam.ac.uk>
Archived-At: http://mailarchive.ietf.org/arch/msg/saag/rFzvbu4d0nav8ZS-_mrL7Mv5YyE
Cc: saag@ietf.org
Subject: Re: [saag] Using ED25519 in SSHFP Resource Records - draft-moonesamy-sshfp-ed25519-01
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Mar 2014 19:07:12 -0000

> http://tools.ietf.org/html/draft-moonesamy-sshfp-ed25519-01

Excellent. This document fills a notable gap.

> I'll submit another draft for specifying SHA-256 in general.  There would have
> to be some guidance about not using SHA-1.

Ace.

On a tangent...

Do you know what the situation is wrt standardized ssh certificate
authentication? A colleague of mine found an awkward interop bug in
OpenSSH which allows a server offering certificate authentication to
make the client skip SSHFP authentication.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
Trafalgar: Cyclonic 5 to 7, occasionally gale 8 in west, becoming variable 3
or 4 later in east. Very rough in west, otherwise moderate or rough. Rain or
showers. Moderate or good, occasionally poor.

v2.23.0 | Report a Bug | By Email