Re: KEX problems

To: ietf-ssh%NetBSD.org@localhost
Subject: Re: KEX problems
From: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>
Date: Mon, 21 Jul 2003 17:20:56 -0400

On Monday, July 21, 2003 09:12:07 -0700 Nicolas Williams<Nicolas.Williams%sun.com@localhost> wrote:

I'm glad that we pretty much agree on what the problems are. You seem tohave omitted the rekey-without-host-key problem, which I called problem(1), probably because it's only peripherally relevant to this discussion.I would like to hear more comments from people as to whether problem (1) isworth solving and whether the solution I described (rolling the semanticsof Joel Weber's 'none' hostkey algorithm into the 'null' already describedin the gsskeyex document) is the correct solution. I believe the answersto both questions are "yes", but confirmation would be nice.

I think I need to disagree with you slightly on priorities for the otherproblems...

IMO, problem (B) is the problem most worth solving, but it requires
extending the key exchange phase of the protocol, one way or another.

IIRC this is what I called problem (2), the keyex retry problem. I'm notsure whether it occurs often enough to be worth solving; I'd love to hearcomments from people other than you, me, and Joel on this point. I doagree that solving it requires extending the keyex protocol, probably alongone of the three general paths I described in my message, none of which areterribly appealing to me. I believe the bar to be passed before solvingthis problem should be rather high.

IMO, problem (C) is the simplest to solve and does not require modifying
the key exchange part of the protocol.

Well, no disagreement here. Of the three problems you listed, this isclearly the simplest to solve, and I think we have already achievedconcensus both that this is worth solving, and that the general approachwe've discussed is correct. Hopefully we'll have an I-D in short order,and people can comment on whether the specifics are right. I would likesome opinion from the WG members and the chair as to whether this should bea working group item or not.

IMO, problem (A) is the problem least worth solving, but if we solve (B)
then we should consider solving (A) as well.

This is the multi-level algorithm negotiation problem, which I calledproblem (3). I can only partially agree here... If we solve (B), weshould certainly consider solving (A), since it's clearly possible to do soif we're extending the key exchange anyway. However, I think it may alsobe possible to solve (A) without modifying the key exchange mechanism, byusing an alias-based approach. If such a solution is sufficiently simpleand actually meets the need, then I think the bar should be significantlylower than for a solution which requires modifying or extending the keyexchange.

IMO, problems (A) and (B) can be solve backwards compatibly through
extensions to the KEXINIT message (see its 'reserved' field).  For this
we'd need draft-ietf-secsh-transport to have some text describing the
meta-semantics KEXINIT extensions and their negotiation so that problems
(A) and (B) can be solved in a separate I-D.  I will submit a last call
comment on this point.


Agree.

-- Jeff

Follow-Ups:
- Re: KEX problems
  - From: Nicolas Williams

References:
- Re: SSH_MSG_KEXGSS_HOSTKEY (was: Re: I-D ACTION:draft-weber-secsh-pkalg-none-00.txt)
  - From: Jeffrey Hutzelman
- Re: SSH_MSG_KEXGSS_HOSTKEY (was: Re: I-D ACTION:draft-weber-secsh-pkalg-none-00.txt)
  - From: Bill Sommerfeld
- KEX problems
  - From: Nicolas Williams

Prev by Date: Re: Secure Shell WG: Issue Tracking "Last Call"
Next by Date: Transport I-D: KEXINIT reserved field needs description
Previous by Thread: Re: KEX problems
Next by Thread: Re: KEX problems
Indexes:

Home | Main Index | Thread Index | Old Index