Re: Terrapin

To: ietf-ssh%netbsd.org@localhost
Subject: Re: Terrapin
From: Mouse <mouse%Rodents-Montreal.ORG@localhost>
Date: Thu, 28 Dec 2023 09:36:39 -0500 (EST)

>> [...] a "strict KEX" feature.  [...]
> Ugh, another incompletely-specified [*] homebrew add-on kludged onto
> SSH without any public consultation, to fix the problems caused by
> the first incompletely-specified homebrew add-on kludged onto SSH
> without any public consultation.  What happened to publishing RFCs
> and getting public review and feedback in case there are problems?

(a) As I understand it, OpenSSH's "strict kex" is, currently, using an
@openssh.com name.  Such experiments are what @fqdn extension names are
_for_.

(b) What happened is probably "the IETF".  The IETF has been getting
more and more political and corporate with time.  Time was when RFCs
could be floated by pretty much anyone as, well, requests for comments.
Then when they got politicized to the point of uselessness for their
original purpose, someone introduced internet-drafts.  Now _those_ have
got politicized to the point of having severe gates (and time delays)
in front of publication.  Stopping Terrapin _now_ should, IMO, take
priority.  (This is why, for example, even back in 2002, I didn't
bother trying to publish my "extend SLIP" document as even an I-D, much
less an RFC.)

OpenSSH's dominant "market" position has both good and bad aspects,
certainly, but this is one case where it's good: it means that OpenSSH
can, with an @fqdn extension, unilaterally protect a substantial
fraction of the SSH connections on the current Internet without
breaking interop with implementations not implementing it.

>> [...]
> Are there any implementations that would break if you did this
> anyway?

Probably.  I've even run into an implementation that, as near as I can
tell, breaks if you throw anything using the @fqdn syntax at it.

But I draw a distinction between breaking interop with spec-conforming
implementations and breaking interop with nonconformant
implementations.  The former is usually bad, excusable mostly when
faced with a need to work around a severe attack (Terrapin doesn't
quite count; as bad as it is, there are relatively easy interoperable
workarounds.)  The latter is a good thing; I prefer to render broken
code _obviously_ broken.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Follow-Ups:
- Re: Terrapin
  - From: Peter Gutmann

References:
- Terrapin
  - From: Mouse
- Re: Terrapin
  - From: Peter Gutmann
- Re: Terrapin
  - From: Mouse
- Re: Terrapin
  - From: Brian Pence
- Re: Terrapin
  - From: Peter Gutmann
- Re: Terrapin
  - From: Brian Pence
- Re: Terrapin
  - From: Brian Pence
- Re: Terrapin
  - From: Brian Pence
- Re: Terrapin
  - From: Peter Gutmann

Prev by Date: Re: Terrapin
Next by Date: Re: Terrapin
Previous by Thread: Re: Terrapin
Next by Thread: Re: Terrapin
Indexes:

Home | Main Index | Thread Index | Old Index