IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: gssapi host key algorithm usage
Joel,
I've thought more about it and I see but one easy way to get the ability
to specify preferences such as:
- 1st, pubkey keyex with pgp-sign-{dss,rsa} keys
- 2nd, gss keyex with some mechanism
- 3rd, pubkey keyex with ssh-{dss,rsa} keys
without breaking existing deployed systems.
That would be to add aliases of the "pubkey" keyex methods
("diffie-hellman-group1-sha1" and "diffie-hellman-group-exchange-sha1")
which are understood to be usable only with a subset of the host key
algorithms normally usable with those kex methods.
Thus the preferences in the above scenario could be expressed as follows:
- kex methods:
diffie-hellman-group1-sha1-pgp,gss-group1-sha1-XYZ,diffie-hellman-group1-sha1
- host key algorithms:
pgp-sign-rsa,pgp-sign-dss,ssh-dss,ssh-rsa
[The nice thing about these kex method aliases is that their use would
not break existing implementations.]
Treating the GSS-API mechanisms as host key algorithms wouldn't solve
the problem because of the way that the key exchange method is to be
picked as per draft-ietf-secsh-transport-15. That is, something like
this in the client's KEXINIT:
- kex methods:
diffie-hellman-group1-sha1,gss-group1-sha1
- host key algorithms:
pgp-sign-rsa,pgp-sign-dss,gss-api-XYZ,ssh-dss,ssh-rsa
would lead to the selection of diffie-hellman-group1-sha1 whenever the
server offers it and any of the pgp-sign-*,ssh-* host key algorithms.
The kex method selection algorithm could be specified in such a way that
draft-ietf-secsh-gsskeyex could have treated GSS-API mechanisms as host
key algorithms and so that the second example above would have worked.
But it wasn't.
What's clear to me is that this issue was not caused by the introduction
of draft-ietf-secsh-gsskeyex - it was there all along and all that had
to happen for it to annoy someone was for some kex method to be
introduced with a host key algorithm set disjoint with respect to the
original kex method's. In fact, even without GSS-API in the picture
there are preferences that you can't specify (though no one would want
to specify such preferences), such as:
- 1st, diffie-hellman-group-exchange-sha1 keyex with pgp-sign-{dss,rsa} keys
- 3rd, diffie-hellman-group1-sha1 keyex with ssh-{dss,rsa} keys
- 2nd, diffie-hellman-group-exchange-sha1 keyex with ssh-{dss,rsa} keys
No amount of tinkering with draft-ietf-secsh-gsskeyex will fix the
underlying problem because the underlying problem is in
draft-ietf-secsh-transport.
Cheers,
Nico
Home |
Main Index |
Thread Index |
Old Index