From owner-freebsd-security  Sun Jan  2  6:12:44 2000
Delivered-To: freebsd-security@freebsd.org
Received: from folly.informatik.uni-erlangen.de (muedi43-145-253-165-004.arcor-ip.net [145.253.165.4])
	by hub.freebsd.org (Postfix) with ESMTP
	id 57D2F14A2F; Sun,  2 Jan 2000 06:12:14 -0800 (PST)
	(envelope-from markus.friedl@informatik.uni-erlangen.de)
Received: by folly.informatik.uni-erlangen.de (Postfix, from userid 31451)
	id 91FE0B98; Sun,  2 Jan 2000 15:12:09 +0100 (CET)
Date: Sun, 2 Jan 2000 15:12:08 +0100
From: Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
To: David Rankin <drankin@bohemians.lexington.ky.us>
Cc: Brian Fundakowski Feldman <green@FreeBSD.org>,
	"Michael H. Warfield" <mhw@wittsend.com>,
	Dug Song <dugsong@monkey.org>, security@FreeBSD.org,
	openssh-unix-dev@mindrot.org
Subject: Re: OpenSSH protocol 1.6 proposal
Message-ID: <20000102151208.A21548@folly.informatik.uni-erlangen.de>
References: <20000101235721.A15256@alcove.wittsend.com> <Pine.BSF.4.10.10001020047520.36184-100000@green.dyndns.org> <20000102061545.A1691@rumpole.bohemians.lexington.ky.us>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.7i
In-Reply-To: <20000102061545.A1691@rumpole.bohemians.lexington.ky.us>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sun, Jan 02, 2000 at 06:15:48AM -0500, David Rankin wrote:
> Speaking completely without facts, I am personally skeptical about
> enhancing the 1.x protocol when all of the standards processes are
> focused on getting 2.0 out the door. That said, I am willing to be
> convinced on the matter.

i have put the latest revisions of my SSH 1.6 patches to
	http://wwwcip.informatik.uni-erlangen.de/~msfriedl/openssh/

basically they consist of:
(1) CRC is replaced with hmac-sha1 + sequence-numbers. the bytes
    needed for the hmac-key are taken from the shared session-key
(2) authentication for parameters passed in the clear: the session-id
    is extended from
   session_id := MD5 (host_key_n |session_key_n|cookie);
to
   session_id := MD5 (host_key_n |session_key_n|
       supported_ciphers|supported_authentications|
       client_flags|server_flags|
       client_version_string|server_version_string|
       cookie);

and yes, having openssh speak SSH-2.0 would be nice.
mail me if you are interested in helping implement 2.0.

-markus


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message