From bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org Mon Aug 1 10:15:17 2011 Return-Path: X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 687FB11E80AB for ; Mon, 1 Aug 2011 10:15:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.149 X-Spam-Level: X-Spam-Status: No, score=-106.149 tagged_above=-999 required=5 tests=[AWL=-0.450, BAYES_00=-2.599, J_CHICKENPOX_23=0.6, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w13k6qNI3AyS for ; Mon, 1 Aug 2011 10:15:17 -0700 (PDT) Received: from mail.netbsd.org (ns.NetBSD.org [IPv6:2001:4f8:3:7::53]) by ietfa.amsl.com (Postfix) with ESMTP id 1233311E8077 for ; Mon, 1 Aug 2011 10:15:17 -0700 (PDT) Received: by mail.netbsd.org (Postfix, from userid 605) id A563D14A347; Mon, 1 Aug 2011 17:15:19 +0000 (UTC) Delivered-To: ietf-ssh@NetBSD.org Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id DA63114A354 for ; Mon, 1 Aug 2011 17:15:16 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id Xa7iVdy8Re78 for ; Mon, 1 Aug 2011 17:15:16 +0000 (UTC) Received: from smtp03.srv.cs.cmu.edu (SMTP03.SRV.CS.CMU.EDU [128.2.217.198]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id D036E14A31A for ; Mon, 1 Aug 2011 17:15:15 +0000 (UTC) Received: from [66.233.146.161] (66-233-146-161.pit.clearwire-wmx.net [66.233.146.161] (may be forged)) (authenticated bits=0) by smtp03.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id p71HEiVb013097 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 1 Aug 2011 13:14:45 -0400 (EDT) Subject: Re: [saag] Support for ECDSA and SHA-2 (SHA-256) in the SSHFP record From: Jeffrey Hutzelman To: =?UTF-8?Q?Ond=C5=99ej_Sur=C3=BD?= Cc: jhutz@cmu.edu, Damien Miller , jakob@openbsd.org, ietf-ssh In-Reply-To: <31458_1312073702_p6V0t09e032175_E490261C-BD56-436F-919D-69E27DCD6BFD@nic.cz> References: <0F1A09E5-42E0-4B66-A317-155BB94BC5C2@nic.cz> <31458_1312073702_p6V0t09e032175_E490261C-BD56-436F-919D-69E27DCD6BFD@nic.cz> Content-Type: text/plain; charset="UTF-8" Date: Mon, 01 Aug 2011 13:14:52 -0400 Message-ID: <1312218892.16851.25.camel@destiny.pc.cs.cmu.edu> Mime-Version: 1.0 X-Mailer: Evolution 2.30.3 Content-Transfer-Encoding: 8bit X-Scanned-By: mimedefang-cmuscs on 128.2.217.198 Sender: ietf-ssh-owner@NetBSD.org List-Id: ietf-ssh.NetBSD.org Precedence: list On Sat, 2011-07-30 at 20:54 -0400, Ondřej Surý wrote: > Hi Damien, > > On 30. 7. 2011, at 14:21, Damien Miller wrote: > > > Thanks for starting work on this - SSHFP records for ECDSA keys were on > > my TODO list, but I haven't yet got around to them. > > > I briefly skimmed your draft - one question I have is whether it is > > better to roll up all the ECDSA key types under one SSHFP RR type. > > It would be quite ugly to have to allocate SSHFP RR type numbers for > > each possible ECDSA curve type, but using a single one might make > > exploitation of SHA256 preimage attacks easier. Before we go any further, it's probably best to make it clear in advance that we are _not_ talking about RR types at all. SSHFP is and continues to be a single RR type. What we are talking about is values for the "algorithm" field in the SSHFP RR data. It's a bit late now, but if we'd made the algorithm field a string containing the SSH public key algorithm name, we wouldn't be having this discussion now. :-( > I thought that secsh was concluded, but it seems that the mailing list > is still up. Ccing there as well. The WG did conclude, but this list is still active and is the appropriate forum for discussing changes or enhancements to SSH or related protocols. I'm CC'ing this there, and moving saag to bcc only so that people there see my first comment above. -- Jeff From bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org Mon Aug 1 19:44:08 2011 Return-Path: X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00C0111E8087 for ; Mon, 1 Aug 2011 19:44:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rnfgp+1+ZnBt for ; Mon, 1 Aug 2011 19:44:06 -0700 (PDT) Received: from mail.netbsd.org (ns.NetBSD.org [IPv6:2001:4f8:3:7::53]) by ietfa.amsl.com (Postfix) with ESMTP id 7AC0011E813A for ; Mon, 1 Aug 2011 19:44:06 -0700 (PDT) Received: by mail.netbsd.org (Postfix, from userid 605) id C1EAF14A241; Tue, 2 Aug 2011 02:44:10 +0000 (UTC) Delivered-To: ietf-ssh@NetBSD.org Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 4AA1A14A23A for ; Tue, 2 Aug 2011 02:44:09 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id bqhoJXX3Z+0s for ; Tue, 2 Aug 2011 02:44:08 +0000 (UTC) Received: from natsu.mindrot.org (natsu.mindrot.org [116.66.166.108]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id 8B5F114A22A for ; Tue, 2 Aug 2011 02:44:08 +0000 (UTC) Received: by natsu.mindrot.org (Postfix, from userid 1000) id 0E539C4B77; Tue, 2 Aug 2011 11:25:15 +1000 (EST) Received: from localhost (localhost [127.0.0.1]) by natsu.mindrot.org (Postfix) with ESMTP id 0AE83C4AC8; Tue, 2 Aug 2011 11:25:15 +1000 (EST) Date: Tue, 2 Aug 2011 11:25:15 +1000 (EST) From: Damien Miller To: Peter Gutmann cc: anakin@pobox.com, galb-list@vandyke.com, ietf-ssh2@denisbider.com, jhutz@cmu.edu, mdb@juniper.net, ietf-ssh@NetBSD.org Subject: Re: SHA-2 based HMAC algorithm... In-Reply-To: Message-ID: References: User-Agent: Alpine 2.00 (BSO 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: ietf-ssh-owner@NetBSD.org List-Id: ietf-ssh.NetBSD.org Precedence: list On Thu, 14 Apr 2011, Peter Gutmann wrote: > Simon Tatham writes: > > >I've uploaded a complete set of PuTTY executables (in the 'x86' > >subdir) and source archives modified for SHA-2 support, together with > >the source code patch (in 'sha2.diff'). I've verified that all four > >of the new MACs work against OpenSSH 5.8p1 > > Works with cryptlib as well, after a two-line change :-). > > (One minor gripe, it would be nice if Putty's log window was > resizeable and/or defaulted to being a bit larger than two adjacent > low-denomination postage stamps). okay, these modes (as represented in mdb's patch) have just been committed to OpenSSH and will be in the 5.9 release (due soonish) -d From bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org Sat Aug 27 01:44:17 2011 Return-Path: X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75FBC21F8AB8 for ; Sat, 27 Aug 2011 01:44:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.798 X-Spam-Level: X-Spam-Status: No, score=0.798 tagged_above=-999 required=5 tests=[BAYES_05=-1.11, RCVD_ILLEGAL_IP=1.908] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4RAKyrW63gxz for ; Sat, 27 Aug 2011 01:44:16 -0700 (PDT) Received: from mail.netbsd.org (ns.NetBSD.org [IPv6:2001:4f8:3:7::53]) by ietfa.amsl.com (Postfix) with ESMTP id 4C29521F8AAC for ; Sat, 27 Aug 2011 01:44:13 -0700 (PDT) Received: by mail.netbsd.org (Postfix, from userid 605) id DAA4C14A442; Sat, 27 Aug 2011 08:45:25 +0000 (UTC) Delivered-To: ietf-ssh@netbsd.org Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 33AAB14A43F for ; Sat, 27 Aug 2011 08:45:25 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org X-Amavis-Alert: BAD HEADER SECTION, Missing required header field: "Date" Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id 0uVrOr76g7oF for ; Sat, 27 Aug 2011 08:45:24 +0000 (UTC) Received: from relay5.sifymail.net (msgogi78.sifymail.net [202.144.66.78]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id 6206714A435 for ; Sat, 27 Aug 2011 08:45:00 +0000 (UTC) Received: (sifymail 14855 invoked by uid 508); 27 Aug 2011 01:55:48 +0530 Received: from 1.177.17.211 (HELO localhost) (nautica.n03@arvindstores.com@1.177.17.211) by 0 with ESMTPA; 27 Aug 2011 01:55:48 +0530 From: nautica.n03@arvindstores.com To: ietf-ssh@netbsd.org Subject: Making love toys bigger-harder Sender: ietf-ssh-owner@NetBSD.org List-Id: ietf-ssh.NetBSD.org Precedence: list Message-Id: <20110827084525.DAA4C14A442@mail.netbsd.org> Date: Sat, 27 Aug 2011 08:45:25 +0000 (UTC) http://physisucv.com/wooden.html World of health, 80 percent off.