Re: SSH_MSG_KEXGSS_HOSTKEY (was: Re: I-D ACTION:draft-weber-secsh-pkalg-none-00.txt)

To: "Joel N. Weber II" <ietf-secsh%joelweber.com@localhost>
Subject: Re: SSH_MSG_KEXGSS_HOSTKEY (was: Re: I-D ACTION:draft-weber-secsh-pkalg-none-00.txt)
From: Joseph Galbraith <galb-list%vandyke.com@localhost>
Date: Thu, 17 Jul 2003 14:48:18 -0600

The gsskeyex draft effectively defines a way to generate an independent
key exchange algorithm for any GSS mechanism.  Such algorithms use a
number of common components, but they are not one key exchange algorithm
with multiple "host key algorithms"; they are different key exchange
algorithms and should be treated as such.  Note that this approach was
adopted in large part to specifically avoid the sort of multi-level
negotiation problem that you appear to be trying to fix in item 1.


Yes, but it's the wrong way to avoid that problem, precisely because
if I want to use pgp-sign-rsa if that's available, and then use
Kerberos, and then use ssh-rsa, there is no way to specify that.

Now, I'm not claiming we can arrange it at this late data, but it seems like
maybe the correct way to address your concern would be to seperate key
exchange and server authentication.

Putting aside how to do this without a significant rewrite of the coredrafts,

doing this might have several advantages.

1. I believe the problem you have would be resolved.  Rather than
'publickey' algorithms in our key exchange, you would instead
have 'server-authentication' methods.  Gssapi would not be a
key exchange method, it would be a server-authentication method.

2. Gssapi would have been a simpler draft because it would have had
to define diffie-hellman key exchange as well, and we would be
wondering whether we should do gssapi-group-exchange as well.

Now, on the half-serious, we could, but I'm not sure we want to, side ofthings, wecould introduce a new service, called authentication, instead ofuserauth, and make

it responsible for handling both host and user authentication.

We could do this in conjuction with the new KEX2 message you are proposing.

On the brighter side, it wouldn't hold up the core drafts, we couldaddress other userauth

problems that have come up, and we would be world famous :-)

On the darker side, it is a lot of work, will take time, and we might beworld infamous for

even suggesting it :-)

At any rate, I was hoping perhaps some clarity would be brought by therealization thatit is the tying of host authentication and key exchange that is the rootof the problem.


Joseph

Follow-Ups:
- Re: SSH_MSG_KEXGSS_HOSTKEY (was: Re: I-D ACTION:draft-weber-secsh-pkalg-none-00.txt)
  - From: Nicolas Williams

References:
- Re: SSH_MSG_KEXGSS_HOSTKEY (was: Re: I-D ACTION:draft-weber-secsh-pkalg-none-00.txt)
  - From: Jeffrey Hutzelman
- Re: SSH_MSG_KEXGSS_HOSTKEY (was: Re: I-D ACTION:draft-weber-secsh-pkalg-none-00.txt)
  - From: Joel N. Weber II

Prev by Date: Re: SSH_MSG_KEXGSS_HOSTKEY (was: Re: I-D ACTION:draft-weber-secsh-pkalg-none-00.txt)
Next by Date: Re: SSH_MSG_KEXGSS_HOSTKEY (was: Re: I-D ACTION:draft-weber-secsh-pkalg-none-00.txt)
Previous by Thread: Re: KEX problems
Next by Thread: Re: SSH_MSG_KEXGSS_HOSTKEY (was: Re: I-D ACTION:draft-weber-secsh-pkalg-none-00.txt)
Indexes:

Home | Main Index | Thread Index | Old Index