Re: ISMS working group and charter problems

To: j.schoenwaelder at iu-bremen.de, Sam Hartman <hartmans-ietf at mit.edu>
Subject: Re: ISMS working group and charter problems
From: Jeffrey Hutzelman <jhutz at cmu.edu>
Date: Thu, 08 Sep 2005 17:36:02 -0400
Cc: IETF Discussion <ietf at ietf.org>
In-reply-to: <20050908211508.GA28818@boskop.local>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
References: <200509081520.IAA02206@cisco.com> <00a101c5b49c$5e913680$0601a8c0@pc6> <tslirxbnyqz.fsf@cz.mit.edu> <20050908200547.GA25650@boskop.local> <tslvf1bmgx4.fsf@cz.mit.edu> <20050908211508.GA28818@boskop.local>
Sender: ietf-bounces at ietf.org

On Thursday, September 08, 2005 11:15:08 PM +0200 Juergen Schoenwaelder <j.schoenwaelder at iu-bremen.de> wrote:

On Thu, Sep 08, 2005 at 04:40:55PM -0400, Sam Hartman wrote:

Authentication is sometimes symmetric; it is not in the case of
passwords.  For authentication methods like public key or GSS, it is
reasonably symmetric.


The networking boxes I have access to all use password authentication
because they like to stick the password into RADIUS/TACACS...

I am not sure what "reasonably symmetric" means. Who authenticates
whom and in which way if the server establishes a connection to the
client with public key or GSS?


SSH servers don't establish connections to SSH clients.
An SSH server is authenticated as part of key exchange.
An SSH client is authenticated as part of user authentication.

In some cases, the same kinds of credentials can be used in either direction. For example, an RSA key pair can be used either to authenticate a host (as a host key) or to authenticate a user (via the publickey userauth method). Similarly, if the Kerberos GSSAPI mechanism is used, the same Kerberos principal can be used in either a client or a server role, provided the Kerberos infrastructure is configured to allow such usage for that principal.

-- Jeffrey T. Hutzelman (N3NHS) <jhutz+ at cmu.edu>
  Sr. Research Systems Programmer
  School of Computer Science - Research Computing Facility
  Carnegie Mellon University - Pittsburgh, PA


_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

References:
- Re: ISMS working group and charter problems
  - From: Keith McCloghrie
- Re: ISMS working group and charter problems
  - From: Tom Petch
- Re: ISMS working group and charter problems
  - From: Sam Hartman
- Re: ISMS working group and charter problems
  - From: Juergen Schoenwaelder
- Re: ISMS working group and charter problems
  - From: Sam Hartman
- Re: ISMS working group and charter problems
  - From: Juergen Schoenwaelder

Prev by Date: Re: ISMS working group and charter problems
Next by Date: Re: DNSEXT Minutes @ IETF-63 [Software Patent issues denied discussion]
Previous by thread: Re: ISMS working group and charter problems
Next by thread: Re: ISMS working group and charter problems
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: ISMS working group and charter problems

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.