From owner-freebsd-security  Sun Jan  2 11:46:58 2000
Delivered-To: freebsd-security@freebsd.org
Received: from hellohost (localhost [127.0.0.1])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6871A14DC1; Sun,  2 Jan 2000 11:46:53 -0800 (PST)
	(envelope-from green@FreeBSD.org)
Date: Sun, 2 Jan 2000 14:46:49 -0500 (EST)
From: Brian Fundakowski Feldman <green@FreeBSD.org>
X-Sender: green@green.dyndns.org
To: Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
Cc: David Rankin <drankin@bohemians.lexington.ky.us>,
	"Michael H. Warfield" <mhw@wittsend.com>,
	Dug Song <dugsong@monkey.org>, security@FreeBSD.org,
	openssh-unix-dev@mindrot.org
Subject: Re: OpenSSH protocol 1.6 proposal
In-Reply-To: <20000102151208.A21548@folly.informatik.uni-erlangen.de>
Message-ID: <Pine.BSF.4.10.10001021441330.8076-100000@green.dyndns.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sun, 2 Jan 2000, Markus Friedl wrote:

> On Sun, Jan 02, 2000 at 06:15:48AM -0500, David Rankin wrote:
> > Speaking completely without facts, I am personally skeptical about
> > enhancing the 1.x protocol when all of the standards processes are
> > focused on getting 2.0 out the door. That said, I am willing to be
> > convinced on the matter.
> 
> i have put the latest revisions of my SSH 1.6 patches to
> 	http://wwwcip.informatik.uni-erlangen.de/~msfriedl/openssh/

My concern here is, how much does it convolute the code?  I believe
that it's probably not as useful to make the old SSH 1.X protocol
as infinitely more secure as it is useful to make OpenSSH support
the 2.X protocol.

> 
> basically they consist of:
> (1) CRC is replaced with hmac-sha1 + sequence-numbers. the bytes
>     needed for the hmac-key are taken from the shared session-key

I really don't see why we should need sequence numbers if we do
a continuous SHA-1 hash of the entire stream.  Are you proposing
just one use per SHA_CTX, each packet having its own independent
hash and sequence number?

> (2) authentication for parameters passed in the clear: the session-id
>     is extended from
>    session_id := MD5 (host_key_n |session_key_n|cookie);
> to
>    session_id := MD5 (host_key_n |session_key_n|
>        supported_ciphers|supported_authentications|
>        client_flags|server_flags|
>        client_version_string|server_version_string|
>        cookie);

That does sound better, although I wouldn't know ow much better than
before.

> 
> and yes, having openssh speak SSH-2.0 would be nice.
> mail me if you are interested in helping implement 2.0.

Of course!

> 
> -markus
> 

-- 
 Brian Fundakowski Feldman           \  FreeBSD: The Power to Serve!  /
 green@FreeBSD.org                    `------------------------------'



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message