Re: gssapi host key algorithm usage

To: "Joel N. Weber II" <ietf-secsh%joelweber.com@localhost>
Subject: Re: gssapi host key algorithm usage
From: Nicolas Williams <Nicolas.Williams%sun.com@localhost>
Date: Thu, 26 Jun 2003 08:48:46 -0700

Joel,

I've thought more about it and I see but one easy way to get the ability
to specify preferences such as:

  - 1st, pubkey keyex with pgp-sign-{dss,rsa} keys
  - 2nd, gss keyex with some mechanism
  - 3rd, pubkey keyex with ssh-{dss,rsa} keys

without breaking existing deployed systems.

That would be to add aliases of the "pubkey" keyex methods
("diffie-hellman-group1-sha1" and "diffie-hellman-group-exchange-sha1")
which are understood to be usable only with a subset of the host key
algorithms normally usable with those kex methods.

Thus the preferences in the above scenario could be expressed as follows:

 - kex methods:

   diffie-hellman-group1-sha1-pgp,gss-group1-sha1-XYZ,diffie-hellman-group1-sha1

 - host key algorithms:

   pgp-sign-rsa,pgp-sign-dss,ssh-dss,ssh-rsa

[The nice thing about these kex method aliases is that their use would
 not break existing implementations.]


Treating the GSS-API mechanisms as host key algorithms wouldn't solve
the problem because of the way that the key exchange method is to be
picked as per draft-ietf-secsh-transport-15.  That is, something like
this in the client's KEXINIT:

 - kex methods:

   diffie-hellman-group1-sha1,gss-group1-sha1

 - host key algorithms:

   pgp-sign-rsa,pgp-sign-dss,gss-api-XYZ,ssh-dss,ssh-rsa

would lead to the selection of diffie-hellman-group1-sha1 whenever the
server offers it and any of the pgp-sign-*,ssh-* host key algorithms.

The kex method selection algorithm could be specified in such a way that
draft-ietf-secsh-gsskeyex could have treated GSS-API mechanisms as host
key algorithms and so that the second example above would have worked.
But it wasn't.


What's clear to me is that this issue was not caused by the introduction
of draft-ietf-secsh-gsskeyex - it was there all along and all that had
to happen for it to annoy someone was for some kex method to be
introduced with a host key algorithm set disjoint with respect to the
original kex method's.  In fact, even without GSS-API in the picture
there are preferences that you can't specify (though no one would want
to specify such preferences), such as:

  - 1st, diffie-hellman-group-exchange-sha1 keyex with pgp-sign-{dss,rsa} keys
  - 3rd, diffie-hellman-group1-sha1 keyex with ssh-{dss,rsa} keys
  - 2nd, diffie-hellman-group-exchange-sha1 keyex with ssh-{dss,rsa} keys


No amount of tinkering with draft-ietf-secsh-gsskeyex will fix the
underlying problem because the underlying problem is in
draft-ietf-secsh-transport.

Cheers,

Nico

References:
- gssapi host key algorithm usage
  - From: Joel N. Weber II
- Re: gssapi host key algorithm usage
  - From: Nicolas Williams
- Re: gssapi host key algorithm usage
  - From: Joel N. Weber II
- Re: gssapi host key algorithm usage
  - From: Nicolas Williams
- Re: gssapi host key algorithm usage
  - From: Nicolas Williams

Prev by Date: Re: I-D ACTION:draft-weber-secsh-pkalg-none-00.txt
Next by Date: Re: I-D ACTION:draft-weber-secsh-pkalg-none-00.txt
Previous by Thread: Re: gssapi host key algorithm usage
Next by Thread: Send me agenda items for Vienna.
Indexes:

Home | Main Index | Thread Index | Old Index