Hi all, See below - I was asked to forward this message from one of the IETF security area directors to this list in case people aren't aware of the initiative to re-open an SSH working group in the IETF. Cheers, S. -------- Forwarded Message -------- Subject: [Ssh] SSH side meeting at IETF 120 Date: Tue, 30 Jul 2024 15:34:31 -0400 From: Deb Cooley <debcooley1%gmail.com@localhost> To: SSH%ietf.org@localhostCC: Paul Wouters <paul.wouters%aiven.io@localhost>, Theo de Raadt <deraadt%openbsd.org@localhost>, Roman Danyliw <rdd%cert.org@localhost>
I want to thank everyone that attended Tuesday evening's side meeting in person or remotely. I also want to thank those that worked to bring people together for that meeting. I also want to thank Francois Michel who chaired the session and to David Schinazi who jumped into moderate. I'm sure I've left out people, for which I will apologize.
It was a healthy, positive discussion about potentially forming a SSH working group and how it would add value to everyone without unnecessarily increasing the burden on implementers. It was great seeing many people with different goals and concerns agree to work together.
The charter will have clauses about the existence of implementations, recognizing that maintaining interoperability is crucial.
We discussed a number of work items which include the following (*reflects work that may/may not follow on later):
1. Updating algorithms (deprecating very old MTI algorithms and updating IANA).
2. Cleanup and publish selected drafts (agent draft, SFTP) 3. Adding new PQ algorithms (hybrid in the near term).4. Reacting to relevant formal analysis results, e.g. from ufmrg or elsewhere (initial key exchange, user authentication protocol, machine verification of strict kex). *5. Certificates - to understand the landscape - SSH style, X.509, public trust *6. New ideas and experiments - later on, drafts can be written, implement for testing.
Going forward: It is possible to get a working group chartered without a BOF. But we need to get the charter drafted soonest, so we can get it through the process (there are multiple review windows that take some time).
Charter: This is step 1. Just remember that charters are not forever, we need an initial working charter that will get the work started, not one that will stand for the ages. What is posted is a first draft, please feel free to post PRs and/or issues that you see. First draft charter language is posted here: https://github.com/DavidSchinazi/ssh-charter/blob/main/charter.md
If there are issues attending meetings (either in person or remote), please contact the Security ADs (me and/or Paul Wouters).
I look forward to helping to facilitate this work! Deb
_______________________________________________ Ssh mailing list -- ssh%ietf.org@localhost To unsubscribe send an email to ssh-leave%ietf.org@localhost
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature