Re: [Isms] #2: is server authentication a requirement that SNMP willrequire

To: "Kaushik Narayan (kaushik)" <kaushik at cisco.com>
Subject: Re: [Isms] #2: is server authentication a requirement that SNMP willrequire
From: Juergen Schoenwaelder <j.schoenwaelder at iu-bremen.de>
Date: Mon, 17 Oct 2005 13:29:19 +0200
Cc: dbharrington at comcast.net, isms at ietf.org
In-reply-to: <618694EF0B657246A4D55A97E38274C3B99972@xmb-sjc-22d.amer.cisco.com>
List-archive: <http://www1.ietf.org/pipermail/isms>
List-help: <mailto:isms-request@lists.ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.lists.ietf.org>
List-post: <mailto:isms@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=unsubscribe>
Mail-followup-to: "Kaushik Narayan (kaushik)" <kaushik at cisco.com>, dbharrington at comcast.net, isms at ietf.org
References: <618694EF0B657246A4D55A97E38274C3B99972@xmb-sjc-22d.amer.cisco.com>
Reply-to: j.schoenwaelder at iu-bremen.de
Sender: isms-bounces at lists.ietf.org
User-agent: Mutt/1.5.10i

On Fri, Oct 14, 2005 at 08:59:44AM -0700, Kaushik Narayan (kaushik) wrote:

> 	c) for the common case of DH signed by public keys, how does the
> client learn the host's public key in advance, and verify that the
> correct key is being used?
>
> I had mentioned this in a previous note, SSHSM does create the need to
> manually provision public keys on clients until we have X.509 support
> (or GSSAPI is being used). SSH client implementations in interactive
> mode will verify the key by echoing it to the user  and saving the key
> once the user accepts. We cannot do that with SSHSM and we either
> require manual provisioning of server public keys or accept blindly the
> first time, which make it suscepitble to mitm.

Management applications at the very end also have a human being
involved. I don't see a reason why a management application can't do
the same as my ssh client does when you hit a box you have not talked
to before. Initiate a dialog with a human decision maker, open a
ticket in a trouble ticket system or whatever the app writer seeks
appropriate to get an OK to accept the key. This is all implementation
detail for me.

The spec should just say somewhere (perhaps in the security
considerations section) that public host keys must be verified to
prevent mitm attacks and that applications should cache host keys and
warn about any changes. It is likely that all this text has already
been written and we can just refer to the appropriate section(s) in
the ssh documents.

I think we should not even try to standardize a way to automatically
verify host keys. If there is a need for such a feature, I think the
ssh WG should work a general solution since this problem is not ISMS
specific.

/js

-- 
Juergen Schoenwaelder		    International University Bremen
<http://www.eecs.iu-bremen.de/>	    P.O. Box 750 561, 28725 Bremen, Germany

_______________________________________________
Isms mailing list
Isms at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms

Follow-Ups:
- Re: [Isms] #2: is server authentication a requirement that SNMP willrequire
  - From: Eliot Lear

References:
- RE: [Isms] #2: is server authentication a requirement that SNMP willrequire
  - From: Kaushik Narayan \(kaushik\)

Prev by Date: Re: [Isms] #31: Is maxSizeResponseScopedPDU relevant?
Next by Date: RE: [Isms] #8: Do we need a mapping between the SSH key and SNMPengineID?
Previous by thread: RE: [Isms] #2: is server authentication a requirement that SNMP willrequire
Next by thread: Re: [Isms] #2: is server authentication a requirement that SNMP willrequire
Index(es):
- Date
- Thread

Re: [Isms] #2: is server authentication a requirement that SNMP willrequire

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.