From owner-ietf-ssh@clinet.fi  Wed Jul  5 23:26:50 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id XAA07603
	for <msfriedl@cip.informatik.uni-erlangen.de>; Wed, 5 Jul 2000 23:26:49 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id XAA06762
	for <Markus.Friedl@informatik.uni-erlangen.de>; Wed, 5 Jul 2000 23:26:48 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id WAA12297
	for ietf-ssh-outgoing; Wed, 5 Jul 2000 22:28:16 +0300
Received: from syrinx.oankali.net (syrinx.oankali.net [206.243.169.50])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id WAA12294
	for <ietf-ssh@clinet.fi>; Wed, 5 Jul 2000 22:28:14 +0300
Received: (from res@localhost)
	by syrinx.oankali.net (8.9.3/8.9.3) id PAA25971;
	Wed, 5 Jul 2000 15:26:46 -0400
Date: Wed, 5 Jul 2000 15:26:46 -0400
Message-Id: <200007051926.PAA25971@syrinx.oankali.net>
From: "Richard E. Silverman" <slade@shore.net>
To: SECSH Discussion List <ietf-ssh@clinet.fi>
Subject: comment in the 1.5 protocol spec
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 1249
Lines: 24


In the old RFC documenting the SSH-1.5 protocol, in the description of RSA
user authentication, there is the following:

  ... and the challenge put in the remaining bytes.  This is then encrypted
  with the public key.  (The padding and encryption algorithm is the same as
  that used for the session key.)  The client decrypts the challenge using its
  private key, concatenates it with the session id, and computes an MD5
  checksum of the resulting 48 bytes.  The MD5 output is returned as 16 bytes
  in a SSH_CMSG_AUTH_RSA_RESPONSE message.  (Note that the MD5 is necessary to
  avoid chosen plaintext attacks against RSA; the session id binds it to a
  specific session.)

And this is indeed the way the current SSH1 software operates.  I don't
understand the comment about MD5.  A chosen-plaintext attack would require the
client to be encrypting the server-chosen challenge with its private key, that
is, if it were returning a signature on an (unhashed) nonce.  But in this
case, if the client simply returned the plaintext challenge, it would not be
revealing anything not already known to the server.  An observer would obtain 
a plaintext/ciphertext pair of the client's *public* key -- but so what?

Am I missing something?

- Richard
From owner-ietf-ssh@clinet.fi  Thu Jul  6 13:03:24 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id NAA24331
	for <msfriedl@cip.informatik.uni-erlangen.de>; Thu, 6 Jul 2000 13:03:23 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id NAA18201
	for <Markus.Friedl@informatik.uni-erlangen.de>; Thu, 6 Jul 2000 13:03:22 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id LAA21933
	for ietf-ssh-outgoing; Thu, 6 Jul 2000 11:59:51 +0300
Received: from samantha.lysator.liu.se (root@samantha.lysator.liu.se [130.236.254.202])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id LAA21921
	for <ietf-ssh@clinet.fi>; Thu, 6 Jul 2000 11:59:47 +0300
Received: from sture.lysator.liu.se (nisse@sture.lysator.liu.se [130.236.254.21])
	by samantha.lysator.liu.se (8.9.3/8.9.3) with ESMTP id KAA23195;
	Thu, 6 Jul 2000 10:59:45 +0200 (MET DST)
Received: (from nisse@localhost)
	by sture.lysator.liu.se (8.9.0/8.8.7) id KAA13505;
	Thu, 6 Jul 2000 10:59:42 +0200 (MET DST)
To: "Richard E. Silverman" <slade@shore.net>
Cc: SECSH Discussion List <ietf-ssh@clinet.fi>
Subject: Re: comment in the 1.5 protocol spec
References: <200007051926.PAA25971@syrinx.oankali.net>
From: nisse@lysator.liu.se (Niels Mller)
Date: 06 Jul 2000 10:59:41 +0200
In-Reply-To: "Richard E. Silverman"'s message of "Wed, 5 Jul 2000 15:26:46 -0400"
Message-ID: <nnsntnljlu.fsf@sture.lysator.liu.se>
X-Mailer: Gnus v5.7/Emacs 20.7
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 2784
Lines: 61

"Richard E. Silverman" <slade@shore.net> writes:

> In the old RFC documenting the SSH-1.5 protocol, in the description of RSA
> user authentication, there is the following:
> 
>   ... and the challenge put in the remaining bytes.  This is then encrypted
>   with the public key.  (The padding and encryption algorithm is the same as
>   that used for the session key.)  The client decrypts the challenge using its
>   private key, concatenates it with the session id, and computes an MD5
>   checksum of the resulting 48 bytes.  The MD5 output is returned as 16 bytes
>   in a SSH_CMSG_AUTH_RSA_RESPONSE message.  (Note that the MD5 is necessary to
>   avoid chosen plaintext attacks against RSA; the session id binds it to a

Protection against chosen-plaintext attacks on a public key
cryptosystem doesn't make much sense; anyone who knows the _public_
key can encrypt any plaintext he likes.

Perhaps the author really meant chosen _cipher_-text attack or some
such? On the other hand, I don't see how the hashing makes any
difference for chosen-ciphertext-attacks like the attack on PKCS#1 a
few years ago.

>   specific session.)
> 
> And this is indeed the way the current SSH1 software operates.  I don't
> understand the comment about MD5.  A chosen-plaintext attack would require the
> client to be encrypting the server-chosen challenge with its private key, that
> is, if it were returning a signature on an (unhashed) nonce.

Decrypting (as specified in the protocol) and signing is very similar,
from the point of view of someone trying to get to the private RSA
key. I think your phrases "encrypt something with the private key" is
a little confusing.

> But in this case, if the client simply returned the plaintext
> challenge, it would not be revealing anything not already known to
> the server. An observer would obtain a plaintext/ciphertext pair of
> the client's *public* key -- but so what?

I don't think you can assume that the plaintext is known to server.
The server may have constructed the "encrypted challenge" it sends to
the client in some other way than encrypting a known value. He may
have got the challenge from eavesdropping on some other ssh sesion, or
he may be trying some chosen-cipher-text attack.

> Am I missing something?

If you were returning the plaintext challenge, you provide the
world[1] with a decryption oracle for your private key. That seems
like an unwise thing to do, no matter if there is any practical way to
exploit it.

[1] Ok, not really the entire world; only the part of the world that
    can trick you to try to connect to them using ssh1.

(I don't remember much of the ssh-1.5 protocol, so I may well be
missing some crucial context. I also think the ssh-1.5 protocol is
somewhat off-topic here).

Regards,
/Niels
From owner-ietf-ssh@clinet.fi  Thu Jul  6 20:32:53 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id UAA04550
	for <msfriedl@cip.informatik.uni-erlangen.de>; Thu, 6 Jul 2000 20:32:52 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id UAA08155
	for <Markus.Friedl@informatik.uni-erlangen.de>; Thu, 6 Jul 2000 20:32:51 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id TAA20832
	for ietf-ssh-outgoing; Thu, 6 Jul 2000 19:41:10 +0300
Received: from syrinx.oankali.net (syrinx.oankali.net [206.243.169.50])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id TAA20829
	for <ietf-ssh@clinet.fi>; Thu, 6 Jul 2000 19:41:08 +0300
Received: (from res@localhost)
	by syrinx.oankali.net (8.9.3/8.9.3) id MAA27069;
	Thu, 6 Jul 2000 12:39:38 -0400
Date: Thu, 6 Jul 2000 12:39:38 -0400 (EDT)
From: "Richard E. Silverman" <res@shore.net>
X-Sender: res@syrinx.oankali.net
Reply-To: "Richard E. Silverman" <slade@shore.net>
To: SECSH Discussion List <ietf-ssh@clinet.fi>
Subject: Re: comment in the 1.5 protocol spec
In-Reply-To: <nnsntnljlu.fsf@sture.lysator.liu.se>
Message-ID: <Pine.LNX.4.10.10007061209300.23307-100000@syrinx.oankali.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by mail.clinet.fi id TAA20830
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 2536
Lines: 56

On 6 Jul 2000, Niels Mller wrote:

> Protection against chosen-plaintext attacks on a public key
> cryptosystem doesn't make much sense; anyone who knows the _public_
> key can encrypt any plaintext he likes.

Well, such protection makes sense in a crypto*system*, since a public-key
system contains private keys, and RSA is susceptible to chosen-plaintext
attacks.  However, the second half of this sentence restates my point
exactly: I don't see how a chosen-plaintext attack applies in this
situation.  Perhaps we mean the same thing.

> Decrypting (as specified in the protocol) and signing is very similar,
> from the point of view of someone trying to get to the private RSA
> key. I think your phrases "encrypt something with the private key" is
> a little confusing.

I don't see that they're similar at all.  In the first, you get a
chosen-plaintext/ciphertext pair encrypted with the public key; in the
second, a pair from the private key.  The first is useless since it is
publically available knowledge; the second can provide valuable
information in recovering the private key.

> I don't think you can assume that the plaintext is known to server.
> The server may have constructed the "encrypted challenge" it sends to
> the client in some other way than encrypting a known value. He may
> have got the challenge from eavesdropping on some other ssh sesion, or
> he may be trying some chosen-cipher-text attack.

This is a good point, thanks.

> If you were returning the plaintext challenge, you provide the world[1]
> with a decryption oracle for your private key. That seems like an unwise
> thing to do, no matter if there is any practical way to exploit it.

Ah, yes, I see; this is the real danger.  If that key were used for
encryption as well as signing, outside of SSH -- say for encrypting data
files or email -- then this could be disastrous.  I might be able to trick
SSH into decrypting the bulk key for a sealed document sent to you, just
by attempting to log in as you.

> I also think the ssh-1.5 protocol is somewhat off-topic here

The 1.5 protocol is in widespread use, much more widespread than 2.0.
Given that, and the fact that several people on this list work for SSH
Communications Security, which maintains the SSH1 software and distributes
the 1.5 protocol spec with it, I had assumed that correct understanding of
the 1.5 protocol would be a relevant topic for the secsh working group.  I
it isn't, I apologize.

Nonetheless, thanks for your reply.

-- 
  Richard Silverman
  slade@shore.net

From owner-ietf-ssh@clinet.fi  Fri Jul  7 14:20:19 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id OAA02418
	for <msfriedl@cip.informatik.uni-erlangen.de>; Fri, 7 Jul 2000 14:20:18 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id OAA10859
	for <Markus.Friedl@informatik.uni-erlangen.de>; Fri, 7 Jul 2000 14:20:13 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id MAA16510
	for ietf-ssh-outgoing; Fri, 7 Jul 2000 12:43:40 +0300
Received: from samantha.lysator.liu.se (root@samantha.lysator.liu.se [130.236.254.202])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id MAA16498
	for <ietf-ssh@clinet.fi>; Fri, 7 Jul 2000 12:43:37 +0300
Received: from sture.lysator.liu.se (nisse@sture.lysator.liu.se [130.236.254.21])
	by samantha.lysator.liu.se (8.9.3/8.9.3) with ESMTP id LAA00621;
	Fri, 7 Jul 2000 11:43:35 +0200 (MET DST)
Received: (from nisse@localhost)
	by sture.lysator.liu.se (8.9.0/8.8.7) id LAA25056;
	Fri, 7 Jul 2000 11:43:31 +0200 (MET DST)
To: "Richard E. Silverman" <slade@shore.net>
Cc: SECSH Discussion List <ietf-ssh@clinet.fi>
Subject: Re: comment in the 1.5 protocol spec
References: <Pine.LNX.4.10.10007061209300.23307-100000@syrinx.oankali.net>
From: nisse@lysator.liu.se (Niels Mller)
Date: 07 Jul 2000 11:43:31 +0200
In-Reply-To: "Richard E. Silverman"'s message of "Thu, 6 Jul 2000 12:39:38 -0400 (EDT)"
Message-ID: <nnvgyijmws.fsf@sture.lysator.liu.se>
X-Mailer: Gnus v5.7/Emacs 20.7
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 3121
Lines: 67

"Richard E. Silverman" <res@shore.net> writes:

> On 6 Jul 2000, Niels Mller wrote:
> 
> > Decrypting (as specified in the protocol) and signing is very similar,
> > from the point of view of someone trying to get to the private RSA
> > key. I think your phrases "encrypt something with the private key" is
> > a little confusing.
> 
> I don't see that they're similar at all.  In the first, you get a
> chosen-plaintext/ciphertext pair encrypted with the public key; in the
> second, a pair from the private key.  The first is useless since it is
> publically available knowledge; the second can provide valuable
> information in recovering the private key.

As I see it, there are two games one can play with an RSA-subsystem:

1. Choose a message, and operate upon it using the public key.

2. Choose a message, and operate upon it using the private key (most
   likely by asking someone who knows the private key to do the actual
   operation). As the "operation" here, I'm primarily thinking of the
   exponentiation; if the chosen message is hashed before the
   exponentiation, we get a third game that is quite different.

Game 1 is trivial, in the sense that there is no point to try to guard
against it: If one can break RSA by playing game 1, the conclusion is
that the public keys must be kept secret, which kind of breaks the
entire point of using RSA as a public-key cryptosystem.

Game 2 is more interesting. A setup where you sign arbitrary messages
(without hashing; i.e. "encrypting with the private key"), or where
you decrypt arbitrary alleged cryptotexts (as in the ssh1-spec, if the
hashing step is omitted), both allow an attacker to play game 2. It is
in this sense that a signing oracle and a decryption oracle are
similar.

Perhaps we're just using different language.

> Ah, yes, I see; this is the real danger.  If that key were used for
> encryption as well as signing, outside of SSH -- say for encrypting data
> files or email -- then this could be disastrous.  I might be able to trick
> SSH into decrypting the bulk key for a sealed document sent to you, just
> by attempting to log in as you.

One could perhaps also use it for a real-time MITM attack on an
unrelated ssh session; this may be difficult to mount in practice but
it would still be a very serious protocol flaw.

> > I also think the ssh-1.5 protocol is somewhat off-topic here
> 
> The 1.5 protocol is in widespread use, much more widespread than 2.0.
> Given that, and the fact that several people on this list work for SSH
> Communications Security, which maintains the SSH1 software and distributes
> the 1.5 protocol spec with it, I had assumed that correct understanding of
> the 1.5 protocol would be a relevant topic for the secsh working group.  I
> it isn't, I apologize.

Ok, I see your point. Perhaps I'm the only member on the list that
doesn't have much familiarity or interest in ssh-1 details.

In fact, if I read this discussion as "how to use RSA for
authentication" rather than "why does ssh-1 do things this particular
way", I do find it interesting. So please disregard my complaint.

Regards,
/Niels
From owner-ietf-ssh@clinet.fi  Sat Jul  8 01:03:33 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id BAA06042
	for <msfriedl@cip.informatik.uni-erlangen.de>; Sat, 8 Jul 2000 01:03:32 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id BAA25511
	for <Markus.Friedl@informatik.uni-erlangen.de>; Sat, 8 Jul 2000 01:03:31 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id XAA19335
	for ietf-ssh-outgoing; Fri, 7 Jul 2000 23:58:20 +0300
Received: from inner.net (avarice.inner.net [199.33.248.2])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id XAA19332
	for <ietf-ssh@clinet.fi>; Fri, 7 Jul 2000 23:58:18 +0300
Received: from mosquito ([216.52.8.30])
	by inner.net (8.7.6/8.9.3) with ESMTP id UAA31492;
	Fri, 7 Jul 2000 20:43:26 GMT
Message-Id: <4.2.0.58.20000706171806.0098fa50@avarice.inner.net>
X-Sender: rja@avarice.inner.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 
Date: Fri, 07 Jul 2000 16:54:35 -0400
To: "Richard E. Silverman" <slade@shore.net>
From: RJ Atkinson <rja@inet.org>
Subject: Re: comment in the 1.5 protocol spec
Cc: SECSH Discussion List <ietf-ssh@clinet.fi>
In-Reply-To: <Pine.LNX.4.10.10007061209300.23307-100000@syrinx.oankali.n
 et>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 942
Lines: 25

At 12:39 06/07/00 , Richard E. Silverman wrote:
>This message uses a character set that is not supported by the Internet
>Service.  To view the original message content,  open the attached
>message. If the text doesn't display correctly, save the attachment to
>disk, and then open it using a viewer that can display the original
>character set. [attachment deleted]

         The above is totally unacceptable outcome for email
sent to any IETF mailing list.  IETF mailing lists ought only
to have plain-text email with MIME-compliant headers and body
and International Standard character sets.  For IETF mailing
lists, one has to assume that the mail is being read on some
TTY/video-terminal and cannot assume Windows is on everyone's
desktop.

         Please resend the original note using a MIME-compliant 
encoding of an International Standard character set 
(e.g. US-ASCII, ISO-646, ISO-8859-X).

Thanks very much,

Ran
rja@inet.org


From owner-ietf-ssh@clinet.fi  Sat Jul  8 02:35:29 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id CAA09380
	for <msfriedl@cip.informatik.uni-erlangen.de>; Sat, 8 Jul 2000 02:35:29 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id CAA29232
	for <Markus.Friedl@informatik.uni-erlangen.de>; Sat, 8 Jul 2000 02:35:28 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id BAA25369
	for ietf-ssh-outgoing; Sat, 8 Jul 2000 01:22:59 +0300
Received: from syrinx.oankali.net (syrinx.oankali.net [206.243.169.50])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id BAA25366
	for <ietf-ssh@clinet.fi>; Sat, 8 Jul 2000 01:22:57 +0300
Received: (from res@localhost)
	by syrinx.oankali.net (8.9.3/8.9.3) id SAA06501;
	Fri, 7 Jul 2000 18:20:43 -0400
Date: Fri, 7 Jul 2000 18:20:43 -0400 (EDT)
From: "Richard E. Silverman" <res@shore.net>
X-Sender: res@syrinx.oankali.net
Reply-To: "Richard E. Silverman" <slade@shore.net>
To: RJ Atkinson <rja@inet.org>
cc: SECSH Discussion List <ietf-ssh@clinet.fi>
Subject: Re: comment in the 1.5 protocol spec
In-Reply-To: <4.2.0.58.20000706171806.0098fa50@avarice.inner.net>
Message-ID: <Pine.LNX.4.10.10007071805010.6292-100000@syrinx.oankali.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 1681
Lines: 42

On Fri, 7 Jul 2000, RJ Atkinson wrote:

> At 12:39 06/07/00 , Richard E. Silverman wrote:
> >This message uses a character set that is not supported by the Internet
> >Service.  To view the original message content,  open the attached
> >message. If the text doesn't display correctly, save the attachment to
> >disk, and then open it using a viewer that can display the original
> >character set. [attachment deleted]

This is incorrect.  I did not write this, nor was that text part of the
message I sent, nor was there an attachment.  The message as it left my
system was plain-text and not MIME-multipart.  The text you quote, and the
message structure, were introduced elsewhere on its path to you.  If I had
to guess, I'd say your mail reader (Eudora) did it, in response to the
character set issue.

When Niels sent his first reply, it was technically malformatted (at least
according to my understanding of the relevant RFCs): it contained an 8-bit
ISO-8859-1 character (o-umlaut) in the From: header (his last name),
without using RFC-1522 encoding.  Since I quoted his name in my reply, my
mail reader marked the message:

  Content-Type: TEXT/PLAIN; charset=X-UNKNOWN

I have since reset it to mark messages with an unknown character set as
ISO-8859-1 instead, which will probably work most of the time for
typically broken messages.

> ... and cannot assume Windows is on everyone's desktop.

I don't know where you got this from; I use Pine under Linux.

>          Please resend the original note using a MIME-compliant 
> encoding of an International Standard character set 
> (e.g. US-ASCII, ISO-646, ISO-8859-X).

Fine.

-- 
  Richard Silverman
  slade@shore.net

From owner-ietf-ssh@clinet.fi  Sat Jul  8 02:56:56 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id CAA09961
	for <msfriedl@cip.informatik.uni-erlangen.de>; Sat, 8 Jul 2000 02:56:55 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id CAA00070
	for <Markus.Friedl@informatik.uni-erlangen.de>; Sat, 8 Jul 2000 02:56:55 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id BAA26194
	for ietf-ssh-outgoing; Sat, 8 Jul 2000 01:36:51 +0300
Received: from syrinx.oankali.net (syrinx.oankali.net [206.243.169.50])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id BAA26189
	for <ietf-ssh@clinet.fi>; Sat, 8 Jul 2000 01:36:49 +0300
Received: (from res@localhost)
	by syrinx.oankali.net (8.9.3/8.9.3) id SAA06564;
	Fri, 7 Jul 2000 18:35:32 -0400
Date: Fri, 7 Jul 2000 18:35:31 -0400 (EDT)
From: "Richard E. Silverman" <res@shore.net>
X-Sender: res@syrinx.oankali.net
Reply-To: "Richard E. Silverman" <slade@shore.net>
To: SECSH Discussion List <ietf-ssh@clinet.fi>
Subject: Re: comment in the 1.5 protocol spec (RESENT)
In-Reply-To: <nnsntnljlu.fsf@sture.lysator.liu.se>
Message-ID: <Pine.LNX.4.10.10007071833530.6549-100000@syrinx.oankali.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by mail.clinet.fi id BAA26191
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 2537
Lines: 57


On 6 Jul 2000, Niels Mller wrote:

> Protection against chosen-plaintext attacks on a public key
> cryptosystem doesn't make much sense; anyone who knows the _public_
> key can encrypt any plaintext he likes.

Well, such protection makes sense in a crypto*system*, since a public-key
system contains private keys, and RSA is susceptible to chosen-plaintext
attacks.  However, the second half of this sentence restates my point
exactly: I don't see how a chosen-plaintext attack applies in this
situation.  Perhaps we mean the same thing.

> Decrypting (as specified in the protocol) and signing is very similar,
> from the point of view of someone trying to get to the private RSA
> key. I think your phrases "encrypt something with the private key" is
> a little confusing.

I don't see that they're similar at all.  In the first, you get a
chosen-plaintext/ciphertext pair encrypted with the public key; in the
second, a pair from the private key.  The first is useless since it is
publically available knowledge; the second can provide valuable
information in recovering the private key.

> I don't think you can assume that the plaintext is known to server.
> The server may have constructed the "encrypted challenge" it sends to
> the client in some other way than encrypting a known value. He may
> have got the challenge from eavesdropping on some other ssh sesion, or
> he may be trying some chosen-cipher-text attack.

This is a good point, thanks.

> If you were returning the plaintext challenge, you provide the world[1]
> with a decryption oracle for your private key. That seems like an unwise
> thing to do, no matter if there is any practical way to exploit it.

Ah, yes, I see; this is the real danger.  If that key were used for
encryption as well as signing, outside of SSH -- say for encrypting data
files or email -- then this could be disastrous.  I might be able to trick
SSH into decrypting the bulk key for a sealed document sent to you, just
by attempting to log in as you.

> I also think the ssh-1.5 protocol is somewhat off-topic here

The 1.5 protocol is in widespread use, much more widespread than 2.0.
Given that, and the fact that several people on this list work for SSH
Communications Security, which maintains the SSH1 software and distributes
the 1.5 protocol spec with it, I had assumed that correct understanding of
the 1.5 protocol would be a relevant topic for the secsh working group.  I
it isn't, I apologize.

Nonetheless, thanks for your reply.

-- 
  Richard Silverman
  slade@shore.net

From owner-ietf-ssh@clinet.fi  Sat Jul  8 02:43:27 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id CAA09643
	for <msfriedl@cip.informatik.uni-erlangen.de>; Sat, 8 Jul 2000 02:43:27 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id CAA29637
	for <Markus.Friedl@informatik.uni-erlangen.de>; Sat, 8 Jul 2000 02:43:26 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id BAA26787
	for ietf-ssh-outgoing; Sat, 8 Jul 2000 01:45:43 +0300
Received: from inner.net (avarice.inner.net [199.33.248.2])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id BAA26783
	for <ietf-ssh@clinet.fi>; Sat, 8 Jul 2000 01:45:42 +0300
Received: from mosquito ([216.52.8.30])
	by inner.net (8.7.6/8.9.3) with ESMTP id WAA31602;
	Fri, 7 Jul 2000 22:31:02 GMT
Message-Id: <4.2.0.58.20000707184022.009857a0@avarice.inner.net>
X-Sender: rja@avarice.inner.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 
Date: Fri, 07 Jul 2000 18:42:14 -0400
To: "Richard E. Silverman" <slade@shore.net>
From: RJ Atkinson <rja@inet.org>
Subject: Re: comment in the 1.5 protocol spec
Cc: SECSH Discussion List <ietf-ssh@clinet.fi>
In-Reply-To: <Pine.LNX.4.10.10007071805010.6292-100000@syrinx.oankali.ne
 t>
References: <4.2.0.58.20000706171806.0098fa50@avarice.inner.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 827
Lines: 28

At 18:20 07/07/00 , Richard E. Silverman wrote:
>  Since I quoted his name in my reply, my mail reader marked the message:
>
>   Content-Type: TEXT/PLAIN; charset=X-UNKNOWN

THanks for the detailed clarification.

>I have since reset it to mark messages with an unknown character set as
>ISO-8859-1 instead, which will probably work most of the time for
>typically broken messages.

Great.  Thanks very much.

> > ... and cannot assume Windows is on everyone's desktop.
>
>I don't know where you got this from; I use Pine under Linux.

I made an educated guess, which turned out to be wrong. :-(

This turns out to be a really really widespread problem lately.
The most common cause (by far) is folks stuck using MS-Exchange,
which often sends mail using some weird non-ISO, non-ASCII
proprietary character set.

Thanks,

Ran

From owner-ietf-ssh@clinet.fi  Sat Jul 15 00:04:39 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id AAA03170
	for <msfriedl@cip.informatik.uni-erlangen.de>; Sat, 15 Jul 2000 00:04:39 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id AAA12665
	for <Markus.Friedl@informatik.uni-erlangen.de>; Sat, 15 Jul 2000 00:04:38 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id WAA01657
	for ietf-ssh-outgoing; Fri, 14 Jul 2000 22:57:29 +0300
Received: from sultan.cceb.upenn.edu (SULTAN.CCEB.UPENN.EDU [165.123.126.23])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id WAA01652
	for <ietf-ssh@clinet.fi>; Fri, 14 Jul 2000 22:57:25 +0300
Received: from cceb.upenn.edu ([165.123.126.136]) by sultan.cceb.upenn.edu
          (Netscape Messaging Server 3.6)  with ESMTP id AAA25BC
          for <ietf-ssh@clinet.fi>; Fri, 14 Jul 2000 15:57:22 -0400
Message-ID: <396F70A4.FB70EA45@cceb.upenn.edu>
Date: Fri, 14 Jul 2000 15:57:24 -0400
From: "Govind Vinjamuri" <gvinjamu@cceb.upenn.edu>
X-Mailer: Mozilla 4.72 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: ietf-ssh@clinet.fi
Subject: ssh nad root
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 112
Lines: 6

Does anyone know the flag for disabling root ssh login thanks only if
you have a solution, just kidding.


Gov

From owner-ietf-ssh@clinet.fi  Sat Jul 15 05:59:38 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id FAA19748
	for <msfriedl@cip.informatik.uni-erlangen.de>; Sat, 15 Jul 2000 05:59:38 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id FAA24593
	for <Markus.Friedl@informatik.uni-erlangen.de>; Sat, 15 Jul 2000 05:59:37 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id FAA26403
	for ietf-ssh-outgoing; Sat, 15 Jul 2000 05:14:51 +0300
Received: from sp2n17.missouri.edu (sp2n17-t.missouri.edu [128.206.2.27])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id FAA26400
	for <ietf-ssh@clinet.fi>; Sat, 15 Jul 2000 05:14:49 +0300
Received: from tortoise15 (Mizzou-AS-228096.missouri.edu [128.206.228.96])
	by sp2n17.missouri.edu (8.9.0/8.9.0) with SMTP id VAA23936;
	Fri, 14 Jul 2000 21:14:07 -0500
From: "Calvin Bebermeyer" <calvinb@acm.org>
To: "Govind Vinjamuri" <gvinjamu@cceb.upenn.edu>, <ietf-ssh@clinet.fi>
Subject: RE: ssh nad root
Date: Fri, 14 Jul 2000 21:15:17 -0500
Message-ID: <NEBBLMFLEIGHCPMHMFCBGELHCBAA.calvinb@acm.org>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
In-Reply-To: <396F70A4.FB70EA45@cceb.upenn.edu>
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 427
Lines: 21

yes we do ...
		PermitRootLogin         no

Calvin Bebermeyer
2000-2001 MU-ACM Program Chair
calvinb@acm.org 

-----Original Message-----
From: owner-ietf-ssh@clinet.fi [mailto:owner-ietf-ssh@clinet.fi]On
Behalf Of Govind Vinjamuri
Sent: Friday, July 14, 2000 2:57 PM
To: ietf-ssh@clinet.fi
Subject: ssh nad root


Does anyone know the flag for disabling root ssh login thanks only if
you have a solution, just kidding.


Gov

From owner-ietf-ssh@clinet.fi  Thu Jul 20 20:48:50 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id UAA18954
	for <msfriedl@cip.informatik.uni-erlangen.de>; Thu, 20 Jul 2000 20:48:49 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id UAA20904
	for <Markus.Friedl@informatik.uni-erlangen.de>; Thu, 20 Jul 2000 20:48:48 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id SAA24054
	for ietf-ssh-outgoing; Thu, 20 Jul 2000 18:58:09 +0300
Received: from snark.piermont.com (snark.piermont.com [206.1.51.10])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id SAA24050
	for <ietf-ssh@clinet.fi>; Thu, 20 Jul 2000 18:58:07 +0300
Received: by snark.piermont.com (Postfix, from userid 1000)
	id A34D31E00A4; Thu, 20 Jul 2000 11:58:05 -0400 (EDT)
From: "Perry E. Metzger" <perry@wasabisystems.com>
To: ietf-ssh@clinet.fi
Subject: New working group chair
Date: 20 Jul 2000 11:58:05 -0400
Message-ID: <87aefc23qq.fsf@snark.piermont.com>
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 840
Lines: 19


I'm pleased to announce that Bill Sommerfeld (sommerfeld@east.sun.com)
will be taking over from me as working group chair. As everyone has
doubtless noticed, the documents have been languishing for quite some
time. This has largely been because I've been too busy to devote
enough effort to pushing the work product out the door.

Many of you know Bill from his long time association with other IETF
working groups, especially in the security area. He is eminently
qualified for this role, both from the viewpoint of technical
expertise and temperament, and I'm very happy that he has agreed to
take on the task of seeing the working group through to completion.

Welcome aboard, Bill, and thanks for taking the baton!

--
Perry E. Metzger		perry@wasabisystems.com
--
Quality NetBSD Sales, Support & Service. http://www.wasabisystems.com/
From owner-ietf-ssh@clinet.fi  Thu Jul 20 21:39:06 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id VAA21836
	for <msfriedl@cip.informatik.uni-erlangen.de>; Thu, 20 Jul 2000 21:39:06 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id VAA24292
	for <Markus.Friedl@informatik.uni-erlangen.de>; Thu, 20 Jul 2000 21:39:06 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id UAA31162
	for ietf-ssh-outgoing; Thu, 20 Jul 2000 20:49:21 +0300
Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id UAA31158
	for <ietf-ssh@clinet.fi>; Thu, 20 Jul 2000 20:49:20 +0300
Received: from eastmail1.East.Sun.COM ([129.148.1.240])
	by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id KAA02648
	for <ietf-ssh@clinet.fi>; Thu, 20 Jul 2000 10:48:58 -0700 (PDT)
Received: from thunk.east.sun.com (thunk.East.Sun.COM [129.148.174.66])
	by eastmail1.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v1.7) with ESMTP id NAA02594
	for <ietf-ssh@clinet.fi>; Thu, 20 Jul 2000 13:48:02 -0400 (EDT)
Received: from thunk.east.sun.com (localhost [127.0.0.1])
	by thunk.east.sun.com (8.10.2+Sun/8.10.2) with ESMTP id e6KHlfJ117017
	for <ietf-ssh@clinet.fi>; Thu, 20 Jul 2000 13:47:41 -0400 (EDT)
Message-Id: <200007201747.e6KHlfJ117017@thunk.east.sun.com>
From: Bill Sommerfeld <sommerfeld@east.sun.com>
To: ietf-ssh@clinet.fi
Subject: secsh meeting in pittsburgh: call for agenda items.
In-reply-to: Your message of "20 Jul 2000 11:58:05 EDT."
             <87aefc23qq.fsf@snark.piermont.com> 
Reply-to: sommerfeld@east.sun.com
Date: Thu, 20 Jul 2000 13:47:41 -0400
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 1059
Lines: 31

As Perry mentioned, I've been persuaded to take over as working group
chair.

I've arranged for this working group to meet at the Pittsburgh IETF;
according to the current schedule, we'll be meeting Wednesday
afternoon at 1pm.

We need an agenda for the meeting, so I'll shortly be going through
back traffic to this mailing list looking for any open issues/problems
with the existing drafts.  If there are topics you believe should
discussed in the meeting, please let me know; in the interests of
getting the core secsh documents moving again, priority will be given
to discussions of the existing drafts.

It is my hope that we can start the documents on their way through
last calls and on their way to the IESG shortly after the Pittsburgh
meeting.

Now would be a good time for folks to do a careful review of the four
existing drafts:

	draft-ietf-secsh-architecture-05.txt
	draft-ietf-secsh-transport-07.txt
	draft-ietf-secsh-userauth-07.txt
	draft-ietf-secsh-connect-07.txt

Please send comments to this list.

				Thanks for your time,

					- Bill
From owner-ietf-ssh@clinet.fi  Sun Jul 23 03:26:52 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id DAA15943
	for <msfriedl@cip.informatik.uni-erlangen.de>; Sun, 23 Jul 2000 03:26:51 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id DAA24996
	for <Markus.Friedl@informatik.uni-erlangen.de>; Sun, 23 Jul 2000 03:26:50 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id CAA22460
	for ietf-ssh-outgoing; Sun, 23 Jul 2000 02:22:08 +0300
Received: from asgard.tky.hut.fi (asgard.tky.hut.fi [130.233.29.146])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id CAA22455
	for <ietf-ssh@clinet.fi>; Sun, 23 Jul 2000 02:22:07 +0300
Received: (from sjl@localhost)
	by asgard.tky.hut.fi (8.9.3/8.9.3) id CAA25531;
	Sun, 23 Jul 2000 02:20:11 +0300
From: Sami Lehtinen <sjl@iki.fi>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Message-ID: <14714.11307.410023.751051@asgard.tky.hut.fi>
Date: Sun, 23 Jul 2000 02:20:11 +0300 (EEST)
To: sommerfeld@east.sun.com
Cc: ietf-ssh@clinet.fi, ylo@ssh.fi
Subject: secsh meeting in pittsburgh: call for agenda items.
In-Reply-To: <200007201747.e6KHlfJ117017@thunk.east.sun.com>
References: <87aefc23qq.fsf@snark.piermont.com>
	<200007201747.e6KHlfJ117017@thunk.east.sun.com>
X-Mailer: VM 6.72 under 21.1 (patch 10) "Capitol Reef" XEmacs Lucid
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 945
Lines: 24

Bill Sommerfeld, on July 20. 2000, wrote:
  : Now would be a good time for folks to do a careful review of the four
  : existing drafts:
  : 
  : 	draft-ietf-secsh-architecture-05.txt
  : 	draft-ietf-secsh-transport-07.txt
  : 	draft-ietf-secsh-userauth-07.txt
  : 	draft-ietf-secsh-connect-07.txt
  : 
  : Please send comments to this list.

As Markus Friedl, Niels Mller and I have already commented on this
list, I will be removing the unnecessary ``length'' fields from the
certificate and public key encoding. It will also be removed from the
encoded signature. This is because the signatures and public keys are
encoded as strings in all the messages they are used.

This change will only affect the transport draft.

Regards,
-- 
[sjl@ssh.com          --  Sami J. Lehtinen  --           sjl@iki.fi]
[work:+358 9 85657425][gsm:+358 50 5170 258][http://www.iki.fi/~sjl]
[SSH Communications Security Corp               http://www.ssh.com/]
From owner-ietf-ssh@clinet.fi  Mon Jul 24 01:34:46 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id BAA12014
	for <msfriedl@cip.informatik.uni-erlangen.de>; Mon, 24 Jul 2000 01:34:45 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id BAA04695
	for <Markus.Friedl@informatik.uni-erlangen.de>; Mon, 24 Jul 2000 01:34:43 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id AAA20889
	for ietf-ssh-outgoing; Mon, 24 Jul 2000 00:40:20 +0300
Received: from inner.net (avarice.inner.net [199.33.248.2])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id AAA20886
	for <ietf-ssh@clinet.fi>; Mon, 24 Jul 2000 00:40:17 +0300
Received: from mosquito ([216.52.8.30])
	by inner.net (8.7.6/8.9.3) with ESMTP id VAA19577;
	Sun, 23 Jul 2000 21:36:48 GMT
Message-Id: <4.2.0.58.20000723173237.0097b100@avarice.inner.net>
X-Sender: rja@avarice.inner.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 
Date: Sun, 23 Jul 2000 17:35:49 -0400
To: Sami Lehtinen <sjl@iki.fi>
From: RJ Atkinson <rja@inet.org>
Subject: Re: secsh meeting in pittsburgh: call for agenda items.
Cc: ietf-ssh@clinet.fi, ylo@ssh.fi
In-Reply-To: <14714.11307.410023.751051@asgard.tky.hut.fi>
References: <200007201747.e6KHlfJ117017@thunk.east.sun.com>
 <87aefc23qq.fsf@snark.piermont.com>
 <200007201747.e6KHlfJ117017@thunk.east.sun.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 642
Lines: 18

At 19:20 22/07/00 , Sami Lehtinen wrote:

>As Markus Friedl, Niels Mller and I have already commented on this
>list, I will be removing the unnecessary ``length'' fields from the
>certificate and public key encoding. It will also be removed from the
>encoded signature. This is because the signatures and public keys are
>encoded as strings in all the messages they are used.
>
>This change will only affect the transport draft.

Ought this not receive broader WG discussion before being made ?

At least in theory this is an open IETF standard, rather than
the private specification of SSH Communications Security... :-)

Ran
rja@inet.org

From owner-ietf-ssh@clinet.fi  Mon Jul 24 18:27:37 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id SAA18971
	for <msfriedl@cip.informatik.uni-erlangen.de>; Mon, 24 Jul 2000 18:27:36 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id SAA10849
	for <Markus.Friedl@informatik.uni-erlangen.de>; Mon, 24 Jul 2000 18:27:35 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id RAA16051
	for ietf-ssh-outgoing; Mon, 24 Jul 2000 17:01:34 +0300
Received: from ssh.com (fw.hel.fi.ssh.com [193.64.193.124])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id RAA16047
	for <ietf-ssh@clinet.fi>; Mon, 24 Jul 2000 17:01:33 +0300
Received: from torni.hel.fi.ssh.com (torni.hel.fi.ssh.com [10.1.0.43])
	by ssh.com (8.9.3/8.9.3/SSH-1.16) with ESMTP id RAA17276
	for <ietf-ssh@clinet.fi>; Mon, 24 Jul 2000 17:01:33 +0300 (EEST)
Received: (from sshlist@localhost)
	by torni.hel.fi.ssh.com (8.9.3/8.9.3/SSH-1.17) id RAA23039
	for ietf-ssh@clinet.fi; Mon, 24 Jul 2000 17:01:33 +0300 (EET DST)
Received: (from ylo@localhost)
	by torni.hel.fi.ssh.com (8.9.3/8.9.3/SSH-1.17) id AAA16672;
	Mon, 24 Jul 2000 00:40:13 +0300 (EET DST)
Date: Mon, 24 Jul 2000 00:40:13 +0300 (EET DST)
Message-Id: <200007232140.AAA16672@torni.hel.fi.ssh.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
From: Tatu Ylonen <ylo@ssh.com>
To: sommerfeld@east.sun.com
Cc: Sami Lehtinen <sjl@iki.fi>, ietf-ssh@clinet.fi
Subject: secsh meeting in pittsburgh: call for agenda items.
In-Reply-To: <14714.11307.410023.751051@asgard.tky.hut.fi>
References: <87aefc23qq.fsf@snark.piermont.com>
	<200007201747.e6KHlfJ117017@thunk.east.sun.com>
	<14714.11307.410023.751051@asgard.tky.hut.fi>
X-Mailer: VM 6.34 under Emacs 19.34.2
Organization: SSH Communications Security, Finland
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 1263
Lines: 34

I'm writing a draft on Kerberos V5 support in SSH2, and would like to
have a short presentation/discussion on that at the meeting.

The general idea is very simple:

Two new authentication methods, "kerberos" and "kerberos-tgt", plus
allowing the user name passed in the authentication protocol to be in
the form "<user>@<realm>", in addition to just user name.

The "kerberos" method passes a "host" ticket, whereas the
"kerberos-tgt" passes a ticket granting ticket.  The only
method-specific field in the authentication packets is a string
containing the ticket.

If "user@realm" syntax is used for the user name, it should be mapped
to a local name.

The "password" method should also check for kerberos passwords.

If successfully authenticating using either "kerberos-tgt" or
"password" (using kerberos passwords), the ticket granting ticket
should be stored in the user's credentials cache (as if kinit had been
done for the user).


I should have the draft ready in a couple of days (or maybe even later
today), and I will send it to this list before the IETF.

    Tatu

-- 
SSH Communications Security           http://www.ssh.com/
SSH IPSEC Toolkit                     http://www.ipsec.com/
SSH(R) Secure Shell(TM)               http://www.ssh.com/ssh
From owner-ietf-ssh@clinet.fi  Mon Jul 24 19:00:12 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id TAA20774
	for <msfriedl@cip.informatik.uni-erlangen.de>; Mon, 24 Jul 2000 19:00:11 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id TAA13392
	for <Markus.Friedl@informatik.uni-erlangen.de>; Mon, 24 Jul 2000 19:00:10 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id RAA21009
	for ietf-ssh-outgoing; Mon, 24 Jul 2000 17:45:41 +0300
Received: from inner.net (avarice.inner.net [199.33.248.2])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id RAA21004
	for <ietf-ssh@clinet.fi>; Mon, 24 Jul 2000 17:45:37 +0300
Received: from mosquito ([216.52.8.30])
	by inner.net (8.7.6/8.9.3) with ESMTP id OAA20144;
	Mon, 24 Jul 2000 14:42:02 GMT
Message-Id: <4.2.0.58.20000724103533.0096f550@avarice.inner.net>
X-Sender: rja@avarice.inner.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 
Date: Mon, 24 Jul 2000 10:41:29 -0400
To: RJ Atkinson <rja@inet.org>
From: RJ Atkinson <rja@inet.org>
Subject: Re: secsh meeting in pittsburgh: call for agenda items.
Cc: Sami Lehtinen <sjl@iki.fi>, ietf-ssh@clinet.fi, ylo@ssh.fi
In-Reply-To: <4.2.0.58.20000723173237.0097b100@avarice.inner.net>
References: <14714.11307.410023.751051@asgard.tky.hut.fi>
 <200007201747.e6KHlfJ117017@thunk.east.sun.com>
 <87aefc23qq.fsf@snark.piermont.com>
 <200007201747.e6KHlfJ117017@thunk.east.sun.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 1642
Lines: 40


>At 19:20 22/07/00 , Sami Lehtinen wrote:
>
> >As Markus Friedl, Niels Mller and I have already commented on this
> >list, I will be removing the unnecessary ``length'' fields from the
> >certificate and public key encoding. It will also be removed from the
> >encoded signature. This is because the signatures and public keys are
> >encoded as strings in all the messages they are used.
> >
> >This change will only affect the transport draft.

         I'll try again and maybe be more clear.  

         Various folks (including my employer and its myriad
customers) have already SHIPPED and DEPLOYED SSHv2, therefore 
changing the protocol on the wire is highly undesirable at
this point in time.  If we are merely sending data that isn't
needed, but is not actually incorrect or harmful, we probably
ought not be changing the spec (and thereby removing what
interoperability exists at present).  

         There are more than 3 implementers at this point, 
so ALL changes ought to go through a normal IETF "propose to 
the mailing list", "list discusses proposal", then "document 
is changed if and only if  there is clear consensus to make 
the change" process.

         Generally speaking, the goal at this point ought to be
to AVOID changing the protocol, though updating documents to
reflect the as-built, as-shipped, as-deployed protocol would
obviously be useful and a good thing.  If there is a specific
flaw in the currently specified protocol, then that ought to
be outlined before the WG (as a whole, not one or two individuals)
so the group collective can figure out how to proceed.

         All IMHO.

Ran
rja@inet.org

From owner-ietf-ssh@clinet.fi  Mon Jul 24 18:59:55 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id SAA20702
	for <msfriedl@cip.informatik.uni-erlangen.de>; Mon, 24 Jul 2000 18:59:55 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id SAA13338
	for <Markus.Friedl@informatik.uni-erlangen.de>; Mon, 24 Jul 2000 18:59:54 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id RAA21293
	for ietf-ssh-outgoing; Mon, 24 Jul 2000 17:49:46 +0300
Received: from asgard.tky.hut.fi (asgard.tky.hut.fi [130.233.29.146])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id RAA21290
	for <ietf-ssh@clinet.fi>; Mon, 24 Jul 2000 17:49:45 +0300
Received: (from sjl@localhost)
	by asgard.tky.hut.fi (8.9.3/8.9.3) id RAA27000;
	Mon, 24 Jul 2000 17:47:48 +0300
From: Sami Lehtinen <sjl@iki.fi>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <14716.22292.55071.340992@asgard.tky.hut.fi>
Date: Mon, 24 Jul 2000 17:47:48 +0300 (EEST)
To: Tatu Ylonen <ylo@ssh.com>
Cc: RJ Atkinson <rja@inet.org>, ietf-ssh@clinet.fi
Subject: Re: secsh meeting in pittsburgh: call for agenda items.
In-Reply-To: <200007232156.AAA18723@torni.hel.fi.ssh.com>
References: <200007201747.e6KHlfJ117017@thunk.east.sun.com>
	<87aefc23qq.fsf@snark.piermont.com>
	<14714.11307.410023.751051@asgard.tky.hut.fi>
	<4.2.0.58.20000723173237.0097b100@avarice.inner.net>
	<200007232156.AAA18723@torni.hel.fi.ssh.com>
X-Mailer: VM 6.72 under 21.1 (patch 10) "Capitol Reef" XEmacs Lucid
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 863
Lines: 18

Tatu Ylonen, on July 24. 2000, wrote:
[length field in signatures and certificate/public key encoding]
  : > Ought this not receive broader WG discussion before being made ?
  : > 
  : > At least in theory this is an open IETF standard, rather than
  : > the private specification of SSH Communications Security... :-)
  : 
  : Markus is working on OpenSSH, and Niels is doing the GNU LSH
  : implementation.  Neither of them works for SSH Communications
  : Security.  In any case, this *is* the secsh WG mailing list... :-)

Also, the change has already been discussed here at length. If you
(RJ) have differing views, please post them to the list.

-- 
[sjl@ssh.com          --  Sami J. Lehtinen  --           sjl@iki.fi]
[work:+358 9 85657425][gsm:+358 50 5170 258][http://www.iki.fi/~sjl]
[SSH Communications Security Corp               http://www.ssh.com/]
From owner-ietf-ssh@clinet.fi  Mon Jul 24 23:08:49 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id XAA02876
	for <msfriedl@cip.informatik.uni-erlangen.de>; Mon, 24 Jul 2000 23:08:48 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id XAA00994
	for <Markus.Friedl@informatik.uni-erlangen.de>; Mon, 24 Jul 2000 23:08:42 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id VAA07213
	for ietf-ssh-outgoing; Mon, 24 Jul 2000 21:51:35 +0300
Received: from ssh.com (fw.hel.fi.ssh.com [193.64.193.124])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id VAA07210
	for <ietf-ssh@clinet.fi>; Mon, 24 Jul 2000 21:51:34 +0300
Received: from torni.hel.fi.ssh.com (torni.hel.fi.ssh.com [10.1.0.43])
	by ssh.com (8.9.3/8.9.3/SSH-1.16) with ESMTP id VAA27419
	for <ietf-ssh@clinet.fi>; Mon, 24 Jul 2000 21:51:34 +0300 (EEST)
Received: (from sshlist@localhost)
	by torni.hel.fi.ssh.com (8.9.3/8.9.3/SSH-1.17) id VAA28582
	for ietf-ssh@clinet.fi; Mon, 24 Jul 2000 21:51:34 +0300 (EET DST)
Received: (from sjl@localhost)
	by asgard.tky.hut.fi (8.9.3/8.9.3) id RAA27009;
	Mon, 24 Jul 2000 17:58:58 +0300
From: Sami Lehtinen <sjl@iki.fi>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <14716.22962.521316.19481@asgard.tky.hut.fi>
Date: Mon, 24 Jul 2000 17:58:58 +0300 (EEST)
To: RJ Atkinson <rja@inet.org>
Cc: ietf-ssh@clinet.fi, ylo@ssh.com
Subject: Re: secsh meeting in pittsburgh: call for agenda items.
In-Reply-To: <4.2.0.58.20000724103533.0096f550@avarice.inner.net>
References: <14714.11307.410023.751051@asgard.tky.hut.fi>
	<200007201747.e6KHlfJ117017@thunk.east.sun.com>
	<87aefc23qq.fsf@snark.piermont.com>
	<4.2.0.58.20000724103533.0096f550@avarice.inner.net>
X-Mailer: VM 6.72 under 21.1 (patch 10) "Capitol Reef" XEmacs Lucid
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 1879
Lines: 38

RJ Atkinson, on July 24. 2000, wrote:
  :          Various folks (including my employer and its myriad
  : customers) have already SHIPPED and DEPLOYED SSHv2, therefore 
  : changing the protocol on the wire is highly undesirable at
  : this point in time.  If we are merely sending data that isn't
  : needed, but is not actually incorrect or harmful, we probably
  : ought not be changing the spec (and thereby removing what
  : interoperability exists at present).  
  :
  :          There are more than 3 implementers at this point, 
  : so ALL changes ought to go through a normal IETF "propose to 
  : the mailing list", "list discusses proposal", then "document 
  : is changed if and only if  there is clear consensus to make 
  : the change" process.

These have already been established, though I don't know whether you
have access to those messages. The change hasn't yet been made, as
the responsible person for this change (=me) was in vacation.

  :          Generally speaking, the goal at this point ought to be
  : to AVOID changing the protocol, though updating documents to
  : reflect the as-built, as-shipped, as-deployed protocol would
  : obviously be useful and a good thing.  If there is a specific
  : flaw in the currently specified protocol, then that ought to
  : be outlined before the WG (as a whole, not one or two individuals)
  : so the group collective can figure out how to proceed.

Okay, let's see. LSH and OpenSSH and our SSH implementation (from
v.2.2.0) follow the more "logical" style, ie. the length field is
omitted.

That means, if the draft isn't changed, atleast 3 implementors will
have to change their implementation.

-- 
[sjl@ssh.com          --  Sami J. Lehtinen  --           sjl@iki.fi]
[work:+358 9 85657425][gsm:+358 50 5170 258][http://www.iki.fi/~sjl]
[SSH Communications Security Corp               http://www.ssh.com/]
From owner-ietf-ssh@clinet.fi  Mon Jul 24 19:09:54 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id TAA21425
	for <msfriedl@cip.informatik.uni-erlangen.de>; Mon, 24 Jul 2000 19:09:54 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id TAA14064
	for <Markus.Friedl@informatik.uni-erlangen.de>; Mon, 24 Jul 2000 19:09:53 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id SAA22626
	for ietf-ssh-outgoing; Mon, 24 Jul 2000 18:06:12 +0300
Received: from inner.net (avarice.inner.net [199.33.248.2])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id SAA22621
	for <ietf-ssh@clinet.fi>; Mon, 24 Jul 2000 18:06:10 +0300
Received: from mosquito ([216.52.8.30])
	by inner.net (8.7.6/8.9.3) with ESMTP id PAA20220;
	Mon, 24 Jul 2000 15:02:36 GMT
Message-Id: <4.2.0.58.20000724105942.00973bf0@avarice.inner.net>
X-Sender: rja@avarice.inner.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 
Date: Mon, 24 Jul 2000 11:02:01 -0400
To: Sami Lehtinen <sjl@iki.fi>
From: RJ Atkinson <rja@inet.org>
Subject: Re: secsh meeting in pittsburgh: call for agenda items.
Cc: ietf-ssh@clinet.fi
In-Reply-To: <14716.22292.55071.340992@asgard.tky.hut.fi>
References: <200007232156.AAA18723@torni.hel.fi.ssh.com>
 <200007201747.e6KHlfJ117017@thunk.east.sun.com>
 <87aefc23qq.fsf@snark.piermont.com>
 <14714.11307.410023.751051@asgard.tky.hut.fi>
 <4.2.0.58.20000723173237.0097b100@avarice.inner.net>
 <200007232156.AAA18723@torni.hel.fi.ssh.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 658
Lines: 20

At 10:47 24/07/00 , Sami Lehtinen wrote:

>Also, the change has already been discussed here at length. If you
>(RJ) have differing views, please post them to the list.

         I'll assume that those emails didn't reach me due to some
SMTP weirdness.  Any road, I haven't seen them.  I've forgotten
where the list archive lives, maybe someone can throw me a clue
privately ? :-)

         I do object to changing the protocol on the wire because
it adversely impacts what interoperability exists at present.

         I have commit access to an SSHv2 implementation that has 
already shipped and is in daily (hourly ?) use by customers.

Ran
rja@inet.org


From owner-ietf-ssh@clinet.fi  Mon Jul 24 19:26:05 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id TAA22435
	for <msfriedl@cip.informatik.uni-erlangen.de>; Mon, 24 Jul 2000 19:26:05 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id TAA15387
	for <Markus.Friedl@informatik.uni-erlangen.de>; Mon, 24 Jul 2000 19:26:03 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id SAA23894
	for ietf-ssh-outgoing; Mon, 24 Jul 2000 18:22:29 +0300
Received: from inner.net (avarice.inner.net [199.33.248.2])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id SAA23891
	for <ietf-ssh@clinet.fi>; Mon, 24 Jul 2000 18:22:27 +0300
Received: from mosquito ([216.52.8.30])
	by inner.net (8.7.6/8.9.3) with ESMTP id PAA20258;
	Mon, 24 Jul 2000 15:18:57 GMT
Message-Id: <4.2.0.58.20000724111450.009e7c30@avarice.inner.net>
X-Sender: rja@avarice.inner.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 
Date: Mon, 24 Jul 2000 11:18:25 -0400
To: Sami Lehtinen <sjl@iki.fi>
From: RJ Atkinson <rja@inet.org>
Subject: Re: secsh meeting in pittsburgh: call for agenda items.
Cc: ietf-ssh@clinet.fi
In-Reply-To: <14716.22962.521316.19481@asgard.tky.hut.fi>
References: <4.2.0.58.20000724103533.0096f550@avarice.inner.net>
 <14714.11307.410023.751051@asgard.tky.hut.fi>
 <200007201747.e6KHlfJ117017@thunk.east.sun.com>
 <87aefc23qq.fsf@snark.piermont.com>
 <4.2.0.58.20000724103533.0096f550@avarice.inner.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 859
Lines: 24

At 10:58 24/07/00 , Sami Lehtinen wrote:

>Okay, let's see. LSH and OpenSSH and our SSH implementation (from
>v.2.2.0) follow the more "logical" style, ie. the length field is
>omitted.
>
>That means, if the draft isn't changed, atleast 3 implementors will
>have to change their implementation.

I'll rescind the objection if this is merely changing the
document to reflect the majority of the running code 
(as the above seems to indicate).  This was not clear in
earlier comments that I have seen.

Given that I'm not receiving all of the notes from the list
and my other correspondents aren't indicating that they are
having trouble reaching me, maybe we could migrate the list over 
to ietf.org ?  This would also have the side-effect of making
the list auto-archived with the archive accessible via web
from www.ietf.org.  Reactions ?

Ran
rja@inet.org

From owner-ietf-ssh@clinet.fi  Mon Jul 24 19:42:26 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id TAA23066
	for <msfriedl@cip.informatik.uni-erlangen.de>; Mon, 24 Jul 2000 19:42:25 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id TAA16561
	for <Markus.Friedl@informatik.uni-erlangen.de>; Mon, 24 Jul 2000 19:42:24 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id SAA25141
	for ietf-ssh-outgoing; Mon, 24 Jul 2000 18:39:24 +0300
Received: from naughty.monkey.org (IDENT:smtp@naughty.monkey.org [63.77.239.20])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id SAA25136
	for <ietf-ssh@clinet.fi>; Mon, 24 Jul 2000 18:39:22 +0300
Received: by naughty.monkey.org (Postfix, from userid 1001)
	id C5633108686; Mon, 24 Jul 2000 11:39:20 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1])
	by naughty.monkey.org (Postfix) with ESMTP
	id C2300107740; Mon, 24 Jul 2000 11:39:20 -0400 (EDT)
Date: Mon, 24 Jul 2000 11:39:20 -0400 (EDT)
From: Dug Song <dugsong@monkey.org>
To: Tatu Ylonen <ylo@ssh.com>
Cc: sommerfeld@east.sun.com, Sami Lehtinen <sjl@iki.fi>, ietf-ssh@clinet.fi
Subject: Re: secsh meeting in pittsburgh: call for agenda items.
In-Reply-To: <200007232140.AAA16672@torni.hel.fi.ssh.com>
Message-ID: <Pine.BSO.4.20.0007241126400.16831-100000@naughty.monkey.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 552
Lines: 19

On Mon, 24 Jul 2000, Tatu Ylonen wrote:

> I'm writing a draft on Kerberos V5 support in SSH2, and would like to
> have a short presentation/discussion on that at the meeting.

quick question - has any consideration been given to GSS as an
authentication mechanism for SSH2? this is how krb5 support is
actually implemented in FTP (via SASL), RPC (via RPCSEC_GSS), etc.

the Globus folks have a GSS patch for ssh-1.2.27, if you're interested in
how this might work:

	ftp://ftp.ncsa.uiuc.edu/aces/gssapi-ssh/

-d.

---
http://www.monkey.org/~dugsong/

From owner-ietf-ssh@clinet.fi  Mon Jul 24 20:42:59 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id UAA25748
	for <msfriedl@cip.informatik.uni-erlangen.de>; Mon, 24 Jul 2000 20:42:58 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id UAA20846
	for <Markus.Friedl@informatik.uni-erlangen.de>; Mon, 24 Jul 2000 20:42:57 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id TAA28899
	for ietf-ssh-outgoing; Mon, 24 Jul 2000 19:26:14 +0300
Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id TAA28887
	for <ietf-ssh@clinet.fi>; Mon, 24 Jul 2000 19:26:13 +0300
Received: from eastmail1.East.Sun.COM ([129.148.1.240])
	by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id JAA21537;
	Mon, 24 Jul 2000 09:25:55 -0700 (PDT)
Received: from thunk.east.sun.com (thunk.East.Sun.COM [129.148.174.66])
	by eastmail1.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v1.7) with ESMTP id MAA18003;
	Mon, 24 Jul 2000 12:23:07 -0400 (EDT)
Received: from thunk.east.sun.com (localhost [127.0.0.1])
	by thunk.east.sun.com (8.10.2+Sun/8.10.2) with ESMTP id e6OGMjS100462;
	Mon, 24 Jul 2000 12:22:45 -0400 (EDT)
Message-Id: <200007241622.e6OGMjS100462@thunk.east.sun.com>
From: Bill Sommerfeld <sommerfeld@east.sun.com>
To: Sami Lehtinen <sjl@iki.fi>
cc: "Richard E. Silverman" <slade@shore.net>,
        SECSH Discussion List <ietf-ssh@clinet.fi>
Subject: Re: "ssh-rsa" public-key type 
In-reply-to: Your message of "Sat, 17 Jun 2000 02:36:45 +0300."
             <14666.47629.645249.255747@asgard.tky.hut.fi> 
Reply-to: sommerfeld@east.sun.com
Date: Mon, 24 Jul 2000 12:22:45 -0400
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 801
Lines: 23

> "ssh-rsa" is supposed to be added to the draft as soon as the patent
> expires.

There's no particular reason to do this; certainly the patent issues
have not stopped other wg's from publishing specs for how to use RSA
encryption/signatures.

As far as I'm concerned, the time to add this to the draft is right
now.  

Even if you're concerned about patent issues, given the built-in time
delays in the last-calls, IESG queue, and RFC Editor queue, etc., etc.
if we were to start the WG last-call on the documents right now,
there's no way they'd be published as RFC's until after the patent
expiration.

If the final spec differs from existing practice, we may need to
change the name of the "ssh-rsa" to avoid interoperability problems
with existing implementations.

Other opinions?

					- Bill
From owner-ietf-ssh@clinet.fi  Mon Jul 24 23:15:19 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id XAA03359
	for <msfriedl@cip.informatik.uni-erlangen.de>; Mon, 24 Jul 2000 23:15:19 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id XAA01582
	for <Markus.Friedl@informatik.uni-erlangen.de>; Mon, 24 Jul 2000 23:15:18 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id VAA07377
	for ietf-ssh-outgoing; Mon, 24 Jul 2000 21:52:24 +0300
Received: from ssh.com (fw.hel.fi.ssh.com [193.64.193.124])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id VAA07371
	for <ietf-ssh@clinet.fi>; Mon, 24 Jul 2000 21:52:23 +0300
Received: from torni.hel.fi.ssh.com (torni.hel.fi.ssh.com [10.1.0.43])
	by ssh.com (8.9.3/8.9.3/SSH-1.16) with ESMTP id VAA27428
	for <ietf-ssh@clinet.fi>; Mon, 24 Jul 2000 21:52:23 +0300 (EEST)
Received: (from sshlist@localhost)
	by torni.hel.fi.ssh.com (8.9.3/8.9.3/SSH-1.17) id VAA28463
	for ietf-ssh@clinet.fi; Mon, 24 Jul 2000 21:52:23 +0300 (EET DST)
Received: from anl.gov (apollo.ctd.anl.gov [146.137.96.39]) by achilles.ctd.anl.gov (8.9.1a/8.9.1) with ESMTP id NAA24787; Mon, 24 Jul 2000 13:07:28 -0500 (CDT)
Message-ID: <397C85D1.EA497FF3@anl.gov>
Date: Mon, 24 Jul 2000 13:07:13 -0500
From: "Douglas E. Engert" <deengert@anl.gov>
Reply-To: deengert@anl.gov
Organization: Argonne National Laboratory
X-Mailer: Mozilla 4.73 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Tatu Ylonen <ylo@ssh.com>
CC: sommerfeld@east.sun.com, Sami Lehtinen <sjl@iki.fi>, ietf-ssh@clinet.fi
Subject: Re: secsh meeting in pittsburgh: call for agenda items.
References: <87aefc23qq.fsf@snark.piermont.com>
	        <200007201747.e6KHlfJ117017@thunk.east.sun.com>
	        <14714.11307.410023.751051@asgard.tky.hut.fi> <200007232140.AAA16672@torni.hel.fi.ssh.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 2010
Lines: 59



Tatu Ylonen wrote:
> 
> I'm writing a draft on Kerberos V5 support in SSH2, and would like to
> have a short presentation/discussion on that at the meeting.


Have you also considered a GSSAPI authenticaiton, rather then Kerberos
directly? (We talked breifly at the RSA conference last spring on this.)  

Would you also like to say a few words at the new Kerberos WG on
Wednesday 1530? Let me know if you would. 


> 
> The general idea is very simple:
> 
> Two new authentication methods, "kerberos" and "kerberos-tgt", plus
> allowing the user name passed in the authentication protocol to be in
> the form "<user>@<realm>", in addition to just user name.
> 
> The "kerberos" method passes a "host" ticket, whereas the
> "kerberos-tgt" passes a ticket granting ticket.  The only
> method-specific field in the authentication packets is a string
> containing the ticket.
> 
> If "user@realm" syntax is used for the user name, it should be mapped
> to a local name.
> 
> The "password" method should also check for kerberos passwords.
> 
> If successfully authenticating using either "kerberos-tgt" or
> "password" (using kerberos passwords), the ticket granting ticket
> should be stored in the user's credentials cache (as if kinit had been
> done for the user).
> 
> I should have the draft ready in a couple of days (or maybe even later
> today), and I will send it to this list before the IETF.
> 
>     Tatu
> 
> --
> SSH Communications Security           http://www.ssh.com/
> SSH IPSEC Toolkit                     http://www.ipsec.com/
> SSH(R) Secure Shell(TM)               http://www.ssh.com/ssh
> 
>                   Jeffrey Altman * Sr.Software Designer
>                  The Kermit Project * Columbia University
>                612 West 115th St * New York, NY * 10025 * USA
>      http://www.kermit-project.org/ * kermit-support@kermit-project.org

-- 

 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444
From owner-ietf-ssh@clinet.fi  Mon Jul 24 23:13:44 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id XAA03254
	for <msfriedl@cip.informatik.uni-erlangen.de>; Mon, 24 Jul 2000 23:13:43 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id XAA01538
	for <Markus.Friedl@informatik.uni-erlangen.de>; Mon, 24 Jul 2000 23:13:42 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id VAA07886
	for ietf-ssh-outgoing; Mon, 24 Jul 2000 21:58:01 +0300
Received: from citi.umich.edu (citi.umich.edu [141.211.92.141])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id VAA07881
	for <ietf-ssh@clinet.fi>; Mon, 24 Jul 2000 21:57:59 +0300
Received: from citi.umich.edu (ssh-mapper.citi.umich.edu [141.211.92.147])
	by citi.umich.edu (Postfix) with ESMTP
	id B1DE3207C1; Mon, 24 Jul 2000 14:57:52 -0400 (EDT)
Subject: Re: secsh meeting in pittsburgh: call for agenda items. 
From: Niels Provos <provos@citi.umich.edu>
In-Reply-To: Bill Sommerfeld, Thu, 20 Jul 2000 13:47:41 EDT
To: sommerfeld@east.sun.com
Cc: ietf-ssh@clinet.fi
Date: Mon, 24 Jul 2000 14:57:52 -0400
Message-Id: <20000724185752.B1DE3207C1@citi.umich.edu>
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 493
Lines: 13

In message <200007201747.e6KHlfJ117017@thunk.east.sun.com>, Bill Sommerfeld wri
tes:
>We need an agenda for the meeting, so I'll shortly be going through
>back traffic to this mailing list looking for any open issues/problems
Markus Friedl, Bill Simpson and I authored a draft on

 "Diffie-Hellman Group Exchange for the SSH Transport Layer Protocol"

It is available as draft-provos-secsh-dh-group-exchange-00.txt, and
we would like the working group to consider it.

Regards,
 Niels Provos.
From owner-ietf-ssh@clinet.fi  Tue Jul 25 02:38:04 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id CAA11234
	for <msfriedl@cip.informatik.uni-erlangen.de>; Tue, 25 Jul 2000 02:38:04 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id CAA11881
	for <Markus.Friedl@informatik.uni-erlangen.de>; Tue, 25 Jul 2000 02:38:03 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id BAA19327
	for ietf-ssh-outgoing; Tue, 25 Jul 2000 01:36:21 +0300
Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id BAA19324
	for <ietf-ssh@clinet.fi>; Tue, 25 Jul 2000 01:36:19 +0300
Received: from eastmail2.East.Sun.COM ([129.148.1.241])
	by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id PAA23324
	for <ietf-ssh@clinet.fi>; Mon, 24 Jul 2000 15:36:17 -0700 (PDT)
Received: from thunk.east.sun.com (thunk.East.Sun.COM [129.148.174.66])
	by eastmail2.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v1.7) with ESMTP id SAA23719
	for <ietf-ssh@clinet.fi>; Mon, 24 Jul 2000 18:36:16 -0400 (EDT)
Received: from thunk.east.sun.com (localhost [127.0.0.1])
	by thunk.east.sun.com (8.10.2+Sun/8.10.2) with ESMTP id e6OMZsS100807
	for <ietf-ssh@clinet.fi>; Mon, 24 Jul 2000 18:35:54 -0400 (EDT)
Message-Id: <200007242235.e6OMZsS100807@thunk.east.sun.com>
From: Bill Sommerfeld <sommerfeld@east.sun.com>
To: ietf-ssh@clinet.fi
Subject: multiple implementations..
In-reply-to: Your message of "Mon, 24 Jul 2000 10:41:29 EDT."
             <4.2.0.58.20000724103533.0096f550@avarice.inner.net> 
Reply-to: sommerfeld@east.sun.com
Date: Mon, 24 Jul 2000 18:35:54 -0400
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 774
Lines: 19

{working group chair hat on}:

while this isn't the case for the change which sparked this (there
appears to be consensus that the proposed change to delete the
duplicate length field is appropriate), I'll underline what Ran just
said:

   There are more than 3 implementers at this point, 
   so ALL changes ought to go through a normal IETF "propose to 
   the mailing list", "list discusses proposal", then "document 
   is changed if and only if  there is clear consensus to make 
   the change" process.

I am personally aware of several other sshv2 implementations besides
the 3 everyone knows about (SSH, Inc, LSH, and openssh).  I'm sure
there are others; it would be useful to hear from other SSHv2 protocol
implementors if they have something to say..

				- Bill
From owner-ietf-ssh@clinet.fi  Tue Jul 25 02:39:16 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id CAA11252
	for <msfriedl@cip.informatik.uni-erlangen.de>; Tue, 25 Jul 2000 02:39:16 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id CAA11897
	for <Markus.Friedl@informatik.uni-erlangen.de>; Tue, 25 Jul 2000 02:39:15 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id BAA19417
	for ietf-ssh-outgoing; Tue, 25 Jul 2000 01:38:50 +0300
Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id BAA19414
	for <ietf-ssh@clinet.fi>; Tue, 25 Jul 2000 01:38:49 +0300
Received: from eastmail2.East.Sun.COM ([129.148.1.241])
	by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id PAA24347;
	Mon, 24 Jul 2000 15:38:41 -0700 (PDT)
Received: from thunk.east.sun.com (thunk.East.Sun.COM [129.148.174.66])
	by eastmail2.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v1.7) with ESMTP id SAA24120;
	Mon, 24 Jul 2000 18:38:40 -0400 (EDT)
Received: from thunk.east.sun.com (localhost [127.0.0.1])
	by thunk.east.sun.com (8.10.2+Sun/8.10.2) with ESMTP id e6OMcIS100825;
	Mon, 24 Jul 2000 18:38:18 -0400 (EDT)
Message-Id: <200007242238.e6OMcIS100825@thunk.east.sun.com>
From: Bill Sommerfeld <sommerfeld@east.sun.com>
To: Tatu Ylonen <ylo@ssh.com>
cc: sommerfeld@east.sun.com, Sami Lehtinen <sjl@iki.fi>, ietf-ssh@clinet.fi
Subject: Re: secsh meeting in pittsburgh: call for agenda items. 
In-reply-to: Your message of "Mon, 24 Jul 2000 00:40:13 +0300."
             <200007232140.AAA16672@torni.hel.fi.ssh.com> 
Reply-to: sommerfeld@east.sun.com
Date: Mon, 24 Jul 2000 18:38:18 -0400
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 318
Lines: 9

> I should have the draft ready in a couple of days (or maybe even later
> today), and I will send it to this list before the IETF.

Since we're already past the internet-drafts deadline for this
meeting, there's no need to go to extreme lengths to rush this out the
door before the pittsburgh meeting..

					- Bill

From owner-ietf-ssh@clinet.fi  Tue Jul 25 07:09:08 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id HAA25347
	for <msfriedl@cip.informatik.uni-erlangen.de>; Tue, 25 Jul 2000 07:09:08 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id HAA22055
	for <Markus.Friedl@informatik.uni-erlangen.de>; Tue, 25 Jul 2000 07:09:07 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id GAA30914
	for ietf-ssh-outgoing; Tue, 25 Jul 2000 06:13:24 +0300
Received: from taka.swcp.com (taka.swcp.com [198.59.115.12])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id GAA30910
	for <ietf-ssh@clinet.fi>; Tue, 25 Jul 2000 06:13:22 +0300
Received: from viper2 (dpm4-04.swcp.com [204.134.5.197])
	by taka.swcp.com (8.10.0.Beta12/8.10.0.Beta12) with SMTP id e6P3J7H06950
	for <ietf-ssh@clinet.fi>; Mon, 24 Jul 2000 21:19:07 -0600 (MDT)
Message-ID: <000401bff5e8$a4261440$0201a8c0@vandyke.com>
From: "Jeff P. Van Dyke" <jpv@vandyke.com>
To: <ietf-ssh@clinet.fi>
References: <200007201747.e6KHlfJ117017@thunk.east.sun.com>
Subject: Re: secsh meeting in pittsburgh: call for agenda items.
Date: Mon, 24 Jul 2000 21:29:58 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6600
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 739
Lines: 33

Bill Sommerfeld, on July 20. 2000, wrote:
> Now would be a good time for folks to do a careful review of the four
> existing drafts:
> 
> draft-ietf-secsh-architecture-05.txt
> draft-ietf-secsh-transport-07.txt
> draft-ietf-secsh-userauth-07.txt
> draft-ietf-secsh-connect-07.txt

draft-ietf-secsh-connect-07.txt currently includes a reference to
SSH-AGENT:

  4.4.  Authentication Agent Forwarding

  It is RECOMMENDED that authentication agent forwarding is allowed even
  when either or both parties do not support the SSH authentication agent
  protocol [SSH-AGENT].


Does this document exist?

Is so, where can I download a copy?

If not, what are the current plans to address this?

Thank you.

Jeff P. Van Dyke
jpv@vandyke.com




From owner-ietf-ssh@clinet.fi  Tue Jul 25 07:53:07 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id HAA27820
	for <msfriedl@cip.informatik.uni-erlangen.de>; Tue, 25 Jul 2000 07:53:07 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id HAA24332
	for <Markus.Friedl@informatik.uni-erlangen.de>; Tue, 25 Jul 2000 07:52:57 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id GAA32303
	for ietf-ssh-outgoing; Tue, 25 Jul 2000 06:51:44 +0300
Received: from taka.swcp.com (taka.swcp.com [198.59.115.12])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id GAA32300
	for <ietf-ssh@clinet.fi>; Tue, 25 Jul 2000 06:51:43 +0300
Received: from viper2 (dpm4-04.swcp.com [204.134.5.197])
	by taka.swcp.com (8.10.0.Beta12/8.10.0.Beta12) with SMTP id e6P3vSH13234
	for <ietf-ssh@clinet.fi>; Mon, 24 Jul 2000 21:57:28 -0600 (MDT)
Message-ID: <009001bff5ed$ff93bdf0$0201a8c0@vandyke.com>
From: "Jeff P. Van Dyke" <jpv@vandyke.com>
To: <ietf-ssh@clinet.fi>
References: <200007241622.e6OGMjS100462@thunk.east.sun.com>
Subject: Re: "ssh-rsa" public-key type 
Date: Mon, 24 Jul 2000 22:08:19 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6600
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 939
Lines: 31

> > "ssh-rsa" is supposed to be added to the draft as soon as the patent
> > expires.
>
> There's no particular reason to do this; certainly the patent issues
> have not stopped other wg's from publishing specs for how to use RSA
> encryption/signatures.
> 
> As far as I'm concerned, the time to add this to the draft is right
> now.  
> 
> Even if you're concerned about patent issues, given the built-in time
> delays in the last-calls, IESG queue, and RFC Editor queue, etc., etc.
> if we were to start the WG last-call on the documents right now,
> there's no way they'd be published as RFC's until after the patent
> expiration.
> 
> If the final spec differs from existing practice, we may need to
> change the name of the "ssh-rsa" to avoid interoperability problems
> with existing implementations.
> 
> Other opinions?

I would like to see "ssh-rsa" added to the next revision of the
draft.

Jeff P. Van Dyke
jpv@vandyke.com




From owner-ietf-ssh@clinet.fi  Tue Jul 25 10:31:47 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id KAA05551
	for <msfriedl@cip.informatik.uni-erlangen.de>; Tue, 25 Jul 2000 10:31:46 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id KAA06833
	for <Markus.Friedl@informatik.uni-erlangen.de>; Tue, 25 Jul 2000 10:31:45 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id IAA04987
	for ietf-ssh-outgoing; Tue, 25 Jul 2000 08:23:53 +0300
Received: from nimbus.anzio.com (IDENT:ras@nimbus.anzio.com [204.201.253.34])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id IAA04981
	for <ietf-ssh@clinet.fi>; Tue, 25 Jul 2000 08:23:51 +0300
Received: from localhost (ras@localhost)
	by nimbus.anzio.com (8.8.7/8.8.7) with ESMTP id WAA01562
	for <ietf-ssh@clinet.fi>; Mon, 24 Jul 2000 22:22:06 -0700
Date: Mon, 24 Jul 2000 22:22:05 -0700 (PDT)
From: Bob Rasmussen <ras@anzio.com>
To: ietf-ssh@clinet.fi
Subject: Getting started with SSH
Message-ID: <Pine.LNX.4.21.0007242217410.1344-100000@nimbus.anzio.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 667
Lines: 24

Greetings,

Since I'm about to dive headlong into SSH, I wonder if some of you folks could
answer a couple of basic questions:

1. Is the SSH protocol 1 published anywhere, online or onpaper?

2. Where is information about this meeting in Pittsburg?

3. Would anyone care to summarize the status of trademark, patent, copyright,
etc. issues re. version 1; version 2?

Thanks in advance.

-- 
Regards,
....Bob Rasmussen,   President,   Rasmussen Software, Inc.

personal e-mail: ras@anzio.com
 company e-mail: rsi@anzio.com 
          voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)
            fax: (US) 503-624-0760
            web: http://www.anzio.com         

From owner-ietf-ssh@clinet.fi  Tue Jul 25 19:37:27 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id TAA24313
	for <msfriedl@cip.informatik.uni-erlangen.de>; Tue, 25 Jul 2000 19:37:27 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id TAA24150
	for <Markus.Friedl@informatik.uni-erlangen.de>; Tue, 25 Jul 2000 19:37:26 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id SAA13109
	for ietf-ssh-outgoing; Tue, 25 Jul 2000 18:19:41 +0300
Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id SAA13104
	for <ietf-ssh@clinet.fi>; Tue, 25 Jul 2000 18:19:36 +0300
Received: from eastmail1.East.Sun.COM ([129.148.1.240])
	by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id IAA12184
	for <ietf-ssh@clinet.fi>; Tue, 25 Jul 2000 08:19:25 -0700 (PDT)
Received: from thunk.east.sun.com (thunk.East.Sun.COM [129.148.174.66])
	by eastmail1.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v1.7) with ESMTP id LAA13453;
	Tue, 25 Jul 2000 11:19:21 -0400 (EDT)
Received: from thunk.east.sun.com (localhost [127.0.0.1])
	by thunk.east.sun.com (8.10.2+Sun/8.10.2) with ESMTP id e6PFIxS101060;
	Tue, 25 Jul 2000 11:18:59 -0400 (EDT)
Message-Id: <200007251518.e6PFIxS101060@thunk.east.sun.com>
From: Bill Sommerfeld <sommerfeld@east.sun.com>
To: "Jeff P. Van Dyke" <jpv@vandyke.com>
cc: ietf-ssh@clinet.fi
Subject: authentication agent forwarding.
In-reply-to: Your message of "Mon, 24 Jul 2000 21:29:58 MDT."
             <000401bff5e8$a4261440$0201a8c0@vandyke.com> 
Reply-to: sommerfeld@east.sun.com
Date: Tue, 25 Jul 2000 11:18:58 -0400
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 918
Lines: 26

> draft-ietf-secsh-connect-07.txt currently includes a reference to
> SSH-AGENT:
> 
>   4.4.  Authentication Agent Forwarding
> 
>   It is RECOMMENDED that authentication agent forwarding is allowed even
>   when either or both parties do not support the SSH authentication agent
>   protocol [SSH-AGENT].

Good catch.  There's also a reference to agent forwarding in the
architecture draft.

>From a process standpoint, we cannot have unresolved external
references in the document..  this reference needs to be resolved, or
the refererences removed from the documents, before they can be
advanced into the standards track.

My personal opinion is that there should be a fifth draft to describe
the SSHv2 authentication agent forwarding protocol, plus external
references to the SSHv1 agent protocol.

> If not, what are the current plans to address this?

The document editors will need to answer this.

					- Bill
From owner-ietf-ssh@clinet.fi  Wed Jul 26 18:41:43 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id SAA21190
	for <msfriedl@cip.informatik.uni-erlangen.de>; Wed, 26 Jul 2000 18:41:43 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id SAA26409
	for <Markus.Friedl@informatik.uni-erlangen.de>; Wed, 26 Jul 2000 18:41:42 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id RAA01963
	for ietf-ssh-outgoing; Wed, 26 Jul 2000 17:18:40 +0300
Received: from ssh.com (fw.hel.fi.ssh.com [193.64.193.124])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id RAA01957
	for <ietf-ssh@clinet.fi>; Wed, 26 Jul 2000 17:18:40 +0300
Received: from torni.hel.fi.ssh.com (torni.hel.fi.ssh.com [10.1.0.43])
	by ssh.com (8.9.3/8.9.3/SSH-1.16) with ESMTP id RAA12386
	for <ietf-ssh@clinet.fi>; Wed, 26 Jul 2000 17:18:40 +0300 (EEST)
Received: (from sshlist@localhost)
	by torni.hel.fi.ssh.com (8.9.3/8.9.3/SSH-1.17) id RAA29872
	for ietf-ssh@clinet.fi; Wed, 26 Jul 2000 17:18:39 +0300 (EET DST)
Received: (from jhm@localhost)
	by picard.cistron.nl (8.9.3/8.9.3/Debian 8.9.3-6) id SAA01511
	for ietf-ssh@clinet.fi; Tue, 25 Jul 2000 18:48:43 +0200
Date: Tue, 25 Jul 2000 18:48:43 +0200
From: "J.H.M. Dassen (Ray)" <jhm@cistron.nl>
To: ietf-ssh@clinet.fi
Subject: Re: Getting started with SSH
Message-ID: <20000725184843.A647@cistron.nl>
Mail-Followup-To: ietf-ssh@clinet.fi
References: <Pine.LNX.4.21.0007242217410.1344-100000@nimbus.anzio.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
User-Agent: Mutt/1.0.1i
In-Reply-To: <Pine.LNX.4.21.0007242217410.1344-100000@nimbus.anzio.com>; from ras@anzio.com on Mon, Jul 24, 2000 at 10:22:05PM -0700
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 1652
Lines: 40

On Mon, Jul 24, 2000 at 22:22:05 -0700, Bob Rasmussen wrote:
> Since I'm about to dive headlong into SSH, I wonder if some of you folks
> could answer a couple of basic questions:
> 
> 1. Is the SSH protocol 1 published anywhere, online or onpaper?

The SSH1 source, e.g. OpenSSH's, includes a draft protocol in nroff format.

> 3. Would anyone care to summarize the status of trademark, patent,
> copyright, etc. issues re. version 1; version 2?

Please distinguish between the protocol and the implementation.

Depending on your location, there may be patent issues regarding the RSA
and IDEA algorithms used by SSH1. (RSA is primarily a problem in the US;
IDEA primarily in Europe). The SSH2 protocol has been designed so as not to
require use of patented algorithms (IIRC, it requires Diffie-Helman rather
than RSA and an unencumbered block cipher (3DES?) rather than IDEA).

The copyright status varies per implementation: neither SSH1 nor SSH2 are
free software (in the Debian/GNU/OpenSource sense). 

OpenSSH is a free software implementation of the SSH1 protocol for Un*x
systems that has recently been modified to handle the SSH2 protocol as well. 

lsh is a free software implementation of the SSH2 protocol for Un*x systems.

PuTTY is a free software implementation of the SSH1 protocol for MS-Windows
systems.

There are several other implementations; I'm unfamiliar with their licensing
terms.

HTH,
Ray
-- 
UNFAIR  Term applied to advantages enjoyed by other people which we tried 
to cheat them out of and didn't manage. See also DISHONESTY, SNEAKY, 
UNDERHAND and JUST LUCKY I GUESS.     
    - The Hipcrime Vocab by Chad C. Mulligan  
From owner-ietf-ssh@clinet.fi  Tue Jul 25 23:59:49 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id XAA06067
	for <msfriedl@cip.informatik.uni-erlangen.de>; Tue, 25 Jul 2000 23:59:49 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id XAA10338
	for <Markus.Friedl@informatik.uni-erlangen.de>; Tue, 25 Jul 2000 23:59:43 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id WAA27622
	for ietf-ssh-outgoing; Tue, 25 Jul 2000 22:36:38 +0300
Received: from gungnir.fnal.gov (gungnir.fnal.gov [131.225.80.1])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id WAA27619
	for <ietf-ssh@clinet.fi>; Tue, 25 Jul 2000 22:36:34 +0300
Received: from gungnir.fnal.gov (localhost [127.0.0.1])
	by gungnir.fnal.gov (8.9.1/8.9.1) with ESMTP id OAA25809;
	Tue, 25 Jul 2000 14:36:19 -0500 (CDT)
Message-Id: <200007251936.OAA25809@gungnir.fnal.gov>
To: Tatu Ylonen <ylo@ssh.com>
Cc: sommerfeld@east.sun.com, Sami Lehtinen <sjl@iki.fi>, ietf-ssh@clinet.fi
From: "Matt Crawford" <crawdad@fnal.gov>
Subject: Re: secsh meeting in pittsburgh: call for agenda items. 
In-reply-to: Your message of Mon, 24 Jul 2000 00:40:13 +0300.
             <200007232140.AAA16672@torni.hel.fi.ssh.com> 
Date: Tue, 25 Jul 2000 14:36:18 -0500
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 1149
Lines: 26


> The "kerberos" method passes a "host" ticket, whereas the
> "kerberos-tgt" passes a ticket granting ticket.  The only
> method-specific field in the authentication packets is a string
> containing the ticket.

OK, I'm stumped.  How does the ssh server check the validity of a
TGT?  By getting a host ticket for itself from the KDC?  Then it must
have a sverice principal.  And if it has that, why not just require
the client to get the host-specific service ticket first?  It already
had to do a TGS exchange with the KDC in order to "forward" the TGT.

It looks like you're encouraging the client to pass its credential to
a server it can't have authenticated (by Kerberos) yet.

> If successfully authenticating using either "kerberos-tgt" or
> "password" (using kerberos passwords), the ticket granting ticket
> should be stored in the user's credentials cache (as if kinit had been
> done for the user).

Can't you provide a way for the client to *optionally* forward its
TGT after mutual client-server authentication has been done?

				Matt Crawford
(Now I'll have to look at the ietf-ssh archive to see if this has
already been answered.)
From owner-ietf-ssh@clinet.fi  Wed Jul 26 01:10:06 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id BAA09741
	for <msfriedl@cip.informatik.uni-erlangen.de>; Wed, 26 Jul 2000 01:10:06 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id BAA14040
	for <Markus.Friedl@informatik.uni-erlangen.de>; Wed, 26 Jul 2000 01:10:05 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id XAA31746
	for ietf-ssh-outgoing; Tue, 25 Jul 2000 23:50:33 +0300
Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id XAA31734
	for <ietf-ssh@clinet.fi>; Tue, 25 Jul 2000 23:50:31 +0300
Received: from eastmail1.East.Sun.COM ([129.148.1.240])
	by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id NAA29912
	for <ietf-ssh@clinet.fi>; Tue, 25 Jul 2000 13:50:29 -0700 (PDT)
Received: from thunk.east.sun.com (thunk.East.Sun.COM [129.148.174.66])
	by eastmail1.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v1.7) with ESMTP id QAA01027
	for <ietf-ssh@clinet.fi>; Tue, 25 Jul 2000 16:50:28 -0400 (EDT)
Received: from thunk.east.sun.com (localhost [127.0.0.1])
	by thunk.east.sun.com (8.10.2+Sun/8.10.2) with ESMTP id e6PKo6S103405
	for <ietf-ssh@clinet.fi>; Tue, 25 Jul 2000 16:50:06 -0400 (EDT)
Message-Id: <200007252050.e6PKo6S103405@thunk.east.sun.com>
From: Bill Sommerfeld <sommerfeld@east.sun.com>
To: ietf-ssh@clinet.fi
Subject: we now have a mail archive.
Reply-to: sommerfeld@east.sun.com
Date: Tue, 25 Jul 2000 16:50:06 -0400
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 398
Lines: 13

This WG has been without a mailing list archive for a while; this has
now been corrected.

Posts to this list sent on or after 21 July 2000 are now archived in
files within:

	ftp://ftp.ietf.org/ietf-mail-archive/secsh/

If anyone has been privately archiving the list, I'd appreciate it if
you can make your archive available so that we can fill in the history
of the group.  Thanks.

					- Bill
From owner-ietf-ssh@clinet.fi  Wed Jul 26 03:10:54 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id DAA13518
	for <msfriedl@cip.informatik.uni-erlangen.de>; Wed, 26 Jul 2000 03:10:53 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id DAA18970
	for <Markus.Friedl@informatik.uni-erlangen.de>; Wed, 26 Jul 2000 03:10:52 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id BAA05439
	for ietf-ssh-outgoing; Wed, 26 Jul 2000 01:54:33 +0300
Received: from folly.informatik.uni-erlangen.de (muedi6-212-144-216-028.arcor-ip.net [212.144.216.28])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id BAA05432
	for <ietf-ssh@clinet.fi>; Wed, 26 Jul 2000 01:54:20 +0300
Received: by folly.informatik.uni-erlangen.de (Postfix, from userid 31451)
	id 0283314C9; Wed, 26 Jul 2000 00:49:58 +0200 (CEST)
Date: Wed, 26 Jul 2000 00:49:58 +0200
From: Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
To: RJ Atkinson <rja@inet.org>
Cc: Sami Lehtinen <sjl@iki.fi>, ietf-ssh@clinet.fi
Subject: Re: secsh meeting in pittsburgh: call for agenda items.
Message-ID: <20000726004958.E25606@folly.informatik.uni-erlangen.de>
References: <200007232156.AAA18723@torni.hel.fi.ssh.com> <200007201747.e6KHlfJ117017@thunk.east.sun.com> <87aefc23qq.fsf@snark.piermont.com> <14714.11307.410023.751051@asgard.tky.hut.fi> <4.2.0.58.20000723173237.0097b100@avarice.inner.net> <200007232156.AAA18723@torni.hel.fi.ssh.com> <14716.22292.55071.340992@asgard.tky.hut.fi> <4.2.0.58.20000724105942.00973bf0@avarice.inner.net>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="z6Eq5LdranGa6ru8"
Content-Transfer-Encoding: 8bit
X-Mailer: Mutt 1.0.1i
In-Reply-To: <4.2.0.58.20000724105942.00973bf0@avarice.inner.net>; from rja@inet.org on Mon, Jul 24, 2000 at 11:02:01AM -0400
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 4829
Lines: 138


--z6Eq5LdranGa6ru8
Content-Type: text/plain; charset=us-ascii

On Mon, Jul 24, 2000 at 11:02:01AM -0400, RJ Atkinson wrote:
>          I do object to changing the protocol on the wire because
> it adversely impacts what interoperability exists at present.

i don't consider this a 'change of the protocol on the wire'.
the current draft is just ambiguous and inconsistent, see
my previous e-mail.

-markus

--z6Eq5LdranGa6ru8
Content-Type: message/rfc822
Content-Transfer-Encoding: 8bit

Date: Mon, 22 May 2000 00:13:41 +0200
From: Markus Friedl <markus>
To: =?iso-8859-1?Q?Niels_M=F6ller?= <nisse@lysator.liu.se>
Cc: ietf-ssh@clinet.fi, psst@net.lut.ac.uk, Sami Lehtinen <sjl@iki.fi>,
	niels@openbsd.org, deraadt@openbsd.org
Subject: Re: ssh-dss signatures
Message-ID: <20000522001341.A360@folly.informatik.uni-erlangen.de>
References: <nnzopjir9g.fsf@sture.lysator.liu.se>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Mailer: Mutt 1.0.1i
In-Reply-To: <nnzopjir9g.fsf@sture.lysator.liu.se>; from nisse@lysator.liu.se on Sun, May 21, 2000 at 10:26:35PM +0200

Hello,

On Sun, May 21, 2000 at 10:26:35PM +0200, Niels Mller wrote:
> Sami Lehtinen notified me of a bug in LSH's implementation of ssh-dss
> signatures. As I would like to have my interpretation of the spec
> confirmed, and as I suspect that also openssh may have the same
> problem (as it manages to interoperate with LSH), I'm writing to the
> WG list.
> 
> The transport draft, draft-ietf-secsh-transport-07.txt, defines an
> ssh-dss signature as
> 
>   uint32    length
>   string    "ssh-dss"
>   string    dss_signature_blob

The first field is omitted by OpenSSH as well as by SecureCRT
and from my experiments with other implementations of SSH2
it seems that ssh-2.1.0 and ssh-2.0.13 both omit everything but
	 dss_signature_blob
not even the size of the dss_signature_blob is included.

IMHO, the redundant field
	uint32    length
seems inconsistent with the overall design of all other
parts of the SSH2 specification so I would strongly support
the change of the signature specification to

	string    "ssh-dss"
	string    dss_signature_blob

Moreover, from reading the drafts now again it seems to me that the
above mentioned (redundant) uint32 length is identical to the uint32
length field from the "string signature of H".

Similar to this is the definition for "ssh-dss" from the same
transport draft:

	uint32    length
	string    "ssh-dss"
	mpint     p
	mpint     q
	mpint     g
	mpint     y

In all implementations that I could test (ssh-2.1.0, ssh-2.0.13,
lsh, SecureCRT, OpenSSH) the specified (redundant) length field is
_never_ sent across the wire.  e.g., in SSH_MSG_KEXDH_REPLY length
field from the string
	string    K_S, the host key
is again identical to the length field from the "ssh-dss" definition.

> The problem is the first field, which LSH omits. The signature is used
> for instance inside the SSH_MSG_KEXDH_REPLY message,
> 
>   byte      SSH_MSG_KEXDH_REPLY
>   string    server public host key and certificates (K_S)
>   mpint     f
>   string    signature of H
> 
> In LSH, this message looks something like this:
> 
>   SSH_MSG_KEXDH_REPLY (byte)
>   length of host key  (uint32)
>   host key data (byte array)
>   length of f
>   digits of f
> * length of signature (i.e. all below) 
>   7 (length of "ssh-dss")
>   "ssh-dss" (7 bytes)
>   length of signature blob (usually 40, and always even)
>   r digits (usually 20 bytes)
>   s digits (usually 20 bytes, but always the same length as for r)

This is the same encoding OpenSSH generates and expects.
SecureCRT expects the same format and it seems consistent
with there overall design (there is never a explicit length
field, only 'string'-type data has length fileds).

And again: I would strongly favour the removal of the
redundant length fields from the drafts since:
	1) They are not usefull at all. Why should n bytes of data
	   be encoded as: 
		uint32	n+4
		uint32	n
		n bytes data
	2) There is no public implementation of the drafts that includes
	   the redundant length field so
	3) Requiring the length field breaks all public implementations
	   of the drafts. This would hurt the acceptance of SSH2 much,
	   since it adds yet another layer of incompatibility.

> The extra length field is totally redundant here (and I believe it is
> equally redundant in all other places where an ssh-dss signature is
> used). I'm about to add it in LSH now, in order to comply with the
> draft, but I would also like the WG to give some consideration to
> removing the redundant length field in the definition of the ssh-dss
> signature.

As I said before, I see no reason why the length field is in the
drafts and I even think it refers to the length field from the
string encoding.

-markus

--z6Eq5LdranGa6ru8--
From owner-ietf-ssh@clinet.fi  Wed Jul 26 03:31:40 2000
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from faui45.informatik.uni-erlangen.de (root@faui45.informatik.uni-erlangen.de [131.188.34.45])
	by faui02.informatik.uni-erlangen.de (8.9.1/8.1.16-FAU) with ESMTP id DAA14538
	for <msfriedl@cip.informatik.uni-erlangen.de>; Wed, 26 Jul 2000 03:31:40 +0200 (MET DST)
Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7])
	by faui45.informatik.uni-erlangen.de (8.9.1/8.1.49-FAU) with ESMTP id DAA19730
	for <Markus.Friedl@informatik.uni-erlangen.de>; Wed, 26 Jul 2000 03:31:39 +0200 (MET DST)
Received: (from majordom@localhost)
	by mail.clinet.fi (8.9.3/8.9.3) id CAA06865
	for ietf-ssh-outgoing; Wed, 26 Jul 2000 02:19:49 +0300
Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1])
	by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id CAA06862
	for <ietf-ssh@clinet.fi>; Wed, 26 Jul 2000 02:19:47 +0300
Received: from eastmail1.East.Sun.COM ([129.148.1.240])
	by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id QAA00684
	for <ietf-ssh@clinet.fi>; Tue, 25 Jul 2000 16:19:43 -0700 (PDT)
Received: from thunk.east.sun.com (thunk.East.Sun.COM [129.148.174.66])
	by eastmail1.East.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v1.7) with ESMTP id TAA24340;
	Tue, 25 Jul 2000 19:19:36 -0400 (EDT)
Received: from thunk.east.sun.com (localhost [127.0.0.1])
	by thunk.east.sun.com (8.10.2+Sun/8.10.2) with ESMTP id e6PNJDS103611;
	Tue, 25 Jul 2000 19:19:13 -0400 (EDT)
Message-Id: <200007252319.e6PNJDS103611@thunk.east.sun.com>
From: Bill Sommerfeld <sommerfeld@east.sun.com>
To: Niels Provos <provos@citi.umich.edu>
cc: sommerfeld@east.sun.com, ietf-ssh@clinet.fi
Subject: Re: secsh meeting in pittsburgh: call for agenda items. 
In-reply-to: Your message of "Mon, 24 Jul 2000 14:57:52 EDT."
             <20000724185752.B1DE3207C1@citi.umich.edu> 
Reply-to: sommerfeld@east.sun.com
Date: Tue, 25 Jul 2000 19:19:13 -0400
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 1001
Lines: 24

> Markus Friedl, Bill Simpson and I authored a draft on
> 
>  "Diffie-Hellman Group Exchange for the SSH Transport Layer Protocol"
> 
> It is available as draft-provos-secsh-dh-group-exchange-00.txt, and
> we would like the working group to consider it.

The document starts with the statement:

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026, except that the right to
   produce derivative works is not granted.

Given that derivative works may not be produced, this document cannot
form the basis of a potential standards track document, and it would
thus not be appropriate to devote meeting time to discussing it.

If there is other interest in this area, I can set aside some time for
general discussion of DH parameter negotiation within the SSHv2
protocol, but unless you and your co-authors agree to change this
clause in your document, someone else will have to write a new draft
which is not derived from yours.

					- Bill
