"Matthijs R. Koot" <[email protected]> writes: >A low-complexity alternative to SSH seems useful and might perhaps allow >validation by formal methods...
Funny you should mention that, I suggested this to someone recently because it's something that's never been formally analysed and is likely an easy target for finding holes because of its baroque complexity (the draft points to some possible attack vectors in the "Rationale" sections, I'm sure there are plenty more). >Is the unpublished draft open to the public? You can get it from http://www.cs.auckland.ac.nz/~pgut001/pubs/simplessh.txt (several people have asked about it, so I've posted it online). The abstract is: The widespread adoption of SSH has seen the emergence of numerous SSH implementations, but also numerous interoperability problems among many of the non-mainstream versions. This problem arises because the complexity and in places ambiguity of the specification makes it possible to create specification-compliant but non-interoperable implementations, and is exacerbated by the fact that in many cases where SSH is used, for example for the control interface of an embedded device or a Windows file transfer facility, the developers are required to implement a specification designed to provide a full-blown Unix VPN solution even though in their case they'll never use the majority of its facilities. This document describes a simplified profile of SSH that provides a standard minimal feature set for use in applications that just require a basic no- frills secure channel from A to B, building on a decade of SSH implementation experience to avoid known problem areas in the SSH protocol. As a side-effect this minimal profile reduces the large attack surface of SSH to a more manageable level by eliminating much of the complexity in the protocol. Peter. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
