Re: Fixing exchange of host keys in the SSH key exchange

To: Mouse <mouse%Rodents-Montreal.ORG@localhost>, "ietf-ssh%NetBSD.org@localhost" <ietf-ssh%NetBSD.org@localhost>
Subject: Re: Fixing exchange of host keys in the SSH key exchange
From: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Date: Sun, 26 Mar 2017 08:53:18 +0000

Mouse <mouse%Rodents-Montreal.ORG@localhost> writes:

>As far as I can see, this affects the user only in that "pick up the host key
>on first connect" no longer works.

It breaks TOFU.  Since this is how the vast majority of all users use SSH
(ref: https://www.usenix.org/system/files/login/articles/105484-Gutmann.pdf),
it means it would break SSH for them.  Conversely, it means the vast majority
won't use it.

>Then this suggestion has the additional feature that it will smoke out such
>bugs!

Trying to smoke out non-standards-compliant implementations at this point,
about twenty-odd after SSH2 started getting deployed, is probably a bit late
in the game.

Also, does this mean any implemenation that doesn't correctly implement a MUST
or MUST NOT can regarded as broken and discarded?

Peter.

Follow-Ups:
- Re: Fixing exchange of host keys in the SSH key exchange
  - From: denis bider (Bitvise)
- Re: Fixing exchange of host keys in the SSH key exchange
  - From: Mouse

References:
- Fixing exchange of host keys in the SSH key exchange
  - From: denis bider (Bitvise)
- Re: Fixing exchange of host keys in the SSH key exchange
  - From: Peter Gutmann
- Re: Fixing exchange of host keys in the SSH key exchange
  - From: Mouse

Prev by Date: Re: Fixing exchange of host keys in the SSH key exchange
Next by Date: Re: Fixing exchange of host keys in the SSH key exchange
Previous by Thread: Re: Fixing exchange of host keys in the SSH key exchange
Next by Thread: Re: Fixing exchange of host keys in the SSH key exchange
Indexes:

Home | Main Index | Thread Index | Old Index