Minutes IETF121: sshm: Thu 15:30
minutes-121-sshm-202411071530-00
Meeting Minutes | Secure Shell Maintenance (sshm) WG | |
---|---|---|
Date and time | 2024-11-07 15:30 | |
Title | Minutes IETF121: sshm: Thu 15:30 | |
State | Active | |
Other versions | markdown | |
Last updated | 2024-11-07 |
SSHM WG @ IETF-121
Chairs
- Job Snijders
- Stephen Farrell
Agenda
- Chairs - Working Group Modus Operandi
- Damien Miller - SSH Agent Protocol
- Theo de Raadt - Deprecating ciphers
- Any Other Business?
No presentations this time:
- ntruprime
- PQ-KE
Administrivia and Modus Operandi
Slides:
https://datatracker.ietf.org/doc/slides-121-sshm-sshm-chair-slides/
- Job presented proposed modus operandi as part of chair slides
- asked room if ok, some positive reaction, no objection (so far:-)
- Bob: does a private fork count as an imlplementation?
- Job: yes, but... up to the WG/chairs/IESG if it's sufficient
-
Damien:
- broadly agree with chair modus operandi suggestion
- wrt Bob's question, oqs-openssh may be an example
-
Rich:
- try make it easy for commenters and e.g. include a pointer for
feedback in I-D - discourage direct email to authors, get stuff to the list
- try make it easy for commenters and e.g. include a pointer for
-
Deb:
- it's possible to make a github org if desired
draft-miller-ssh-agent
Slides:
https://datatracker.ietf.org/doc/slides-121-sshm-ssh-agent-protocol/
- been around 20 years, we're documenting existing stuff
- Who's read it: 2 people
- Stephen: do we want to encourage extensions in this I-D or...?
- Damien: depends, something useful & implemented, let's have the
conversation - Damien: should this be informational or? We should ask WG
-
Tero:
- go for PS
- he'd like an extension to limit the keys here if possible
("agent-restrict")
-
Damien: would like to see that standardised but would like to see
someone else implement it first - Stephen: Tero would you ask on the list if it'd make sense to add
that? - Tero: will do
-
Mitchell:
- Implementer from HPN-SSH
- we may have a 2nd impmentation of this ("soft-fork" of openssh)
- will read, excited about h/w key support
- complicated question about 3-host setup and if private key can
leave agent
-
Damien: No, agents don't expose private key itself but it can be
used - Mitchell: interested in ways to reduce trust in intermediaries
- Tero: wrt >1 implementation, there's the IETF meaning (independent
implementers from spec), 2nd one considers widely depployed e.g. in
different forks - Stephen: next steps?
- Damien: got a few comments to be included, ask list about RFC
status, not much else controversial mostly static so could be quick
Deprecating Ciphers
Various prople chatting and maybe good if the WG start chatting about
removing older ciphers. Plans is implementers get together to see what's
already been removed, then document that set as things to
uncontroversially remove. 3DES is on that list.
If anyone wants to be involved in that discussion, contact Theo.
Also need to discuss, how to remove - servers and clients may differ in
this. Some people still want SSH client to use to login to 20 year old
device. So we may end up with lists that differ from IANA's e.g.
something between permit and refuse.
Quendi site mentioned earlier won't work for this, it's good for new
things/ciphers but doesn't get updated so well when things are removed.
Tero:
- IPsec-me has done this kind of thing, maybe can copy that approach?
- He recommends not removing from code, but disabling so can be turned
on via config, or you may force fallback to telnet.
Theo: will take look but let's do it incrementall
Damien:
- like this as it makes things simpler
- removal can help upstream crypto libraries do the same
- recognises pain caused by old devices using old crypto but some pain
justified by removal of footguns, esp on server side
Rich:
- makes sense, good to do it in steps
- good to have different criteria for clients/servers
- would like to help
Tobias:
- wants to disagree a bit about keeping more old stuff in clients
Theo:
- debian have client versions with old features, but those end up with
code-rot and don't pick up non-cipher bug-fixes, not clear that overall
works
Mitchell:
- support deprecating old stuff, but has embedded old expensive n/w
gear that only supports deprecated ciphers, he can handle that but maybe
not everyone can, so not entirely sold on the idea of full removal
- it is ok to break automation and scripts, maybe see if primary
implementations would distribute e.g. ssh-legacy binaries, but is it
feasible?
- does keeping old ciphers add maintenance burder for ciphers
Bob:
- yes it is
Damien:
- the old server case and the better-than-nothing argument: if the
server hasn't been updated in 20 years, they probably have non-crypto
bugs galore so maybe it's not safe in many ways
Tobias:
- agrees with Damien's comment above
Mitchell:
- old gear he mentioned isn't on public Internet (phew:-) and telnet
wasn't an option
Deb:
- is there a way to do clients so not everything is installed all the
time
Theo:
- our client has all old stuff linked in but has to be specifically
turned on to a thing we won't fall back to
- actual removal would help upstream crypto libraries though
- maybe even remove old codepoints from IANA registries?
Bob:
- considered the interaction beween who supports what, question is how
long to try suppoort the long-tail of clients
Damien:
- turning off in server maybe less feasible - if something is in
client, you still need to test it in server
Joseph:
- from the operator perspective - 5 years ago we still had a switch
that was telnet only, now we're ssh only - if you remove things from
client we need to do lots more testing of client updates
Theo:
- we'll be conservative
other drafts
- no presenters for ntru or mlkem today
AOB
Tero:
- what version of file transfer draft to use? take to the list