SSH v3?

To: Damien Miller <djm%mindrot.org@localhost>, Simon Tatham <anakin%pobox.com@localhost>, Niels Möller <nisse%lysator.liu.se@localhost>, Simon Josefsson <simon%josefsson.org@localhost>, ietf-ssh%netbsd.org@localhost
Subject: SSH v3?
From: denis bider <ietf-ssh3%denisbider.com@localhost>
Date: Tue, 1 Dec 2015 10:10:03 +0000

Very much agreed.

Here's my wish:

SSHv3 is based on UDP, not TCP.

I actually have a whole spec for that ready-made, which includes things like negotiating encryption + authentication as one thing...

Heck, if you guys want to work on that, here's the spec:

https://www.bitvise.com/files/EfficientSecureTransport.pdf

The initial defined algorithms are kinda arbitrary and trivial to substitute. I was going to put in Ed25519 and AES GCM, but I didn't have access to that at the time, so I put in something I had access to.

I actually have a platform-independent C++ implementation, too.... Complete, just never tested.

Do you guys want to work on this?

----- Original Message -----
From: Damien Miller
Sent: Sunday, November 29, 2015 05:48
To: Simon Tatham
Cc: Niels Möller ; Simon Josefsson ; ietf-ssh%netbsd.org@localhost
Subject: Re: Binary packet protocol rethink (was: Re: ChaCha20-Poly1305 for SSH)

While we're dropping wishlist items for SSH v.3, here's one of mine:

Key exchange negotiates an AEAD rather than a cipher and a MAC
separately, and does so from a greatly trimmed set of options. E.g.
AES-GCM, chacha20+poly1305 and an AES-CTR+HMAC mode.

IMO the AEAD primitive is the right metaphor for the security properties
of the SSH transport protocol. Removing the large cartesian product of
ciphers x MACs will make testing faster and binaries smaller too.

-d

Follow-Ups:
- RE: SSH v3?
  - From: Peter Gutmann
- Re: SSH v3?
  - From: denis bider
- Re: SSH v3?
  - From: Niels Möller

Prev by Date: Re: SSH v3?
Next by Date: Re: Binary packet protocol rethink
Previous by Thread: RE: SSH v3?
Next by Thread: Re: SSH v3?
Indexes:

Home | Main Index | Thread Index | Old Index