IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

minutes/wg status



The Secure Shell (secsh) WG met on Monday, July 15th at the 54th IETF
meeting in Yokohama, Japan.

There was very little business; the bulk of the time was spent on
status updates; we wrapped up in about 20 minutes. 

The core drafts went through IETF-wide last call.  One issue was
raised by IANA (regarding initial state of SSH registries); this will
be dealt with by adding a fifth "assigned numbers" draft, which will
be revised and then last-called shortly.  The core documents are now
under discussion in the IESG (along with, at last report, 50-odd other
documents from other working groups -- they're busy folks).

Three more documents went through WG last call and are ready to go to
IETF-wide last call:
	- Keyboard-interactive
	- DH Group exchange
	- Public key file format 

Unfortunately, the PK file format draft has expired and will need to
be re-cycled.

The SSH fingerprint format draft appears to be uncontroversial and
thus ready for WG last call

The following documents are "real close"; expect a WG last call once
the next rev comes out:

	 SSH Protocol Assigned Numbers (intended to resolve IANA issues)
	 GSSAPI (author just missed the publication deadline for this IETF)

Two more still require work:

	Agent forwarding (insufficient detail to implement)
	File Transfer (expired, needs to be resurrected)

----

Current discussion of the assigned-numbers document turned up two issues:

 - Per-sub-protocol ranges (key exchange and user auth) are
mechanism-specific, so there is no need for IANA to manage subranges

 - des-cbc should be added as a (deprecated) encryption algorithm
since a few folks have implemented it, to document the use of the string.

----

Crypto revisions:

There was a message from Tadayoshi Kohno, regarding an analysis he and
others did of the SSH protocol.  In addition to the cbc cipher
chaining issues, there is a counter that can overflow and leaves you
vulnerable to a replay attack after 2^32 messages.  Kohno has offered
to write an I-D describing how to fix the problem.

He also proposed four different CBC Attack fixes:

- Stateful counter mode (no more cost, no padding needed)
- Explicit IV (more bandwidth (+2 blocks per packet), more crypto)
- Counter-mode IV (more crypto)
- IV is encryption of last block (more crypto)

Kohno will likely pick one of these four options as the recommended
new mode..

----

The meeting concluded with a reminder to the WG of a few extenstions
for which interest has appeared on the list but no draft has surfaced.
We are getting very close to "done" with the current set of drafts,
and thus going inactive until we're ready for draft standard status..

Here's the list:

- X.509/PKIX support		(Steve Hanna seems to have volunteered)
(RL "Bob" Morgan (U Washington) pointed out that there's a reference
to a x509v3-sign-{rsa,dsa} key/cert formats in the transport draft
without any definition of what exactly it is).
- Round-trip count reduction
- Depreciate implementation-name-based-workarounds.
- Port forwarding of arbitrary port
- UDP forwarding
- Line mode
- Console server options
- Performance analysis

I fully expect that we won't do all, or even most, of these, but there
have been strong advocates for many of these..

Thanks to Ken Hornstein for his continued service as notes-taker.



Home | Main Index | Thread Index | Old Index