From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Fri May 7 10:09:45 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id KAA23486 for ; Fri, 7 May 2004 10:09:45 -0400 (EDT) Received: (qmail 13967 invoked by uid 605); 7 May 2004 14:09:41 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 13940 invoked from network); 7 May 2004 14:09:39 -0000 Received: from unknown (HELO 204.152.184.164) (61.172.140.190) by mail.netbsd.org with SMTP; 7 May 2004 14:09:39 -0000 Received: from magistrate [48.230.216.120] by 1webhighway.com with ESMTP (SMTPD32-8.03) id dowitcher; Fri, 07 May 2004 13:13:06 -0500 Message-ID: From: "Woodrow Bolden" To: Subject: Take a breather Date: Fri, 07 May 2004 11:10:06 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-Mailer: multipliable season beater X-Declude-Sender: pacskjiepijp@mail2Kristin.com [16.69.88.200] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. Sender: ietf-ssh-owner@NetBSD.org Precedence: list Content-Transfer-Encoding: 7bit Thank you for your mor tg age application, which we received yesterday= From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Tue May 11 18:13:00 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA01386 for ; Tue, 11 May 2004 18:13:00 -0400 (EDT) Received: (qmail 16857 invoked by uid 605); 11 May 2004 22:12:56 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 16850 invoked from network); 11 May 2004 22:12:56 -0000 Received: from nwkea-mail-2.sun.com (192.18.42.14) by mail.netbsd.org with SMTP; 11 May 2004 22:12:56 -0000 Received: from heliopolis.sfbay.sun.com ([152.70.1.39]) by nwkea-mail-2.sun.com (8.12.10/8.12.9) with ESMTP id i4BMCtLr009930 for ; Tue, 11 May 2004 15:12:55 -0700 (PDT) Received: from [192.168.0.14] (vpn-129-150-116-48.UK.Sun.COM [129.150.116.48]) by heliopolis.sfbay.sun.com (8.11.6+Sun/8.11.6/ENSMAIL,v2.1p1) with ESMTP id i4BMCsx27283 for ; Tue, 11 May 2004 15:12:55 -0700 (PDT) Message-ID: <40A14FE6.8000208@sun.com> Date: Tue, 11 May 2004 23:12:54 +0100 From: Douglas Stebila Organization: Sun Microsystems Laboratories User-Agent: Mozilla Thunderbird 0.6 (Macintosh/20040502) X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-ssh@NetBSD.org Subject: Elliptic-Curve Diffie-Hellman Key Exchange draft Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: ietf-ssh-owner@NetBSD.org Precedence: list Content-Transfer-Encoding: 7bit I recently posted a draft to add support for the use of elliptic curve cryptography in the form of Elliptic Curve Diffie-Hellman (ECDH) key agreement to the exchange portion of the SSH Transport Layer protocol. I would appreciate any feedback on the draft, which can be found at: http://www.ietf.org/internet-drafts/draft-stebila-secsh-ecdh-01.txt -- Douglas Stebila Sun Microsystems Laboratories Email: douglas.stebila@sun.com From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Wed May 12 02:40:37 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id CAA10278 for ; Wed, 12 May 2004 02:40:37 -0400 (EDT) Received: (qmail 6844 invoked by uid 605); 12 May 2004 06:40:34 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 6754 invoked from network); 12 May 2004 06:40:32 -0000 Received: from mail.lysator.liu.se (130.236.254.3) by mail.netbsd.org with SMTP; 12 May 2004 06:40:32 -0000 Received: by mail.lysator.liu.se (Postfix, from userid 1646) id 8DDEE1324E1; Wed, 12 May 2004 08:40:11 +0200 (MEST) Received: from sellafield.lysator.liu.se (sellafield.lysator.liu.se [130.236.254.103]) by mail.lysator.liu.se (Postfix) with ESMTP id 0DA24132923; Wed, 12 May 2004 08:40:08 +0200 (MEST) Received: from sellafield.lysator.liu.se (localhost [127.0.0.1]) by sellafield.lysator.liu.se (8.12.10/8.8.7) with ESMTP id i4C6e7GU013654; Wed, 12 May 2004 08:40:07 +0200 (MEST) Received: (from nisse@localhost) by sellafield.lysator.liu.se (8.12.10/8.12.8/Submit) id i4C6e6ka013651; Wed, 12 May 2004 08:40:06 +0200 (MEST) X-Authentication-Warning: sellafield.lysator.liu.se: nisse set sender to nisse@lysator.liu.se using -f To: Douglas Stebila Cc: ietf-ssh@NetBSD.org Subject: Re: Elliptic-Curve Diffie-Hellman Key Exchange draft References: <40A14FE6.8000208@sun.com> Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 8bit From: nisse@lysator.liu.se (=?iso-8859-1?q?Niels_M=F6ller?=) Date: 12 May 2004 08:40:06 +0200 In-Reply-To: <40A14FE6.8000208@sun.com> Message-ID: Lines: 15 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 X-Spam-Checker-Version: SpamAssassin 2.63-lysator_fetto_1.2 (2004-01-11) on fetto.lysator.liu.se X-Spam-Status: No, hits=0.1 required=5.0 tests=AWL autolearn=no version=2.63-lysator_fetto_1.2 Sender: ietf-ssh-owner@NetBSD.org Precedence: list Content-Transfer-Encoding: 8bit Douglas Stebila writes: > I recently posted a draft to add support for the use of elliptic curve > cryptography in the form of Elliptic Curve Diffie-Hellman (ECDH) key > agreement to the exchange portion of the SSH Transport Layer protocol. What's the current patent status on that area? Is it possible to implement any cryptography on elliptic curves without getting a patent license from the patent holders (certicom? Others?). If not, I don't think there's much point in standardizing it, and I'm not going to spend any time reading drafts about it. You could of course still do it as a elliptic-curve-keyexchange@sun.com thing. /Niels From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Wed May 12 02:55:51 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id CAA11250 for ; Wed, 12 May 2004 02:55:50 -0400 (EDT) Received: (qmail 19351 invoked by uid 605); 12 May 2004 06:55:49 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 19334 invoked from network); 12 May 2004 06:55:48 -0000 Received: from sparkle.rodents.montreal.qc.ca (216.46.5.7) by mail.netbsd.org with SMTP; 12 May 2004 06:55:48 -0000 Received: (from mouse@localhost) by Sparkle.Rodents.Montreal.QC.CA (8.8.8/8.8.8) id CAA13718; Wed, 12 May 2004 02:55:46 -0400 (EDT) From: der Mouse Message-Id: <200405120655.CAA13718@Sparkle.Rodents.Montreal.QC.CA> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Erik-Conspiracy: There is no Conspiracy - and if there were I wouldn't be part of it anyway. Date: Wed, 12 May 2004 02:50:02 -0400 (EDT) To: ietf-ssh@NetBSD.org Subject: Re: Elliptic-Curve Diffie-Hellman Key Exchange draft In-Reply-To: References: <40A14FE6.8000208@sun.com> Sender: ietf-ssh-owner@NetBSD.org Precedence: list Content-Transfer-Encoding: 8bit >> [...] Elliptic Curve Diffie-Hellman (ECDH) key agreement [...] > What's the current patent status on that area? Is it possible to > implement any cryptography on elliptic curves without getting a > patent license from the patent holders (certicom? Others?). I haven't looked into it, but I'd guess there's a decent chance that the patent in question is a USA patent only, in which case certainly most of the world can benefit and I think standardizing it would be a Good Thing. (Aren't there jurisdictions that forbid algorithm patents in practice as well as theory?) Even if patents are held in many jurisdictions, the patent holder may be willing to grant an irrevocable sublicensable license for use with ssh; such things have happened before, and in the presence of such a thing I see no reason not to standardize such a key-exchange method. /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML mouse@rodents.montreal.qc.ca / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Thu May 13 04:05:10 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id EAA26783 for ; Thu, 13 May 2004 04:05:09 -0400 (EDT) Received: (qmail 5414 invoked by uid 605); 13 May 2004 08:05:04 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 5396 invoked from network); 13 May 2004 08:05:01 -0000 Received: from nwkea-mail-2.sun.com (192.18.42.14) by mail.netbsd.org with SMTP; 13 May 2004 08:05:01 -0000 Received: from heliopolis.sfbay.sun.com ([152.70.20.39]) by nwkea-mail-2.sun.com (8.12.10/8.12.9) with ESMTP id i4D84pLr007080; Thu, 13 May 2004 01:04:51 -0700 (PDT) Received: from [192.168.0.14] (vpn-129-150-116-119.UK.Sun.COM [129.150.116.119]) by heliopolis.sfbay.sun.com (8.11.6+Sun/8.11.6/ENSMAIL,v2.1p1) with ESMTP id i4D84ox11187; Thu, 13 May 2004 01:04:50 -0700 (PDT) Message-ID: <40A32C22.50006@sun.com> Date: Thu, 13 May 2004 09:04:50 +0100 From: Douglas Stebila Organization: Sun Microsystems Laboratories User-Agent: Mozilla Thunderbird 0.6 (Macintosh/20040502) X-Accept-Language: en-us, en MIME-Version: 1.0 To: =?ISO-8859-1?Q?Niels_M=F6ller?= CC: ietf-ssh@NetBSD.org Subject: Re: Elliptic-Curve Diffie-Hellman Key Exchange draft References: <40A14FE6.8000208@sun.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Sender: ietf-ssh-owner@NetBSD.org Precedence: list Content-Transfer-Encoding: 8bit Niels Möller wrote: >>I recently posted a draft to add support for the use of elliptic curve >>cryptography in the form of Elliptic Curve Diffie-Hellman (ECDH) key >>agreement to the exchange portion of the SSH Transport Layer protocol. > > What's the current patent status on that area? Is it possible to > implement any cryptography on elliptic curves without getting a patent > license from the patent holders (certicom? Others?). Yes, it is possible and it can be easily done. ECC as an algorithm was introduced in 1985 by Neal Koblitz and Victor Miller with no patents over the algorithm. Certicom does not hold an umbrella patent right over the algorithm. It only holds patents on some peripheral implementation or optimization techniques. RSA has a FAQ about patents related to elliptic curve cryptography at http://www.rsasecurity.com/rsalabs/faq/6-3-4.html. Highlights include: "Elliptic curve cryptosystems, as introduced in 1985 by Neal Koblitz and Victor Miller, have no general patents, though some newer elliptic curve algorithms and certain efficient implementation techniques may be covered by patents. ..." and "... In all of these cases, it is the implementation technique that is patented, not the prime or representation, and there are alternative, compatible implementation techniques that are not covered by the patents." Elliptic curve crypto can be implemented using basic school book techniques which have no patent infringement concern. Simple standard techniques such as "window table lookup", "projective coordinate space", and "non-adjacent form wNAF" can be used for performance optimization with no patent concern. These techniques are school book techniques commonly used for RSA optimization and other multi-precision integer arithmetic computation. Sun has contributed an ECC implementation to the OpenSSL project, and has filed some patent applications related to elliptic curve cryptography, but has explicitly indicated in the ECC code it contributed to the OpenSSL project that "Sun does not intend to assert its patent rights associated with the code that was delivered to the OpenSSL project." (See http://research.sun.com/projects/crypto/FrequenlyAskedQuestions.html for more information.) It should be noted that elliptic curve cryptography implementations can now be found in a number of open source projects (OpenSSL, Mozilla's Netscape Security Services, Victor Shoup's NTL, Wei Dai's Crypto++) and there are any number of standards on ECC. In fact, at present an ECC in TLS draft is going through IETF's TLS working group and to my knowledge there are no concerns on patent issues. I hope this helps dispel some of your concerns about the patent issues concerning ECC. Regards, Douglas Stebila From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Thu May 13 04:54:15 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id EAA28798 for ; Thu, 13 May 2004 04:54:14 -0400 (EDT) Received: (qmail 3200 invoked by uid 605); 13 May 2004 08:54:14 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 3187 invoked from network); 13 May 2004 08:54:13 -0000 Received: from sparkle.rodents.montreal.qc.ca (216.46.5.7) by mail.netbsd.org with SMTP; 13 May 2004 08:54:13 -0000 Received: (from mouse@localhost) by Sparkle.Rodents.Montreal.QC.CA (8.8.8/8.8.8) id EAA29532; Thu, 13 May 2004 04:54:11 -0400 (EDT) From: der Mouse Message-Id: <200405130854.EAA29532@Sparkle.Rodents.Montreal.QC.CA> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Erik-Conspiracy: There is no Conspiracy - and if there were I wouldn't be part of it anyway. Date: Thu, 13 May 2004 04:47:33 -0400 (EDT) To: ietf-ssh@NetBSD.org Subject: Re: Elliptic-Curve Diffie-Hellman Key Exchange draft In-Reply-To: <40A32C22.50006@sun.com> References: <40A14FE6.8000208@sun.com> <40A32C22.50006@sun.com> Sender: ietf-ssh-owner@NetBSD.org Precedence: list Content-Transfer-Encoding: 8bit > Sun has contributed an ECC implementation to the OpenSSL project, and > has filed some patent applications related to elliptic curve > cryptography, but has explicitly indicated in the ECC code it > contributed to the OpenSSL project that "Sun does not intend to > assert its patent rights associated with the code that was delivered > to the OpenSSL project." This is notable more for what it does not say than for what it does say. In particular, it does not say that Sun will not use its patents, if any, against similar code written by others (which locks everyone into Sun's code's license) or against modified versions of Sun's code. In fact, it does not say that Sun will not use its patents against users of its own contributions in the future, only that it currently does not intend to do so: it is not a commitment to anything. If Sun really does want to DTRT with their patent, let them give a royalty-free, sublicenseable license in perpetuity to, oh, say, Eric Raymond, maybe, or Alan Cox, or someone else suitably trusted by the open-source world. Heck, let it give out half a dozen such licenses. That is, let them _commit_ themselves. Unless and until they do something legally binding, I believe that statements of intent and so forth are all very pretty-sounding, but cannot be trusted: normal behaviour for corporations is what would be considered psychopathic for an individual, and in particular, corporations' promises cannot be trusted unless they are legally binding - and not always even then, but that's about as strong as we'll get. /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML mouse@rodents.montreal.qc.ca / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Thu May 13 05:01:40 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id FAA29091 for ; Thu, 13 May 2004 05:01:39 -0400 (EDT) Received: (qmail 8254 invoked by uid 605); 13 May 2004 09:01:29 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 8117 invoked from network); 13 May 2004 09:01:25 -0000 Received: from mail.lysator.liu.se (130.236.254.3) by mail.netbsd.org with SMTP; 13 May 2004 09:01:25 -0000 Received: by mail.lysator.liu.se (Postfix, from userid 1646) id 4D8EB51EB0; Thu, 13 May 2004 10:57:57 +0200 (MEST) Received: from sellafield.lysator.liu.se (sellafield.lysator.liu.se [130.236.254.103]) by mail.lysator.liu.se (Postfix) with ESMTP id C121B45A78; Thu, 13 May 2004 10:57:52 +0200 (MEST) Received: from sellafield.lysator.liu.se (localhost [127.0.0.1]) by sellafield.lysator.liu.se (8.12.10/8.8.7) with ESMTP id i4D8vqGU016452; Thu, 13 May 2004 10:57:52 +0200 (MEST) Received: (from nisse@localhost) by sellafield.lysator.liu.se (8.12.10/8.12.8/Submit) id i4D8voud016449; Thu, 13 May 2004 10:57:50 +0200 (MEST) X-Authentication-Warning: sellafield.lysator.liu.se: nisse set sender to nisse@lysator.liu.se using -f To: Douglas Stebila Cc: ietf-ssh@NetBSD.org Subject: Re: Elliptic-Curve Diffie-Hellman Key Exchange draft References: <40A14FE6.8000208@sun.com> <40A32C22.50006@sun.com> From: nisse@lysator.liu.se (=?iso-8859-1?q?Niels_M=F6ller?=) Date: 13 May 2004 10:57:49 +0200 In-Reply-To: <40A32C22.50006@sun.com> Message-ID: Lines: 91 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Spam-Checker-Version: SpamAssassin 2.63-lysator_fetto_1.2 (2004-01-11) on fetto.lysator.liu.se X-Spam-Status: No, hits=0.1 required=5.0 tests=AWL autolearn=no version=2.63-lysator_fetto_1.2 Sender: ietf-ssh-owner@NetBSD.org Precedence: list Content-Transfer-Encoding: 8bit Douglas Stebila writes: > Niels Möller wrote: > > > What's the current patent status on that area? Is it possible to > > implement any cryptography on elliptic curves without getting a patent > > license from the patent holders (certicom? Others?). > > Yes, it is possible and it can be easily done. [...] > "... In all of these cases, it is the implementation technique that is > patented, not the prime or representation, and there are alternative, > compatible implementation techniques that are not covered by the > patents." Ok, that's good news. > Sun has contributed an ECC implementation to the OpenSSL project, > and has filed some patent applications related to elliptic curve > cryptography, but has explicitly indicated in the ECC code it > contributed to the OpenSSL project that "Sun does not intend to assert > its patent rights associated with the code that was delivered to the > OpenSSL project." I'm always uneasy about such promises. Ok, Sun may have the best intentions now. But even if Sun's intentions don't change over time, the patents could be sold off to other companies with different plans. For example, in RFC 1170, Public Key Partners, owners of RSA and Diffie-Hellman patents at the time, promised that "licenses to practice RSA signatures will be available under reasonable terms and conditions on a non- discriminatory basis". A few years later, the company I worked for tried to actually buy RSA licenses from the patent owner, the RSA company. They were unwilling to even negotiate the price for such a license, they could sell us their software toolkit BSAFE, but patent licenses were out of the question. What patents do Sun have in this area? Searching for "Sun" and "Elliptic" I find US patent 6721771, : Method for efficient modular polynomial division in finite fields f(2 m) : : Abstract : : The present invention provides a method for performing an inversion : and multiply in a single operation as a polynomial divide operation. : As a result, the invention reduces the number of mathematical : operations needed to perform point doubling and point addition : operations. An elliptic curve cryptosystem using the present invention : can be made to operate more efficiently using the present invention. : An elliptic curve crypto-accelerator can be implemented using the : present invention to dramatically enhance the performance of the : elliptic curve cryptosystem. The invention uses five registers A, B, : U, V, and M, to accomplish a polynomial divide operation. Four : registers A, B, U, and V are initialized with values so that the : registers maintain a number of invariant relationships. The registers : store initial values a(t)=x(t), u(t)=y(t), b(t)=prime(t), and v(t)=0. : Here the polynomials in registers A, U, B, and V are denoted as a(t), : u(t), b(t), and v(t), respectively. Register M stores the irreducible : polynomial prime(t). By applying a series of invariant operations to : the registers, the register values are systematically reduced until : registers A and B have a value of one. At that point, register U : stores a value which represents y(t)/x(t) mod prime(t), solving the : polynomial division. and four published applications, : 20030212729 Modular multiplier : : 20030208518 Generic implementations of ellipitic [sic] curve : cryptography using partial reduction : : 20030206629 Hardware accelerator for elliptic curve cryptography : : 20030206628 Generic modular multiplier using partial reduction Are these the relevant patents, or am I missing something? (There are 3811 patents assigned to "Sun Microsystems" in the uspto database, and 795 published patent applications, so I really can't make an exhaustive search). > I hope this helps dispel some of your concerns about the patent issues > concerning ECC. Thanks for the information. I think I'd have to talk to a lawyer before implementing any elliptic curve cryptography. Regards, /Niels From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Thu May 13 05:41:52 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id FAA00640 for ; Thu, 13 May 2004 05:41:51 -0400 (EDT) Received: (qmail 3785 invoked by uid 605); 13 May 2004 09:41:50 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 3769 invoked from network); 13 May 2004 09:41:49 -0000 Received: from mta01-svc.ntlworld.com (62.253.162.41) by mail.netbsd.org with SMTP; 13 May 2004 09:41:49 -0000 Received: from [192.168.0.14] ([81.106.210.52]) by mta01-svc.ntlworld.com (InterMail vM.4.01.03.37 201-229-121-137-20020806) with ESMTP id <20040513094121.XUPN2731.mta01-svc.ntlworld.com@[192.168.0.14]>; Thu, 13 May 2004 10:41:21 +0100 In-Reply-To: References: <40A14FE6.8000208@sun.com> <40A32C22.50006@sun.com> Mime-Version: 1.0 (Apple Message framework v613) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit Cc: ietf-ssh@NetBSD.org From: Douglas Stebila Subject: Re: Elliptic-Curve Diffie-Hellman Key Exchange draft Date: Thu, 13 May 2004 10:41:46 +0100 To: nisse@lysator.liu.se (=?ISO-8859-1?Q?Niels_M=F6ller?=) X-Mailer: Apple Mail (2.613) Sender: ietf-ssh-owner@NetBSD.org Precedence: list Content-Transfer-Encoding: 7bit >> Sun has contributed an ECC implementation to the OpenSSL project, and >> has filed some patent applications related to elliptic curve >> cryptography, but has explicitly indicated in the ECC code it >> contributed to the OpenSSL project that "Sun does not intend to >> assert its patent rights associated with the code that was delivered >> to the OpenSSL project." > > I'm always uneasy about such promises. Ok, Sun may have the best > intentions now. But even if Sun's intentions don't change over time, > the patents could be sold off to other companies with different plans. In my previous email I should have included the actual legal covenant Sun made in contributing its code to the OpenSSL project: * The Elliptic Curve Public-Key Crypto Library (ECC Code) included * herein is developed by SUN MICROSYSTEMS, INC., and is contributed * to the OpenSSL project. * * The ECC Code is licensed pursuant to the OpenSSL open source * license provided below. * * In addition, Sun covenants to all licensees who provide a reciprocal * covenant with respect to their own patents if any, not to sue under * current and future patent claims necessarily infringed by the making, * using, practicing, selling, offering for sale and/or otherwise * disposing of the ECC Code as delivered hereunder (or portions thereof), * provided that such covenant shall not apply: * 1) for code that a licensee deletes from the ECC Code; * 2) separates from the ECC Code; or * 3) for infringements caused by: * i) the modification of the ECC Code or * ii) the combination of the ECC Code with other software or * devices where such combination causes the infringement. This license only appears in one file in OpenSSL, crypto/bn/bn_gf2m.c, which is the only file Sun contributed that contains technology covered under Sun patents (patent 6721771 as listed below). Moreover, this code is #ifdef'ed out by default and replaced by a text-book implementation. So it is certainly possible to have no Sun-patented technology in an ECC implementation (and default configurations of OpenSSL would have that status). Other open-source ECC implementations, like that in NSS, have no Sun-patented technology in them. > What patents do Sun have in this area? Searching for "Sun" and > "Elliptic" I find US patent 6721771, > : Method for efficient modular polynomial division in finite fields > f(2 m) [...] > and four published applications, > : 20030212729 Modular multiplier > : 20030208518 Generic implementations of ellipitic [sic] curve > : cryptography using partial reduction > : 20030206629 Hardware accelerator for elliptic curve cryptography > : 20030206628 Generic modular multiplier using partial reduction > > Are these the relevant patents, or am I missing something? (There are > 3811 patents assigned to "Sun Microsystems" in the uspto database, and > 795 published patent applications, so I really can't make an > exhaustive search). To my knowledge, those are the relevant patents and applications, although there may be others filed in the future. Note that Sun's covenant as listed above covers all "current and future patent claims" concerning the contributed code. Douglas From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Thu May 13 09:49:42 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id JAA12835 for ; Thu, 13 May 2004 09:49:42 -0400 (EDT) Received: (qmail 18429 invoked by uid 605); 13 May 2004 13:49:41 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 18417 invoked from network); 13 May 2004 13:49:40 -0000 Received: from nwkea-mail-1.sun.com (192.18.42.13) by mail.netbsd.org with SMTP; 13 May 2004 13:49:40 -0000 Received: from eastmail2bur.East.Sun.COM ([129.148.13.40]) by nwkea-mail-1.sun.com (8.12.10/8.12.9) with ESMTP id i4DDnb6b021624; Thu, 13 May 2004 06:49:37 -0700 (PDT) Received: from thunk.east.sun.com (thunk.East.Sun.COM [129.148.174.66]) by eastmail2bur.East.Sun.COM (8.12.10+Sun/8.12.10/ENSMAIL,v2.2) with ESMTP id i4DDnaii029728; Thu, 13 May 2004 09:49:36 -0400 (EDT) Received: from thunk (localhost [127.0.0.1]) by thunk.east.sun.com (8.12.11+Sun/8.12.11) with ESMTP id i4DDnZ9k017049; Thu, 13 May 2004 09:49:35 -0400 (EDT) Message-Id: <200405131349.i4DDnZ9k017049@thunk.east.sun.com> From: Bill Sommerfeld To: Douglas Stebila cc: nisse@lysator.liu.se (=?ISO-8859-1?Q?Niels_M=F6ller?=), ietf-ssh@NetBSD.org Subject: Re: Elliptic-Curve Diffie-Hellman Key Exchange draft In-Reply-To: Your message of "Thu, 13 May 2004 10:41:46 BST." Reply-to: sommerfeld@east.sun.com Date: Thu, 13 May 2004 09:49:35 -0400 Sender: ietf-ssh-owner@NetBSD.org Precedence: list [wearing my WG chair hat.] Doug: There is an old story about how penguins decide it's safe to go swimming. A large crowd of them mill about near the edge of the ice, jostling each other until finally one of them falls in. The remaining ones then see if the first bird gets eaten by a shark -- if not, the rest jump in.. With ECC, we're in the milling-about stage. Sharks have been sighted, though not very recently. But the penguins are still nervous and really would prefer that someone else go first.... This WG has limited time and energy. For this to be adopted as a WG item I'll need to hear from a community of implementors interested in adopting it. When possible, this WG (like much of the IETF as a whole) has traditionally preferred functionaly equivalent unencumbered technology even when it has lower performance (see DSS vs RSA). The message I'm getting from WG members who have spoken up thus far is that the uncertainties regarding the ECC IPR situation make it uninteresting to them. As others have suggested, the name@domain syntax for negotiable parameters within ssh allows ample room for interoperable experimentation. If folks are interested in pursuing the use of ECC within the ssh protocol, I suggest that they get together off-list with Doug and figure out what they want to do, and report back to me and/or the WG. - Bill From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Thu May 13 18:19:42 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA21200 for ; Thu, 13 May 2004 18:19:41 -0400 (EDT) Received: (qmail 9141 invoked by uid 605); 13 May 2004 22:19:37 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 9134 invoked from network); 13 May 2004 22:19:36 -0000 Received: from sf.firstpr.com.au (69.59.149.144) by mail.netbsd.org with SMTP; 13 May 2004 22:19:36 -0000 Received: from shitei.mindrot.org (shitei.mindrot.org [203.217.30.81]) by sf.firstpr.com.au (Postfix) with ESMTP id C8A6A12AD87; Thu, 13 May 2004 15:19:28 -0700 (PDT) Received: from mindrot.org (unknown [172.29.84.16]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by shitei.mindrot.org (Postfix) with ESMTP id E0CDA27C188; Fri, 14 May 2004 08:18:55 +1000 (EST) Message-ID: <40A3F3F0.1040302@mindrot.org> Date: Fri, 14 May 2004 08:17:20 +1000 From: Damien Miller User-Agent: Mozilla Thunderbird 0.5 (X11/20040312) X-Accept-Language: en-us, en MIME-Version: 1.0 To: sommerfeld@east.sun.com, ietf-ssh@NetBSD.org Cc: openssh@openssh.com Subject: Re: Elliptic-Curve Diffie-Hellman Key Exchange draft References: <200405131349.i4DDnZ9k017049@thunk.east.sun.com> In-Reply-To: <200405131349.i4DDnZ9k017049@thunk.east.sun.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: ietf-ssh-owner@NetBSD.org Precedence: list Content-Transfer-Encoding: 7bit Bill Sommerfeld wrote: > [wearing my WG chair hat.] > Doug: > > There is an old story about how penguins decide it's safe to go > swimming. A large crowd of them mill about near the edge of the ice, > jostling each other until finally one of them falls in. The remaining > ones then see if the first bird gets eaten by a shark -- if not, the > rest jump in.. > > With ECC, we're in the milling-about stage. Sharks have been sighted, > though not very recently. But the penguins are still nervous and > really would prefer that someone else go first.... > > This WG has limited time and energy. For this to be adopted as a WG > item I'll need to hear from a community of implementors interested in > adopting it. > > When possible, this WG (like much of the IETF as a whole) has > traditionally preferred functionaly equivalent unencumbered technology > even when it has lower performance (see DSS vs RSA). > > The message I'm getting from WG members who have spoken up thus far is > that the uncertainties regarding the ECC IPR situation make it > uninteresting to them. OpenSSH has no desire to implement anything tainted by patents and we strongly oppose any efforts to standardise encumbered methods in IETF-published standards. That goes for "free to use with strings attached" patent licenses too, such as the code that Sun contributed to OpenSSL. -d From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Thu May 13 18:56:48 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA22664 for ; Thu, 13 May 2004 18:56:48 -0400 (EDT) Received: (qmail 7127 invoked by uid 605); 13 May 2004 22:56:46 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 7116 invoked from network); 13 May 2004 22:56:43 -0000 Received: from mail.vandyke.com (HELO vandyke.com) (204.134.9.1) by mail.netbsd.org with SMTP; 13 May 2004 22:56:43 -0000 Received: from [127.0.0.1] (HELO [127.0.0.3]) by vandyke.com (CommuniGate Pro SMTP 3.4.7) with ESMTP id 5528893; Thu, 13 May 2004 16:56:42 -0600 Message-ID: <40A3FD2A.9020803@vandyke.com> Date: Thu, 13 May 2004 16:56:42 -0600 From: Joseph Galbraith User-Agent: Mozilla Thunderbird 0.6+ (Windows/20040503) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Douglas Stebila CC: =?ISO-8859-1?Q?Niels_M=F6ller?= , ietf-ssh@NetBSD.org Subject: Re: Elliptic-Curve Diffie-Hellman Key Exchange draft References: <40A14FE6.8000208@sun.com> <40A32C22.50006@sun.com> In-Reply-To: <40A32C22.50006@sun.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Sender: ietf-ssh-owner@NetBSD.org Precedence: list Content-Transfer-Encoding: 8bit Douglas Stebila wrote: > Niels Möller wrote: > >>> I recently posted a draft to add support for the use of elliptic curve >>> cryptography in the form of Elliptic Curve Diffie-Hellman (ECDH) key >>> agreement to the exchange portion of the SSH Transport Layer protocol. >> >> >> What's the current patent status on that area? Is it possible to >> implement any cryptography on elliptic curves without getting a patent >> license from the patent holders (certicom? Others?). > > Yes, it is possible and it can be easily done. > > ECC as an algorithm was introduced in 1985 by Neal Koblitz and Victor > Miller with no patents over the algorithm. Certicom does not hold an > umbrella patent right over the algorithm. It only holds patents on some > peripheral implementation or optimization techniques. > > RSA has a FAQ about patents related to elliptic curve cryptography at > http://www.rsasecurity.com/rsalabs/faq/6-3-4.html. Highlights include: > > "Elliptic curve cryptosystems, as introduced in 1985 by Neal Koblitz > and Victor Miller, have no general patents, though some newer elliptic > curve algorithms and certain efficient implementation techniques may > be covered by patents. ..." > and > "... In all of these cases, it is the implementation technique that is > patented, not the prime or representation, and there are alternative, > compatible implementation techniques that are not covered by the > patents." > > Elliptic curve crypto can be implemented using basic school book > techniques which have no patent infringement concern. Simple standard > techniques such as "window table lookup", "projective coordinate space", > and "non-adjacent form wNAF" can be used for performance optimization > with no patent concern. These techniques are school book techniques > commonly used for RSA optimization and other multi-precision integer > arithmetic computation. Perhaps I'm missing something here? Doesn't the above state that ECC is _not_ patent encumbered? In other words, doesn't the above state that is possible to create an ECC implementation that does not infringe on any patents? Or is it that people are concerned that the information provided from RSA's faq may not be accurate? I'm interested in seeing this work go forward. Thanks, - Joseph From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Fri May 14 12:41:43 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id MAA03279 for ; Fri, 14 May 2004 12:41:42 -0400 (EDT) Received: (qmail 3946 invoked by uid 605); 14 May 2004 16:41:42 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 3930 invoked from network); 14 May 2004 16:41:40 -0000 Received: from cvs.openbsd.org (199.185.137.3) by mail.netbsd.org with SMTP; 14 May 2004 16:41:40 -0000 Received: from cvs.openbsd.org (localhost [IPv6:::1]) by cvs.openbsd.org (8.12.11/8.12.1) with ESMTP id i4EGfIFs030917 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO); Fri, 14 May 2004 10:41:18 -0600 (MDT) Received: (from deraadt@localhost) by cvs.openbsd.org (8.12.11/8.12.0/Submit) id i4EGfHWd020302; Fri, 14 May 2004 10:41:17 -0600 (MDT) Date: Fri, 14 May 2004 10:41:17 -0600 (MDT) From: Theo de Raadt Message-Id: <200405141641.i4EGfHWd020302@cvs.openbsd.org> To: djm@mindrot.org, ietf-ssh@NetBSD.org, sommerfeld@east.sun.com Subject: Re: Elliptic-Curve Diffie-Hellman Key Exchange draft Cc: openssh@openssh.com Sender: ietf-ssh-owner@NetBSD.org Precedence: list In other words, the primary SSH development team is telling you Go ahead! Standardize anything that is patented that you feel you need to -- seeing as IETF is just a corporate slave nowadays -- and we will entirely ignore it. If it is not free, we will actively work against it. If some vendor decides to ship with a patented version, we might even find some way to punish them. So go ahead -- knock yourself out... >Bill Sommerfeld wrote: >> [wearing my WG chair hat.] >> Doug: >> >> There is an old story about how penguins decide it's safe to go >> swimming. A large crowd of them mill about near the edge of the ice, >> jostling each other until finally one of them falls in. The remaining >> ones then see if the first bird gets eaten by a shark -- if not, the >> rest jump in.. >> >> With ECC, we're in the milling-about stage. Sharks have been sighted, >> though not very recently. But the penguins are still nervous and >> really would prefer that someone else go first.... >> >> This WG has limited time and energy. For this to be adopted as a WG >> item I'll need to hear from a community of implementors interested in >> adopting it. >> >> When possible, this WG (like much of the IETF as a whole) has >> traditionally preferred functionaly equivalent unencumbered technology >> even when it has lower performance (see DSS vs RSA). >> >> The message I'm getting from WG members who have spoken up thus far is >> that the uncertainties regarding the ECC IPR situation make it >> uninteresting to them. > >OpenSSH has no desire to implement anything tainted by patents and we >strongly oppose any efforts to standardise encumbered methods in >IETF-published standards. > >That goes for "free to use with strings attached" patent licenses too, >such as the code that Sun contributed to OpenSSL. > >-d > From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Fri May 14 22:48:24 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id WAA14040 for ; Fri, 14 May 2004 22:48:23 -0400 (EDT) Received: (qmail 19534 invoked by uid 605); 15 May 2004 02:48:24 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 19527 invoked from network); 15 May 2004 02:48:23 -0000 Received: from brmea-mail-4.sun.com (192.18.98.36) by mail.netbsd.org with SMTP; 15 May 2004 02:48:23 -0000 Received: from eastmail1bur.East.Sun.COM ([129.148.9.49]) by brmea-mail-4.sun.com (8.12.10/8.12.9) with ESMTP id i4F2kvhO022585 for ; Fri, 14 May 2004 20:46:58 -0600 (MDT) Received: from thunk.east.sun.com (thunk.East.Sun.COM [129.148.174.66]) by eastmail1bur.East.Sun.COM (8.12.10+Sun/8.12.10/ENSMAIL,v2.2) with ESMTP id i4F2mMcc024008 for ; Fri, 14 May 2004 22:48:22 -0400 (EDT) Received: from thunk (localhost [127.0.0.1]) by thunk.east.sun.com (8.12.11+Sun/8.12.11) with ESMTP id i4F2mMT2016957 for ; Fri, 14 May 2004 22:48:22 -0400 (EDT) Message-Id: <200405150248.i4F2mMT2016957@thunk.east.sun.com> From: Bill Sommerfeld To: ietf-ssh@NetBSD.org Subject: Discussion of IPR policy. Reply-to: sommerfeld@east.sun.com Date: Fri, 14 May 2004 22:48:22 -0400 Sender: ietf-ssh-owner@NetBSD.org Precedence: list I was reminded that challenges to the IETF-wide IPR policy are out of scope / off topic for an individual IETF working group. Whether the open source community liked the result or not, the IPR wg spent a lot of time discussing this issue before reaching a strong consensus against changing the patent policy. (See RFC 3669 for background). Fortunately, the IETF has given considerable latitutude to individual WG's to decide whether or not to incorporate technology with IPR entanglements into the standards they produce; this WG has, in general, tried to avoid patent entanglements, and I don't see that changing any time soon. - Bill From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Tue May 18 17:16:51 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA19440 for ; Tue, 18 May 2004 17:16:50 -0400 (EDT) Received: (qmail 4541 invoked by uid 605); 18 May 2004 21:16:49 -0000 Delivered-To: ietf-ssh@netbsd.org Message-ID: <20040518211649.4540.qmail@mail.netbsd.org> Received: (qmail 4532 invoked from network); 18 May 2004 21:16:47 -0000 Received: from unknown (HELO public.qz.fj.cn) (218.66.204.241) by mail.netbsd.org with SMTP; 18 May 2004 21:16:47 -0000 From: "rachel" Subject: Re:leading apparel & bag manufacturer in China To: ietf-ssh@NetBSD.org Content-Type: text/plain;charset="US-ASCII" Content-Transfer-Encoding: 8bit Reply-To: rachel@public.qz.fj.cn Date: Wed, 19 May 2004 05:16:42 +0800 X-Priority: 2 X-Mailer: Foxmail 4.2 [cn] Sender: ietf-ssh-owner@NetBSD.org Precedence: list Content-Transfer-Encoding: 8bit Dear Manager, I have the pleasure to know your esteemed Corp. We are the leading and professional manufacturer of apparel & bag in Quanzhou, China. The following is some introductions about our company. Set up: 1988 Employees: 1600 persons Output: 5.1 million pcs/year Our products include: babywear,men and lady's underwear,children wear,T-shirts,knitwear,sportwear,baby bag, mammy(diaper) bag,backpack,travel bag,sport bag,duffel bag,saddlebag,trolley,suitcase,camera bag,shopping bag, school bag, computer case, luggage, workbag, promotional bag, etc. We have advanced equipments and technologies which were learned and imported from German and other advanced countries. We still have experienced management system, seasoned workmanship, complete service and strong economic capacity. Our goods have met a great favor in Europe, America, Japan and other counties because of their slap-up quality, beautiful design and gratifying price. With the philosophy "quality, service, integrity, and environmental consciousness", We would like to welcome customers all over the world to establish business relations with us. Welcome to visit our company or contact with us for more information. Yours sincerely Rachel Mob:0086-13960286700 ---------------------------------------------------------- SENWER GARMENTS CO., LTD. ADD.: Wancheng Ge 516, Citong Road, Quanzhou, China. Tel: 0086-595-2216499 Fax: 0086-595-2214455 P.C.:362000 ---------------------------------------------------------- From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Wed May 19 09:38:42 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id JAA10779 for ; Wed, 19 May 2004 09:38:42 -0400 (EDT) Received: (qmail 9510 invoked by uid 605); 19 May 2004 13:38:41 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 9503 invoked from network); 19 May 2004 13:38:40 -0000 Received: from mail2.trustcenter.de (193.194.157.2) by mail.netbsd.org with SMTP; 19 May 2004 13:38:40 -0000 Received: from hermes.trustcenter.de (hermes.trustcenter.de [192.168.202.5]) by mail2.trustcenter.de (8.12.11/8.12.11) with ESMTP id i4JDcUMt003960; Wed, 19 May 2004 15:38:30 +0200 (CEST) Received: from trustcenter.de (ew-nla.trustcenter.de [192.168.200.46]) by hermes.trustcenter.de (8.12.10/8.12.10/Debian-5) with ESMTP id i4JDcOcM027825; Wed, 19 May 2004 15:38:24 +0200 Message-ID: <40AB6413.90108@trustcenter.de> Date: Wed, 19 May 2004 15:41:39 +0200 From: Nils Larsch User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Damien Miller CC: ietf-ssh@NetBSD.org Subject: Re: Elliptic-Curve Diffie-Hellman Key Exchange draft References: <200405131349.i4DDnZ9k017049@thunk.east.sun.com> <40A3F3F0.1040302@mindrot.org> In-Reply-To: <40A3F3F0.1040302@mindrot.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.39 X-Scanned-By: MIMEDefang 2.42 Sender: ietf-ssh-owner@NetBSD.org Precedence: list Content-Transfer-Encoding: 7bit Hi Damien, Damien Miller wrote: ... > OpenSSH has no desire to implement anything tainted by patents and we Does this mean that you don't like/want ecc, because there are various patents in this area, although the basic cryptographic methods (in this case) could be implemented without using patented algs ? > strongly oppose any efforts to standardise encumbered methods in > IETF-published standards. > agree Cheers, Nils From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Wed May 19 17:53:08 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA21980 for ; Wed, 19 May 2004 17:53:07 -0400 (EDT) Received: (qmail 1316 invoked by uid 605); 19 May 2004 21:53:04 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 1282 invoked from network); 19 May 2004 21:53:03 -0000 Received: from sf.firstpr.com.au (69.59.149.144) by mail.netbsd.org with SMTP; 19 May 2004 21:53:03 -0000 Received: from shitei.mindrot.org (shitei.mindrot.org [203.217.30.81]) by sf.firstpr.com.au (Postfix) with ESMTP id 9658812AFE3; Wed, 19 May 2004 14:53:02 -0700 (PDT) Received: from mindrot.org (unknown [172.29.84.16]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by shitei.mindrot.org (Postfix) with ESMTP id A25D527C187; Thu, 20 May 2004 07:52:58 +1000 (EST) Message-ID: <40ABD731.9060706@mindrot.org> Date: Thu, 20 May 2004 07:52:49 +1000 From: Damien Miller User-Agent: Mozilla Thunderbird 0.5 (X11/20040312) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Nils Larsch Cc: ietf-ssh@NetBSD.org Subject: Re: Elliptic-Curve Diffie-Hellman Key Exchange draft References: <200405131349.i4DDnZ9k017049@thunk.east.sun.com> <40A3F3F0.1040302@mindrot.org> <40AB6413.90108@trustcenter.de> In-Reply-To: <40AB6413.90108@trustcenter.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: ietf-ssh-owner@NetBSD.org Precedence: list Content-Transfer-Encoding: 7bit Nils Larsch wrote: > Hi Damien, > > Damien Miller wrote: > ... > >>OpenSSH has no desire to implement anything tainted by patents and we > > Does this mean that you don't like/want ecc, because there are various > patents in this area, although the basic cryptographic methods (in this > case) could be implemented without using patented algs ? It means that we will avoid any area fraught with patents - the risk that we will inadvertently stumble into a patented method is too great. Especially given the fact that we do not have the time, resources or desire to perform and tediously intepret patent searches before we implement anything. Right now, ECC is one of these areas. -d PS. Please direct followups off-list, this isn't on-topic. From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Thu May 20 16:02:13 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id QAA17131 for ; Thu, 20 May 2004 16:02:12 -0400 (EDT) Received: (qmail 22832 invoked by uid 605); 20 May 2004 20:02:11 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 22717 invoked from network); 20 May 2004 20:02:09 -0000 Received: from odin.ietf.org (HELO ietf.org) (132.151.1.176) by mail.netbsd.org with SMTP; 20 May 2004 20:02:09 -0000 Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA17128; Thu, 20 May 2004 16:02:06 -0400 (EDT) Message-Id: <200405202002.QAA17128@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: i-d-announce@ietf.org Cc: ietf-ssh@NetBSD.org From: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-secsh-userauth-19.txt Date: Thu, 20 May 2004 16:02:06 -0400 Sender: ietf-ssh-owner@NetBSD.org Precedence: list --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Secure Shell Working Group of the IETF. Title : SSH Authentication Protocol Author(s) : T. Ylonen, C. Lonvick Filename : draft-ietf-secsh-userauth-19.txt Pages : 29 Date : 2004-5-20 SSH is a protocol for secure remote login and other secure network services over an insecure network. This document describes the SSH authentication protocol framework and public key, password, and host-based client authentication methods. Additional authentication methods are described in separate documents. The SSH authentication protocol runs on top of the SSH transport layer protocol and provides a single authenticated tunnel for the SSH connection protocol. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-secsh-userauth-19.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-secsh-userauth-19.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-secsh-userauth-19.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2004-5-20152738.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-secsh-userauth-19.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-secsh-userauth-19.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2004-5-20152738.I-D@ietf.org> --OtherAccess-- --NextPart-- From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Thu May 20 16:34:14 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id QAA19757 for ; Thu, 20 May 2004 16:34:14 -0400 (EDT) Received: (qmail 14133 invoked by uid 605); 20 May 2004 20:34:13 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 14126 invoked from network); 20 May 2004 20:34:12 -0000 Received: from brmea-mail-3.sun.com (192.18.98.34) by mail.netbsd.org with SMTP; 20 May 2004 20:34:12 -0000 Received: from eastmail1bur.East.Sun.COM ([129.148.9.49]) by brmea-mail-3.sun.com (8.12.10/8.12.9) with ESMTP id i4KKYBS6020006 for ; Thu, 20 May 2004 14:34:12 -0600 (MDT) Received: from thunk.east.sun.com (thunk.East.Sun.COM [129.148.174.66]) by eastmail1bur.East.Sun.COM (8.12.10+Sun/8.12.10/ENSMAIL,v2.2) with ESMTP id i4KKYBcc010036 for ; Thu, 20 May 2004 16:34:11 -0400 (EDT) Received: from thunk (localhost [127.0.0.1]) by thunk.east.sun.com (8.12.11+Sun/8.12.11) with ESMTP id i4KKYBDF005426 for ; Thu, 20 May 2004 16:34:11 -0400 (EDT) Message-Id: <200405202034.i4KKYBDF005426@thunk.east.sun.com> From: Bill Sommerfeld To: ietf-ssh@NetBSD.org Subject: New core drafts editor: Chris Lonvick Reply-to: sommerfeld@east.sun.com Date: Thu, 20 May 2004 16:34:11 -0400 Sender: ietf-ssh-owner@NetBSD.org Precedence: list Darren Moffat has been serving as core drafts document editor for the past N years. Times change, and his day job responsibilities have moved away from ssh. As a result, his workload in recent months has not allowed him to put time into editing. I'd like to express the appreciation of the Working Group for his efforts in getting the core documents this far in the process, and to let the Working Group know that Darren is stepping down from the role of document editor. I'm pleased to announce that Chris Lonvick has agreed to take over as the document editor for the Secure Shell core drafts. Last year, Chris stepped up to coordinate the revision of the Security Considerations section of the core drafts, so he was an obvious candidate. Thanks are owed to Chris for stepping up, and to Darren for his long service in getting these documents as far as they've gotten. Please pass along your own thanks to Darren and expect to hear from Chris on moving the core documents forward. - Bill From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Thu May 20 16:59:46 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id QAA22909 for ; Thu, 20 May 2004 16:59:46 -0400 (EDT) Received: (qmail 2337 invoked by uid 605); 20 May 2004 20:59:45 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 2328 invoked from network); 20 May 2004 20:59:45 -0000 Received: from emulex.emulex.com (138.239.112.1) by mail.netbsd.org with SMTP; 20 May 2004 20:59:45 -0000 Received: from xcm.ad.emulex.com (xcm.emulex.com [138.239.112.206]) by emulex.emulex.com (8.12.10/8.12.10) with ESMTP id i4KKx84G016477; Thu, 20 May 2004 13:59:08 -0700 (PDT) Received: by xcm.emulex.com with Internet Mail Service (5.5.2653.19) id ; Thu, 20 May 2004 13:59:08 -0700 Message-ID: <8D43EFD7CCBDB24980134BE078C227E70B092576@xcm.emulex.com> From: System Attendant To: "'i-d-announce@ietf.org'" , "'ietf-ssh@netbsd.org'" Subject: [MailServer Notification]To Recipient file blocking settings matc hed and action was taken. Date: Thu, 20 May 2004 13:59:00 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Sender: ietf-ssh-owner@NetBSD.org Precedence: list ScanMail for Microsoft Exchange took action on the message. The message details were: Sender = Internet-Drafts@ietf.org Recipient(s) = i-d-announce@ietf.org;ietf-ssh@netbsd.org Subject = I-D ACTION:draft-ietf-secsh-userauth-19.txt Scanning time = 05/20/2004 13:59:00 Engine/Pattern = 7.000-1004/1.893.00 Action taken on message: The attachment draft-ietf-secsh-userauth-19.url matched file blocking settings. ScanMail took the action: Deleted. XCM Warning to recipient: Attachment blocking action taken. From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Fri May 21 05:33:55 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id FAA18564 for ; Fri, 21 May 2004 05:33:55 -0400 (EDT) Received: (qmail 19090 invoked by uid 605); 21 May 2004 09:33:55 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 19074 invoked from network); 21 May 2004 09:33:54 -0000 Received: from sparkle.rodents.montreal.qc.ca (216.46.5.7) by mail.netbsd.org with SMTP; 21 May 2004 09:33:54 -0000 Received: (from mouse@localhost) by Sparkle.Rodents.Montreal.QC.CA (8.8.8/8.8.8) id FAA13036; Fri, 21 May 2004 05:33:53 -0400 (EDT) From: der Mouse Message-Id: <200405210933.FAA13036@Sparkle.Rodents.Montreal.QC.CA> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Erik-Conspiracy: There is no Conspiracy - and if there were I wouldn't be part of it anyway. Date: Fri, 21 May 2004 05:31:47 -0400 (EDT) To: Internet-Drafts@ietf.org, ietf-ssh@NetBSD.org Subject: Re: I-D ACTION:draft-ietf-secsh-userauth-19.txt In-Reply-To: <200405202002.QAA17128@ietf.org> References: <200405202002.QAA17128@ietf.org> Sender: ietf-ssh-owner@NetBSD.org Precedence: list Content-Transfer-Encoding: 8bit > Filename : draft-ietf-secsh-userauth-19.txt > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-ietf-secsh-userauth-19.txt Is it just me, or has this accidentally had a copy of draft-ietf-secsh-transport-18.txt appended to it? /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML mouse@rodents.montreal.qc.ca / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Fri May 21 09:44:19 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id JAA01210 for ; Fri, 21 May 2004 09:44:18 -0400 (EDT) Received: (qmail 22555 invoked by uid 605); 21 May 2004 13:44:18 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 22548 invoked from network); 21 May 2004 13:44:16 -0000 Received: from sj-iport-1-in.cisco.com (HELO sj-iport-1.cisco.com) (171.71.176.70) by mail.netbsd.org with SMTP; 21 May 2004 13:44:16 -0000 Received: from edison.cisco.com (edison.cisco.com [171.71.180.109]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id i4LDiEDe014102 for ; Fri, 21 May 2004 06:44:15 -0700 (PDT) Received: from localhost (clonvick@localhost) by edison.cisco.com (8.8.6 (PHNE_14041)/CISCO.SERVER.1.2) with ESMTP id GAA23946 for ; Fri, 21 May 2004 06:44:14 -0700 (PDT) Date: Fri, 21 May 2004 06:44:14 -0700 (PDT) From: Chris Lonvick To: ietf-ssh@NetBSD.org Subject: New IDs In-Reply-To: <200405210933.FAA13036@Sparkle.Rodents.Montreal.QC.CA> Message-ID: References: <200405202002.QAA17128@ietf.org> <200405210933.FAA13036@Sparkle.Rodents.Montreal.QC.CA> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: ietf-ssh-owner@NetBSD.org Precedence: list Hi Folks, First, I'd also like to thank Darren for getting these IDs to this state. I think that we're close to finishing them so please work with me to get these things finalized. The most current set of IDs (in the ID repository) are almost identical to the prior set submitted by Darren. In those IDs, Darren cleared up many of the IESG comments. When Darren turned things over to me, he gave me copies of the previous IDs as well. Just to make sure that we've addressed most of the IESG comments, I've used htmlwdiff to show the differences between older and current drafts. For example, in the ARCH ID, the comments were addressed between 14 and 15. I made minor changes to 15 and submitted it as 16. Therefore, the changes to address the IESG comments (made by Darren) will be shown in the differences between 14 and 16. In each of these "diffs" documents, I've also inserted "Issues" which are the IESG comments and what I believe to be pointers to the resolutions to them. For example, in ARCH, I've inserted (in blue) ISSUE 20: IESG - Architecture - Authors with the specific comment from the IESG. The markup (red strikeout, green insertion) should show the resolution. I would like the WG to review these and send me notes to indicate that the "Issue" I identified have indeed been resolved. If one of these "Issues" has not been resolved, I'll add it to the Issue Tracker and we'll work on it in later drafts. The prior, current and diff documents are here: http://www.employees.org/~lonvick/ssh/ The most recently created documents are: http://www.employees.org/~lonvick/ssh/draft-ietf-secsh-architecture-16.txt http://www.employees.org/~lonvick/ssh/draft-ietf-secsh-assignednumbers-06.txt http://www.employees.org/~lonvick/ssh/draft-ietf-secsh-connect-19.txt http://www.employees.org/~lonvick/ssh/draft-ietf-secsh-transport-18.txt http://www.employees.org/~lonvick/ssh/draft-ietf-secsh-userauth-19.txt These are similar to what are in the ID repository with some slight differences (date, some authorship stuff, etc.) but the content is the same. The prior set of documents are here. These did not have any resolutions to IESG comments. http://www.employees.org/~lonvick/ssh/draft-ietf-secsh-architecture-14.txt http://www.employees.org/~lonvick/ssh/draft-ietf-secsh-assignednumbers-04.txt http://www.employees.org/~lonvick/ssh/draft-ietf-secsh-connect-17.txt http://www.employees.org/~lonvick/ssh/draft-ietf-secsh-transport-16.txt http://www.employees.org/~lonvick/ssh/draft-ietf-secsh-userauth-17.txt The "diffs" are here: http://www.employees.org/~lonvick/ssh/architecture-14-16.html http://www.employees.org/~lonvick/ssh/assignednumbers-04-06.html http://www.employees.org/~lonvick/ssh/connect-17-19.html http://www.employees.org/~lonvick/ssh/transport-16-18.html http://www.employees.org/~lonvick/ssh/userauth-17-19.html Please look them over and send a note back either saying - Chris, "ISSUE 20: IESG - Architecture - Authors" appears to be resolved. or - Chris, "ISSUE 19: IESG - Transport - ShouldMust" doesn't appear to be resolved. If I get comments that they're resolved then they won't be entered into the Issue Tracking system. One note, the pages and sections referenced by the IESG comments will be using the red (struck) page and section numbers, not the new, green ones. Thanks, Chris From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Sun May 23 01:58:49 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id BAA16922 for ; Sun, 23 May 2004 01:58:48 -0400 (EDT) Received: (qmail 28882 invoked by uid 605); 23 May 2004 05:58:46 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 28871 invoked from network); 23 May 2004 05:58:46 -0000 Received: from sf.firstpr.com.au (69.59.149.144) by mail.netbsd.org with SMTP; 23 May 2004 05:58:46 -0000 Received: from shitei.mindrot.org (shitei.mindrot.org [203.217.30.81]) by sf.firstpr.com.au (Postfix) with ESMTP id 1D47E12AD5A; Sat, 22 May 2004 22:58:45 -0700 (PDT) Received: from mindrot.org (unknown [172.29.84.16]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by shitei.mindrot.org (Postfix) with ESMTP id 48CD827C187; Sun, 23 May 2004 15:58:33 +1000 (EST) Message-ID: <40B03D72.5080508@mindrot.org> Date: Sun, 23 May 2004 15:58:10 +1000 From: Damien Miller User-Agent: Mozilla Thunderbird 0.5 (X11/20040312) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Chris Lonvick Cc: ietf-ssh@NetBSD.org Subject: Re: New IDs References: <200405202002.QAA17128@ietf.org> <200405210933.FAA13036@Sparkle.Rodents.Montreal.QC.CA> In-Reply-To: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: ietf-ssh-owner@NetBSD.org Precedence: list Content-Transfer-Encoding: 7bit Chris Lonvick wrote: > http://www.employees.org/~lonvick/ssh/transport-16-18.html Section 7.1 is seriously broken by these changes. The new text reads: > The "diffie-hellman-group1-sha1" method specifies Diffie-Hellman key > exchange with SHA-1 as HASH, and Oakley group 14 [RFC3526] (2048-bit > MODP Group). It is included below in hexadecimal and decimal. "diffie-hellman-group1-sha1" isn't rfc3526 group 14, it is rfc2904 group 2. This group represented by this name can't change without breaking compatibility with every SSH2 implementation that uses it. Worse, the changed wording doesn't even agree with the numeric group immediately below it, which remains rfc2904/group2. The right way to change would be to recommend the use of DH-GEX or adopt Peter Gutmann's "diffie-hellman-groupN-sha1" proposal to make a "diffie-hellman-group14-sha1" (though I'd prefer a shorter name, while we are making changes). To retain interoperability with the current installed base, support for the current group would have to stay a MUST regardless. -d From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Mon May 24 12:49:33 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id MAA18780 for ; Mon, 24 May 2004 12:49:32 -0400 (EDT) Received: (qmail 14131 invoked by uid 605); 24 May 2004 16:49:33 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 14123 invoked from network); 24 May 2004 16:49:32 -0000 Received: from minbar.fac.cs.cmu.edu (128.2.185.161) by mail.netbsd.org with SMTP; 24 May 2004 16:49:32 -0000 Received: from minbar.fac.cs.cmu.edu ([127.0.0.1]) by minbar.fac.cs.cmu.edu id aa19907; 24 May 2004 12:49 EDT Date: Mon, 24 May 2004 12:49:09 -0400 From: Jeffrey Hutzelman To: Damien Miller , Chris Lonvick cc: ietf-ssh@NetBSD.org Subject: Re: New IDs Message-ID: <17320000.1085417349@minbar.fac.cs.cmu.edu> In-Reply-To: <40B03D72.5080508@mindrot.org> References: <200405202002.QAA17128@ietf.org> <200405210933.FAA13036@Sparkle.Rodents.Montreal.QC.CA> <40B03D72.5080508@mindrot.org> X-Mailer: Mulberry/3.0.3 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: ietf-ssh-owner@NetBSD.org Precedence: list Content-Transfer-Encoding: 7bit On Sunday, May 23, 2004 15:58:10 +1000 Damien Miller wrote: > Chris Lonvick wrote: >> http://www.employees.org/~lonvick/ssh/transport-16-18.html > > Section 7.1 is seriously broken by these changes. The new text reads: > >> The "diffie-hellman-group1-sha1" method specifies Diffie-Hellman key >> exchange with SHA-1 as HASH, and Oakley group 14 [RFC3526] (2048-bit >> MODP Group). It is included below in hexadecimal and decimal. > > "diffie-hellman-group1-sha1" isn't rfc3526 group 14, it is rfc2904 > group 2. RFC2904 is "AAA Authorization Framework"; it does not define any groups. It took me a while to figure out what the typo was; the correct reference is to RFC2409 section 6.2. > This group represented by this name can't change without > breaking compatibility with every SSH2 implementation that uses it. Agreed. > Worse, the changed wording doesn't even agree with the numeric group > immediately below it, which remains rfc2904/group2. Agreed. The wording should be fixed: - Oakley group 14 [RFC3526] (2048-bit MODP Group). + Oakley group 2 [RFC2409] (section 6.2). Additionally, IMHO the group should _not_ be copied in the document. Verify that the value in RFC2409 is correct, and incorporate it by reference. This precludes any possibility of confusion arising as a result of an incorrect value appearing in our document. > The right way to change would be to recommend the use of DH-GEX or > adopt Peter Gutmann's "diffie-hellman-groupN-sha1" proposal to make > a "diffie-hellman-group14-sha1" (though I'd prefer a shorter name, > while we are making changes). I was under the impression that we had already been over this issue, and that we were going to recommend implementation of DH-GEX, and that that satisfied the IESG's concern. > To retain interoperability with the current installed base, support > for the current group would have to stay a MUST regardless. I agree. I would not object to also making DH-GEX a MUST. -- Jeffrey T. Hutzelman (N3NHS) Sr. Research Systems Programmer School of Computer Science - Research Computing Facility Carnegie Mellon University - Pittsburgh, PA From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Mon May 24 17:05:14 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA00087 for ; Mon, 24 May 2004 17:05:14 -0400 (EDT) Received: (qmail 8432 invoked by uid 605); 24 May 2004 21:05:14 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 8425 invoked from network); 24 May 2004 21:05:13 -0000 Received: from ams-iport-1.cisco.com (144.254.224.140) by mail.netbsd.org with SMTP; 24 May 2004 21:05:13 -0000 Received: from ams-core-1.cisco.com (144.254.224.150) by ams-iport-1.cisco.com with ESMTP; 24 May 2004 23:11:13 +0200 X-BrightmailFiltered: true Received: from cisco.com (edinburgh.cisco.com [144.254.112.76]) by ams-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id i4OL591P016260 for ; Mon, 24 May 2004 23:05:10 +0200 (MEST) Received: (from dfawcus@localhost) by cisco.com (8.8.8/2.6/Cisco List Logging/8.8.8) id WAA06735 for ietf-ssh@NetBSD.org; Mon, 24 May 2004 22:05:09 +0100 (BST) Date: Mon, 24 May 2004 22:05:09 +0100 From: Derek Fawcus To: ietf-ssh@NetBSD.org Subject: Re: New IDs Message-ID: <20040524220508.B25490@edinburgh.cisco.com> References: <200405202002.QAA17128@ietf.org> <200405210933.FAA13036@Sparkle.Rodents.Montreal.QC.CA> <40B03D72.5080508@mindrot.org> <17320000.1085417349@minbar.fac.cs.cmu.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <17320000.1085417349@minbar.fac.cs.cmu.edu>; from jhutz@cmu.edu on Mon, May 24, 2004 at 12:49:09PM -0400 Sender: ietf-ssh-owner@NetBSD.org Precedence: list On Mon, May 24, 2004 at 12:49:09PM -0400, Jeffrey Hutzelman wrote: > > > To retain interoperability with the current installed base, support > > for the current group would have to stay a MUST regardless. > > I agree. I would not object to also making DH-GEX a MUST. Well I would - sort of. I've no problem with diffie-hellman-group-exchange-sha1 being a MUST (i.e. REQUIRED), but it seems silly to have both as MUST. I'd say if DH-GEX is made a MUST, then diffie-hellman-group1-sha1 should be reduced to a SHOULD (i.e. RECOMMENDED). DF From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Mon May 24 17:38:04 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA05335 for ; Mon, 24 May 2004 17:38:03 -0400 (EDT) Received: (qmail 27090 invoked by uid 605); 24 May 2004 21:38:04 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 27078 invoked from network); 24 May 2004 21:38:03 -0000 Received: from mail.lysator.liu.se (130.236.254.3) by mail.netbsd.org with SMTP; 24 May 2004 21:38:03 -0000 Received: by mail.lysator.liu.se (Postfix, from userid 1646) id 14C9E1B3A5; Mon, 24 May 2004 23:38:02 +0200 (MEST) Received: from sellafield.lysator.liu.se (sellafield.lysator.liu.se [130.236.254.103]) by mail.lysator.liu.se (Postfix) with ESMTP id 46AC31B3AD; Mon, 24 May 2004 23:37:58 +0200 (MEST) Received: from sellafield.lysator.liu.se (localhost [127.0.0.1]) by sellafield.lysator.liu.se (8.12.10/8.8.7) with ESMTP id i4OLbvGU019374; Mon, 24 May 2004 23:37:57 +0200 (MEST) Received: (from nisse@localhost) by sellafield.lysator.liu.se (8.12.10/8.12.8/Submit) id i4OLbt7v019361; Mon, 24 May 2004 23:37:56 +0200 (MEST) X-Authentication-Warning: sellafield.lysator.liu.se: nisse set sender to nisse@lysator.liu.se using -f To: Jeffrey Hutzelman Cc: Damien Miller , Chris Lonvick , ietf-ssh@NetBSD.org Subject: Re: New IDs References: <200405202002.QAA17128@ietf.org> <200405210933.FAA13036@Sparkle.Rodents.Montreal.QC.CA> <40B03D72.5080508@mindrot.org> <17320000.1085417349@minbar.fac.cs.cmu.edu> Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 8bit From: nisse@lysator.liu.se (=?iso-8859-1?q?Niels_M=F6ller?=) Date: 24 May 2004 23:37:55 +0200 In-Reply-To: <17320000.1085417349@minbar.fac.cs.cmu.edu> Message-ID: Lines: 24 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 X-Spam-Checker-Version: SpamAssassin 2.63-lysator_fetto_1.2 (2004-01-11) on fetto.lysator.liu.se X-Spam-Status: No, hits=0.1 required=5.0 tests=AWL autolearn=no version=2.63-lysator_fetto_1.2 Sender: ietf-ssh-owner@NetBSD.org Precedence: list Content-Transfer-Encoding: 8bit Jeffrey Hutzelman writes: > > The right way to change would be to recommend the use of DH-GEX or > > adopt Peter Gutmann's "diffie-hellman-groupN-sha1" proposal to make > > a "diffie-hellman-group14-sha1" (though I'd prefer a shorter name, > > while we are making changes). > > I was under the impression that we had already been over this issue, > and that we were going to recommend implementation of DH-GEX, and that > that satisfied the IESG's concern. I think it would make a lot of sense to add one or two larger fixed groups, besides DH-GEX. Main argument is that it's simpler (=> less opportunity for implementation bugs, which is important for any security protocol) than DH-GEX. The choice between a large fix group and DH-GEX depends on what you think is most dangerous: Expensive discrete log table attacks on a fix group, or additional protocol complexity. (This is the same position as I had last time this was discussed. I don't remember if there were ever was a consencus). Regards, /Niels From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Mon May 24 18:08:58 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA11566 for ; Mon, 24 May 2004 18:08:58 -0400 (EDT) Received: (qmail 14357 invoked by uid 605); 24 May 2004 22:08:58 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 14350 invoked from network); 24 May 2004 22:08:57 -0000 Received: from mail-in-01.arcor-online.net (151.189.21.41) by mail.netbsd.org with SMTP; 24 May 2004 22:08:57 -0000 Received: from localhost.arcor.net (dsl-082-082-051-045.arcor-ip.net [82.82.51.45]) by mail-in-01.arcor-online.net (Postfix) with ESMTP id 38738BFDE03; Tue, 25 May 2004 00:08:56 +0200 (CEST) Received: by localhost.arcor.net (Postfix, from userid 31451) id 35F02F196; Tue, 25 May 2004 00:07:17 +0200 (CEST) Date: Tue, 25 May 2004 00:07:16 +0200 From: Markus Friedl To: Derek Fawcus Cc: ietf-ssh@NetBSD.org Subject: Re: New IDs Message-ID: <20040524220716.GA11111@folly> References: <200405202002.QAA17128@ietf.org> <200405210933.FAA13036@Sparkle.Rodents.Montreal.QC.CA> <40B03D72.5080508@mindrot.org> <17320000.1085417349@minbar.fac.cs.cmu.edu> <20040524220508.B25490@edinburgh.cisco.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040524220508.B25490@edinburgh.cisco.com> User-Agent: Mutt/1.4.2i Sender: ietf-ssh-owner@NetBSD.org Precedence: list On Mon, May 24, 2004 at 10:05:09PM +0100, Derek Fawcus wrote: > On Mon, May 24, 2004 at 12:49:09PM -0400, Jeffrey Hutzelman wrote: > > > > > To retain interoperability with the current installed base, support > > > for the current group would have to stay a MUST regardless. > > > > I agree. I would not object to also making DH-GEX a MUST. > > Well I would - sort of. > > I've no problem with diffie-hellman-group-exchange-sha1 being a MUST > (i.e. REQUIRED), but it seems silly to have both as MUST. > > I'd say if DH-GEX is made a MUST, then diffie-hellman-group1-sha1 should > be reduced to a SHOULD (i.e. RECOMMENDED). I'd say that changing things now makes not sense at all. It's been a while since last call, but it seems nobody cares. From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Tue May 25 02:37:25 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id CAA18102 for ; Tue, 25 May 2004 02:37:24 -0400 (EDT) Received: (qmail 9836 invoked by uid 605); 25 May 2004 06:37:23 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 9813 invoked from network); 25 May 2004 06:37:21 -0000 Received: from dsl-61-95-66-138.request.com.au (HELO mail.mel.netstarnetworks.com) (61.95.66.138) by mail.netbsd.org with SMTP; 25 May 2004 06:37:21 -0000 Received: from mindrot.org (112.195.20.10.dhcp.netstarnetworks.com [10.20.195.112] (may be forged)) by mail.mel.netstarnetworks.com (8.11.6/8.11.6) with ESMTP id i4P6bYJ32557; Tue, 25 May 2004 16:37:35 +1000 Message-ID: <40B375EB.7060304@mindrot.org> Date: Wed, 26 May 2004 02:35:55 +1000 From: Damien Miller User-Agent: Mozilla Thunderbird 0.5 (X11/20040312) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jeffrey Hutzelman CC: Chris Lonvick , ietf-ssh@NetBSD.org Subject: Re: New IDs References: <200405202002.QAA17128@ietf.org> <200405210933.FAA13036@Sparkle.Rodents.Montreal.QC.CA> <40B03D72.5080508@mindrot.org> <17320000.1085417349@minbar.fac.cs.cmu.edu> In-Reply-To: <17320000.1085417349@minbar.fac.cs.cmu.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: ietf-ssh-owner@NetBSD.org Precedence: list Content-Transfer-Encoding: 7bit Jeffrey Hutzelman wrote: > > On Sunday, May 23, 2004 15:58:10 +1000 Damien Miller > wrote: >>"diffie-hellman-group1-sha1" isn't rfc3526 group 14, it is rfc2904 >>group 2. > > > RFC2904 is "AAA Authorization Framework"; it does not define any groups. > It took me a while to figure out what the typo was; the correct reference > is to RFC2409 section 6.2. Sorry, my bad. Apologies. >>The right way to change would be to recommend the use of DH-GEX or >>adopt Peter Gutmann's "diffie-hellman-groupN-sha1" proposal to make >>a "diffie-hellman-group14-sha1" (though I'd prefer a shorter name, >>while we are making changes). > > I was under the impression that we had already been over this issue, and > that we were going to recommend implementation of DH-GEX, and that that > satisfied the IESG's concern. Yes, I thought that all of these outstanding issues (DH-GEX, X.509 key formats, etc.) were to be addressed by issuing separate drafts and that we had arrived at a rough consensus to not delay the current drafts any more. -d From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Tue May 25 14:46:26 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id OAA07704 for ; Tue, 25 May 2004 14:46:26 -0400 (EDT) Received: (qmail 23885 invoked by uid 605); 25 May 2004 18:46:24 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 23870 invoked from network); 25 May 2004 18:46:23 -0000 Received: from sj-iport-3-in.cisco.com (HELO sj-iport-3.cisco.com) (171.71.176.72) by mail.netbsd.org with SMTP; 25 May 2004 18:46:23 -0000 Received: from sj-core-5.cisco.com (171.71.177.238) by sj-iport-3.cisco.com with ESMTP; 25 May 2004 10:55:03 +0000 Received: from edison.cisco.com (edison.cisco.com [171.71.180.109]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id i4PIkLls017747 for ; Tue, 25 May 2004 11:46:22 -0700 (PDT) Received: from localhost (clonvick@localhost) by edison.cisco.com (8.8.6 (PHNE_14041)/CISCO.SERVER.1.2) with ESMTP id LAA24852 for ; Tue, 25 May 2004 11:46:21 -0700 (PDT) Date: Tue, 25 May 2004 11:46:21 -0700 (PDT) From: Chris Lonvick To: ietf-ssh@NetBSD.org Subject: Newer IDs In-Reply-To: Message-ID: References: <200405202002.QAA17128@ietf.org> <200405210933.FAA13036@Sparkle.Rodents.Montreal.QC.CA> <40B03D72.5080508@mindrot.org> <17320000.1085417349@minbar.fac.cs.cmu.edu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: ietf-ssh-owner@NetBSD.org Precedence: list Hi Folks, I've just sent updated IDs to the ID Editor. I evidently made a faux pas by submitting all of the IDs bundled in a single email rather than individually. She asked me to resubmit them individually to straighten out the problem of having transport appended to userauth. (My apologies to the ID Editor for that.) I had been editing them to get the references worked out (xml2rfc likes things _just_ so) and correcting some spelling and grammar so I just updated everything. There are no substantiative changes between this set and the last. I appreciate the ongoing discussions and I'll incorporate the group consensus into the next set of revisions. Unfortunately the server I had been using to display the diffs between versions is unexpectedly going away. I'm looking around for a new home now so please bear with me and I'll start posting diffs again. (Anyone care to volunteer some space? :-) Thanks, Chris From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Tue May 25 18:46:04 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA02655 for ; Tue, 25 May 2004 18:46:04 -0400 (EDT) Received: (qmail 21583 invoked by uid 605); 25 May 2004 22:46:02 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 21567 invoked from network); 25 May 2004 22:45:58 -0000 Received: from pcp01850944pcs.lncstr01.pa.comcast.net (68.83.117.213) by mail.netbsd.org with SMTP; 25 May 2004 22:45:58 -0000 Received: from ezagenda.com (ezagenda-com.mr.outblaze.com [205.158.62.181]) by pcp01850944pcs.lncstr01.pa.comcast.net (Postfix) with ESMTP id E86D0F215B for ; Tue, 25 May 2004 22:48:25 +0400 Message-ID: <111101c44288$9c462ac0$883e64cf@ezagenda.com> From: "Anyhow T. Tub" To: Ietf Subject: Have a nice day! ...//who now look upon the doctrine of the power of Christ's Date: Tue, 25 May 2004 22:48:25 +0400 MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000 X-AntiVirus: checked by AntiVir MailGate (version: 2.0.1.5; AVE: 6.17.0.2; VDF: 6.17.0.5; host: pcp01850944pcs.lncstr01.pa.comcast.net) Sender: ietf-ssh-owner@NetBSD.org Precedence: list Content-Transfer-Encoding: 7bit Keep your money! http://keepyourmoney.da.ru/?rtHt2k1a --- this may not make us desert our blessed master's cause, every From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Tue May 25 23:07:45 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id XAA17822 for ; Tue, 25 May 2004 23:07:45 -0400 (EDT) Received: (qmail 16698 invoked by uid 605); 26 May 2004 03:07:44 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 16690 invoked from network); 26 May 2004 03:07:44 -0000 Received: from sj-iport-5.cisco.com (171.68.10.87) by mail.netbsd.org with SMTP; 26 May 2004 03:07:44 -0000 Received: from sj-core-5.cisco.com (171.71.177.238) by sj-iport-5.cisco.com with ESMTP; 25 May 2004 20:07:43 -0700 Received: from edison.cisco.com (edison.cisco.com [171.71.180.109]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id i4Q37gls008310 for ; Tue, 25 May 2004 20:07:42 -0700 (PDT) Received: from localhost (clonvick@localhost) by edison.cisco.com (8.8.6 (PHNE_14041)/CISCO.SERVER.1.2) with ESMTP id UAA28229 for ; Tue, 25 May 2004 20:07:42 -0700 (PDT) Date: Tue, 25 May 2004 20:07:42 -0700 (PDT) From: Chris Lonvick To: ietf-ssh@NetBSD.org Subject: FIPS 186 or 186-1 In-Reply-To: Message-ID: References: <200405202002.QAA17128@ietf.org> <200405210933.FAA13036@Sparkle.Rodents.Montreal.QC.CA> <40B03D72.5080508@mindrot.org> <17320000.1085417349@minbar.fac.cs.cmu.edu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: ietf-ssh-owner@NetBSD.org Precedence: list Hi, I'm still doing some reference cleanup and found that both Arch and Transport reference FIPS 186 (1994). Should those both reference FIPS 186-1 (1998) instead? Thanks, Chris From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Wed May 26 10:56:06 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id KAA22706 for ; Wed, 26 May 2004 10:56:05 -0400 (EDT) Received: (qmail 6000 invoked by uid 605); 26 May 2004 14:56:04 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 5987 invoked from network); 26 May 2004 14:56:03 -0000 Received: from nwkea-mail-1.sun.com (192.18.42.13) by mail.netbsd.org with SMTP; 26 May 2004 14:56:03 -0000 Received: from eastmail1bur.East.Sun.COM ([129.148.9.49]) by nwkea-mail-1.sun.com (8.12.10/8.12.9) with ESMTP id i4QEtuoE027571; Wed, 26 May 2004 07:55:57 -0700 (PDT) Received: from thunk.east.sun.com (thunk.East.Sun.COM [129.148.174.66]) by eastmail1bur.East.Sun.COM (8.12.10+Sun/8.12.10/ENSMAIL,v2.2) with ESMTP id i4QEtucc028469; Wed, 26 May 2004 10:55:56 -0400 (EDT) Received: from thunk (localhost [127.0.0.1]) by thunk.east.sun.com (8.12.11+Sun/8.12.11) with ESMTP id i4QEtuIm015612; Wed, 26 May 2004 10:55:56 -0400 (EDT) Message-Id: <200405261455.i4QEtuIm015612@thunk.east.sun.com> From: Bill Sommerfeld To: Chris Lonvick cc: ietf-ssh@NetBSD.org Subject: Re: FIPS 186 or 186-1 In-Reply-To: Your message of "Tue, 25 May 2004 20:07:42 PDT." Reply-to: sommerfeld@east.sun.com Date: Wed, 26 May 2004 10:55:56 -0400 Sender: ietf-ssh-owner@NetBSD.org Precedence: list [FIPS 186-X is the federal digital signature standard.] As best as I can tell from some quick googling, it looks like: FIPS 186 specified DSA. FIPS 186-1 added RSA as an additional approved algorithm. FIPS 186-2 added ECC as an additional approved algorithm. And if that wasn't enough, there's now a "FIPS 186-2 with Change Notice 1 dated October 5, 2001" Note that the ssh documents and protocol use "dss" to refer to "dsa", which was unambiguous until 186-1 came out.. I have not found any mention of changes to DSA in -1 or -2, but "186-2 + Change Notice 1" mentions some adjustments to recommended DSA key lengths and random number generation techniques. Highlights: Section 4 of FIPS 186-2 specifies that the prime modulus p of DSA is defined for the range of prime integers 2^(L-1) < p < 2^L , where 512 < L < 1024 and L is a multiple of 64. This change notice specifies that L should assume only the value 1024 for DSA as specified in FIPS 186-2, i.e., the prime modulus p should be defined in the range 2^1023 < p < 2^1024 . (cut & pasted from PDF page 73 / document page 71 with correction of formulas) and: Recently, an unpublished attack on DSA3 was found that relies on the non-uniformity of the pseudorandom number generators (PRNGs) specified in Appendix 3 of the standard. The attack has a workfactor of 2^64 and requires 2^22 known signatures. This attack can be defended against by either limiting the number of signatures created using a specific key pair to no more than 2 million signatures while using the PRNGs specified in FIPS 186-2, or by modifying the PRNGs. references: http://csrc.nist.gov/cryptval/dss.htm http://csrc.nist.gov/cryptval/dss/fr000215.html - Bill From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Wed May 26 15:57:45 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id PAA10533 for ; Wed, 26 May 2004 15:57:45 -0400 (EDT) Received: (qmail 18902 invoked by uid 605); 26 May 2004 19:57:44 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 18892 invoked from network); 26 May 2004 19:57:42 -0000 Received: from odin.ietf.org (HELO ietf.org) (132.151.1.176) by mail.netbsd.org with SMTP; 26 May 2004 19:57:42 -0000 Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA10527; Wed, 26 May 2004 15:57:27 -0400 (EDT) Message-Id: <200405261957.PAA10527@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: i-d-announce@ietf.org Cc: ietf-ssh@NetBSD.org From: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-secsh-userauth-20.txt Date: Wed, 26 May 2004 15:57:27 -0400 Sender: ietf-ssh-owner@NetBSD.org Precedence: list --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Secure Shell Working Group of the IETF. Title : SSH Authentication Protocol Author(s) : T. Ylonen, C. Lonvick Filename : draft-ietf-secsh-userauth-20.txt Pages : 16 Date : 2004-5-26 SSH is a protocol for secure remote login and other secure network services over an insecure network. This document describes the SSH authentication protocol framework and public key, password, and host-based client authentication methods. Additional authentication methods are described in separate documents. The SSH authentication protocol runs on top of the SSH transport layer protocol and provides a single authenticated tunnel for the SSH connection protocol. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-secsh-userauth-20.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-secsh-userauth-20.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-secsh-userauth-20.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2004-5-26162134.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-secsh-userauth-20.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-secsh-userauth-20.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2004-5-26162134.I-D@ietf.org> --OtherAccess-- --NextPart-- From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Wed May 26 16:13:53 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id QAA11763 for ; Wed, 26 May 2004 16:13:53 -0400 (EDT) Received: (qmail 2583 invoked by uid 605); 26 May 2004 20:13:52 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 2514 invoked from network); 26 May 2004 20:13:51 -0000 Received: from sparkle.rodents.montreal.qc.ca (216.46.5.7) by mail.netbsd.org with SMTP; 26 May 2004 20:13:51 -0000 Received: (from mouse@localhost) by Sparkle.Rodents.Montreal.QC.CA (8.8.8/8.8.8) id QAA17060; Wed, 26 May 2004 16:13:49 -0400 (EDT) From: der Mouse Message-Id: <200405262013.QAA17060@Sparkle.Rodents.Montreal.QC.CA> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Erik-Conspiracy: There is no Conspiracy - and if there were I wouldn't be part of it anyway. Date: Wed, 26 May 2004 16:05:45 -0400 (EDT) To: ietf-ssh@NetBSD.org Subject: Re: I-D ACTION:draft-ietf-secsh-userauth-20.txt In-Reply-To: <200405261957.PAA10527@ietf.org> References: <200405261957.PAA10527@ietf.org> Sender: ietf-ssh-owner@NetBSD.org Precedence: list Content-Transfer-Encoding: 8bit > A New Internet-Draft is available [...] > Filename : draft-ietf-secsh-userauth-20.txt There are some very bad line breaks - it looks to me as though an automated tool hiccuped and nobody caught it in time. Obviously, they're not worth reissuing immediately to fix, but I'd say they probably should be fixed next time around. I diffed userauth-20 against userauth-18; here are the relevant fragments cut-and-pasted from the diff: ======== All authentication requests MUST use the following message format. Only the first few fields are defined; the remaining fields depend on the authentication method. byte SSH_MSG_USERAUTH_REQUEST - string user name (in ISO-10646 UTF-8 encoding [RFC2279]) + string user name (in ISO-10646 UTF-8 encoding + [RFC2279] + ) string service name (in US-ASCII) string method name (US-ASCII) The rest of the packet is method-specific. ======== byte SSH_MSG_USERAUTH_BANNER string message (ISO-10646 UTF-8) - string language tag (as defined in [RFC3066]) + string language tag (as defined in + [RFC3066] + ) The client SHOULD by default display the message on the screen. However, since the message is likely to be sent for every login ======== byte SSH_MSG_USERAUTH_PASSWD_CHANGEREQ string prompt (ISO-10646 UTF-8) - string language tag (as defined in [RFC3066]) + + + +Ylonen & Lonvick Expires November 23, 2004 [Page 10] +^L +Internet-Draft SSH Authentication Protocol May 2004 + + + string language tag (as defined in + [RFC3066] + ) ======== /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML mouse@rodents.montreal.qc.ca / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Wed May 26 19:42:38 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id TAA29086 for ; Wed, 26 May 2004 19:42:37 -0400 (EDT) Received: (qmail 9925 invoked by uid 605); 26 May 2004 23:42:35 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 9918 invoked from network); 26 May 2004 23:42:34 -0000 Received: from sj-iport-2-in.cisco.com (HELO sj-iport-2.cisco.com) (171.71.176.71) by mail.netbsd.org with SMTP; 26 May 2004 23:42:34 -0000 Received: from sj-core-5.cisco.com (171.71.177.238) by sj-iport-2.cisco.com with ESMTP; 26 May 2004 16:41:11 -0700 Received: from edison.cisco.com (edison.cisco.com [171.71.180.109]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id i4QNgWls016360 for ; Wed, 26 May 2004 16:42:33 -0700 (PDT) Received: from localhost (clonvick@localhost) by edison.cisco.com (8.8.6 (PHNE_14041)/CISCO.SERVER.1.2) with ESMTP id QAA27082 for ; Wed, 26 May 2004 16:42:32 -0700 (PDT) Date: Wed, 26 May 2004 16:42:32 -0700 (PDT) From: Chris Lonvick To: ietf-ssh@NetBSD.org Subject: Re: I-D ACTION:draft-ietf-secsh-userauth-20.txt In-Reply-To: <200405262013.QAA17060@Sparkle.Rodents.Montreal.QC.CA> Message-ID: References: <200405261957.PAA10527@ietf.org> <200405262013.QAA17060@Sparkle.Rodents.Montreal.QC.CA> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: ietf-ssh-owner@NetBSD.org Precedence: list Hi, On Wed, 26 May 2004, der Mouse wrote: > > A New Internet-Draft is available [...] > > Filename : draft-ietf-secsh-userauth-20.txt > > There are some very bad line breaks - it looks to me as though an > automated tool hiccuped and nobody caught it in time. That would be _me_. I was trying to replace all of the static references with xml pointers. Unfortunately those were in "artwork" rather than in "list" which seems to make xml2rfc rather grumpy. It didn't show up well in the htmlwdiff so I missed it. It seems that my efforts to update the updated IDs went wrong somehow. When I submitted the 5 IDs in the same email, I got a response back from the ID Editors which I assumed meant that they were all going into the repository. When the ID Editor contacted me later to resubmit them individually, I (again) upped the revision number of them all. Evidently, only USERAUTH got updated in the first round so my last set of revisions were bounced for being non-sequential. I'm starting to make some editorial changes to the IDs so things are a bit of a mess at the moment. What I'll do is to go back and re-send the first batch of IDs to the ID Editors so that things stay synchronized. Once I get things cleaned up again, I'll submit the second batch and everyone can review those changes. Thanks, Chris From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Thu May 27 04:48:23 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id EAA08351 for ; Thu, 27 May 2004 04:48:22 -0400 (EDT) Received: (qmail 6896 invoked by uid 605); 27 May 2004 08:48:22 -0000 Delivered-To: ietf-ssh@netbsd.org Message-ID: <20040527084822.6895.qmail@mail.netbsd.org> Received: (qmail 6889 invoked from network); 27 May 2004 08:48:21 -0000 Received: from ool-18e459c2.dyn.optonline.net (24.228.89.194) by mail.netbsd.org with SMTP; 27 May 2004 08:48:21 -0000 Date: Thu, 27 May 2004 08:34:48 +0000 From: ned To: ietf-ssh@NetBSD.org Subject: Deana MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Sender: ietf-ssh-owner@NetBSD.org Precedence: list Content-Transfer-Encoding: 7bit http://star-teens.com/mc/luc/ This is absolutely a unique spot where you get to look at dirty images and mpegs. Big bosoms, streaming love caves. To enjoy click and glance them caressing. http://star-teens.com/mc/luc/ From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Thu May 27 15:40:40 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id PAA19578 for ; Thu, 27 May 2004 15:40:39 -0400 (EDT) Received: (qmail 21100 invoked by uid 605); 27 May 2004 19:40:38 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 21086 invoked from network); 27 May 2004 19:40:37 -0000 Received: from odin.ietf.org (HELO ietf.org) (132.151.1.176) by mail.netbsd.org with SMTP; 27 May 2004 19:40:37 -0000 Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA19566; Thu, 27 May 2004 15:40:19 -0400 (EDT) Message-Id: <200405271940.PAA19566@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: i-d-announce@ietf.org Cc: ietf-ssh@NetBSD.org From: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-secsh-newmodes-02.txt Date: Thu, 27 May 2004 15:40:19 -0400 Sender: ietf-ssh-owner@NetBSD.org Precedence: list --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Secure Shell Working Group of the IETF. Title : SSH Transport Layer Encryption Modes Author(s) : M. Bellare, et al. Filename : draft-ietf-secsh-newmodes-02.txt Pages : 11 Date : 2004-5-27 Researchers have recently discovered that the authenticated encryption portion of the current SSH Transport Protocol is vulnerable to several attacks. This document describes new symmetric encryption methods for the SSH Transport Protocol and gives specific recommendations on how frequently SSH implementations should rekey. Bellare, Kohno, and Namprempre [ACM CCS 2002] prove that if an SSH application implements the modifications described in this document, then the symmetric cryptographic portion of that application will provably resist chosen-plaintext, chosen-ciphertext, reaction-based privacy and integrity/authenticity attacks. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-02.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-secsh-newmodes-02.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-secsh-newmodes-02.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2004-5-27154217.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-secsh-newmodes-02.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-secsh-newmodes-02.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2004-5-27154217.I-D@ietf.org> --OtherAccess-- --NextPart-- From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Thu May 27 16:07:17 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id QAA20961 for ; Thu, 27 May 2004 16:07:17 -0400 (EDT) Received: (qmail 10415 invoked by uid 605); 27 May 2004 20:07:14 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 10369 invoked from network); 27 May 2004 20:07:11 -0000 Received: from sparkle.rodents.montreal.qc.ca (216.46.5.7) by mail.netbsd.org with SMTP; 27 May 2004 20:07:11 -0000 Received: (from mouse@localhost) by Sparkle.Rodents.Montreal.QC.CA (8.8.8/8.8.8) id QAA02908; Thu, 27 May 2004 16:07:10 -0400 (EDT) From: der Mouse Message-Id: <200405272007.QAA02908@Sparkle.Rodents.Montreal.QC.CA> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Erik-Conspiracy: There is no Conspiracy - and if there were I wouldn't be part of it anyway. Date: Thu, 27 May 2004 15:59:19 -0400 (EDT) To: ietf-ssh@NetBSD.org Subject: Re: I-D ACTION:draft-ietf-secsh-newmodes-02.txt In-Reply-To: <200405271940.PAA19566@ietf.org> References: <200405271940.PAA19566@ietf.org> Sender: ietf-ssh-owner@NetBSD.org Precedence: list Content-Transfer-Encoding: 8bit > A New Internet-Draft is available [...] > Filename : draft-ietf-secsh-newmodes-02.txt I note that (compared to newmodes-01) this contains the reverse of a trend I noticed (and appreciated) in the other drafts I've seen recently. The recent drafts have gone to two spaces after an end-of-sentence period (and, unfortunately, after abbreviations too, but I think it's still better than the previous way; the particular case I noticed was using the wrong abbreviation anyway). But this draft seems to reverse that trend: - provide both privacy and integrity of encapsulated data. Researchers + provide both privacy and integrity of encapsulated data. Researchers - recommendations for the SSH Transport Protocol [SSH-TRANS]. [BKN] + recommendations for the SSH Transport Protocol [SSH-TRANS]. [BKN] - version of the SSH protocol. Another alternative to recommendation + version of the SSH protocol. Another alternative to recommendation However, it does this puzzlingly seldom; out of the entire draft, I found only those three examples of a double end-of-sentence space being converted to a single. This leads me to speculate that mechanical tools have gone awry again.... /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML mouse@rodents.montreal.qc.ca / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B From ietf-ssh-owner-secsh-archive=odin.ietf.org@NetBSD.org Thu May 27 16:30:54 2004 Received: from mail.netbsd.org (mail.netbsd.org [204.152.184.164]) by ietf.org (8.9.1a/8.9.1a) with SMTP id QAA22847 for ; Thu, 27 May 2004 16:30:53 -0400 (EDT) Received: (qmail 25197 invoked by uid 605); 27 May 2004 20:30:53 -0000 Delivered-To: ietf-ssh@netbsd.org Received: (qmail 25179 invoked from network); 27 May 2004 20:30:52 -0000 Received: from emulex.emulex.com (138.239.112.1) by mail.netbsd.org with SMTP; 27 May 2004 20:30:52 -0000 Received: from xcm.ad.emulex.com (xcm.emulex.com [138.239.112.206]) by emulex.emulex.com (8.12.10/8.12.10) with ESMTP id i4RKUGAl021237; Thu, 27 May 2004 13:30:16 -0700 (PDT) Received: by xcm.emulex.com with Internet Mail Service (5.5.2653.19) id ; Thu, 27 May 2004 13:30:16 -0700 Message-ID: <8D43EFD7CCBDB24980134BE078C227E70B0925DD@xcm.emulex.com> From: System Attendant To: "'i-d-announce@ietf.org'" , "'ietf-ssh@netbsd.org'" Subject: [MailServer Notification]To Recipient file blocking settings matc hed and action was taken. Date: Thu, 27 May 2004 13:30:15 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Sender: ietf-ssh-owner@NetBSD.org Precedence: list ScanMail for Microsoft Exchange took action on the message. The message details were: Sender = Internet-Drafts@ietf.org Recipient(s) = i-d-announce@ietf.org;ietf-ssh@netbsd.org Subject = I-D ACTION:draft-ietf-secsh-newmodes-02.txt Scanning time = 05/27/2004 13:30:14 Engine/Pattern = 7.000-1004/1.895.00 Action taken on message: The attachment draft-ietf-secsh-newmodes-02.url matched file blocking settings. ScanMail took the action: Deleted. XCM Warning to recipient: Attachment blocking action taken.