SSHM WG @ IETF-121

Chairs

Agenda

No presentations this time:

Administrivia and Modus Operandi

Slides:
https://datatracker.ietf.org/doc/slides-121-sshm-sshm-chair-slides/

draft-miller-ssh-agent

Slides:
https://datatracker.ietf.org/doc/slides-121-sshm-ssh-agent-protocol/

Deprecating Ciphers

Various prople chatting and maybe good if the WG start chatting about
removing older ciphers. Plans is implementers get together to see what's
already been removed, then document that set as things to
uncontroversially remove. 3DES is on that list.

If anyone wants to be involved in that discussion, contact Theo.

Also need to discuss, how to remove - servers and clients may differ in
this. Some people still want SSH client to use to login to 20 year old
device. So we may end up with lists that differ from IANA's e.g.
something between permit and refuse.

Quendi site mentioned earlier won't work for this, it's good for new
things/ciphers but doesn't get updated so well when things are removed.

Tero:
- IPsec-me has done this kind of thing, maybe can copy that approach?
- He recommends not removing from code, but disabling so can be turned
on via config, or you may force fallback to telnet.
Theo: will take look but let's do it incrementall
Damien:
- like this as it makes things simpler
- removal can help upstream crypto libraries do the same
- recognises pain caused by old devices using old crypto but some pain
justified by removal of footguns, esp on server side
Rich:
- makes sense, good to do it in steps
- good to have different criteria for clients/servers
- would like to help
Tobias:
- wants to disagree a bit about keeping more old stuff in clients
Theo:
- debian have client versions with old features, but those end up with
code-rot and don't pick up non-cipher bug-fixes, not clear that overall
works
Mitchell:
- support deprecating old stuff, but has embedded old expensive n/w
gear that only supports deprecated ciphers, he can handle that but maybe
not everyone can, so not entirely sold on the idea of full removal
- it is ok to break automation and scripts, maybe see if primary
implementations would distribute e.g. ssh-legacy binaries, but is it
feasible?
- does keeping old ciphers add maintenance burder for ciphers
Bob:
- yes it is
Damien:
- the old server case and the better-than-nothing argument: if the
server hasn't been updated in 20 years, they probably have non-crypto
bugs galore so maybe it's not safe in many ways
Tobias:
- agrees with Damien's comment above
Mitchell:
- old gear he mentioned isn't on public Internet (phew:-) and telnet
wasn't an option
Deb:
- is there a way to do clients so not everything is installed all the
time
Theo:
- our client has all old stuff linked in but has to be specifically
turned on to a thing we won't fall back to
- actual removal would help upstream crypto libraries though
- maybe even remove old codepoints from IANA registries?
Bob:
- considered the interaction beween who supports what, question is how
long to try suppoort the long-tail of clients
Damien:
- turning off in server maybe less feasible - if something is in
client, you still need to test it in server
Joseph:
- from the operator perspective - 5 years ago we still had a switch
that was telnet only, now we're ssh only - if you remove things from
client we need to do lots more testing of client updates
Theo:
- we'll be conservative

other drafts

AOB

Tero:
- what version of file transfer draft to use? take to the list