Re: suggestion for new ssh maintenance wg

To: Stephen Farrell <stephen.farrell%cs.tcd.ie@localhost>
Subject: Re: suggestion for new ssh maintenance wg
From: nisse%lysator.liu.se@localhost (Niels Möller)
Date: Fri, 29 Jan 2016 22:34:20 +0100

Stephen Farrell <stephen.farrell%cs.tcd.ie@localhost> writes:

> If you think such an ssh maintenance wg is a bad plan,
> please also do say that and why you think that.

There's definitely some work that needs to be done. I'm not very
familiar with ietf processes, so I'm not sure a new working group would
make it easier to make progress. I guess what's needed is either an
active wg chair, or an active area director, or someone informally
accepting (and being accepted) in a similar role.

> PPS: Note that this could be short-lived wg that never
> needs to meet face-to-face, or maybe it'd not be like that,
> but don't get fussed about having to go to IETF meetings
> to get this work done - if it's maintenance then that may
> well not be needed.

Don't worry about IETF meetings. I felt I was deeply involved during the
work on the ssh rfc:s. And I've never been to a secsh wg meeting, only
on the mailing list. (I've actually been to one ietf meeting in my life,
but the secsh wg didn't meet that time).

>> Extension negotiation for SSH: 
>> https://datatracker.ietf.org/doc/draft-ssh-ext-info

An extension mechanism makes sense to me, but I find most of the
proposed extensions questionable and/or hard to get right.

>> In addition to the above, I very much agree that aes-gcm%openssh.com@localhost
>> needs standardization.

I think the single issue that might motivate forming a new wg is how to
properly negotiate the use of aead crypt in ssh. There should be no
difference between aes-gcm (which I'm not very fond of) and
chacha-poly1305.

>> Among other things, the erstwhile SSH working group never finalized
>> the SFTP spec due to lack of consensus. We now have two SFTP specs,
>> version 3 implemented by OpenSSH, and version 6 implemented by most
>> everyone else.

I honestly doubt we'll see much progress there, wg or not. It was a bit
too much of second system syndrome. But if some others have the energy
to revive it, I can't object, of course.

Regards,
/Niels

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.

References:
- SSH crypto updates / Re: Call for Adoption
  - From: denis bider
- suggestion for new ssh maintenance wg (was: Re: [Curdle] SSH crypto updates / Re: Call for Adoption)
  - From: Stephen Farrell

Prev by Date: Re: draft-baushke-ssh-dh-group-sha2-01 (was Re: DH group exchange)
Next by Date: Re: suggestion for new ssh maintenance wg
Previous by Thread: suggestion for new ssh maintenance wg (was: Re: [Curdle] SSH crypto updates / Re: Call for Adoption)
Next by Thread: Re: suggestion for new ssh maintenance wg
Indexes:

Home | Main Index | Thread Index | Old Index