Re: [Isms] #2: is server authentication a requirement that SNMP willrequire

To: Sam Hartman <hartmans-ietf at mit.edu>
Subject: Re: [Isms] #2: is server authentication a requirement that SNMP willrequire
From: Eliot Lear <lear at cisco.com>
Date: Tue, 18 Oct 2005 06:14:02 +0200
Authentication-results: imail.cisco.com; header.From=lear@cisco.com; dkim=pass ( message from cisco.com verified; );
Cc: isms at ietf.org, dbharrington at comcast.net
Dkim-signature: a=rsa-sha1; q=dns; l=619; t=1129609477; x=1130041677; c=nowsp; s=nebraska; h=Subject:From:Date:Content-Type:Content-Transfer-Encoding; d=cisco.com; i=lear@cisco.com; z=Subject:Re=3A=20[Isms]=20#2=3A=20is=20server=20authentication=20a=20requirement= 20that=20SNMP=09willrequire| From:Eliot=20Lear=20<lear@cisco.com>| Date:Tue,=2018=20Oct=202005=2006=3A14=3A02=20+0200| Content-Type:text/plain=3B=20charset=3DISO-8859-1=3B=20format=3Dflowed| Content-Transfer-Encoding:7bit; b=IxF56b16MoSQBWrCtUoQSi4yoYFdhBtyx15Q0Xj1l8BcZvUN4VM7Wi9aumHJPYJqaqUHJSe0 u2Norytzn/ySV4Hh7HobDn0TPE5OqBHmyYkF54giIvTd1MxaolR4oRrvh2bYtHoneicykr8nnlv Rhz0/esnRATFS6T1Xt57mFRs=
In-reply-to: <tslek6jrdlp.fsf@cz.mit.edu>
List-archive: <http://www1.ietf.org/pipermail/isms>
List-help: <mailto:isms-request@lists.ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.lists.ietf.org>
List-post: <mailto:isms@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=unsubscribe>
References: <618694EF0B657246A4D55A97E38274C3B99972@xmb-sjc-22d.amer.cisco.com> <20051017112919.GA23850@boskop.local> <4353C61D.2050701@cisco.com> <tslek6jrdlp.fsf@cz.mit.edu>
Sender: isms-bounces at lists.ietf.org
User-agent: Thunderbird 1.4.1 (Macintosh/20051006)

Sam Hartman wrote:

I'd advise against assuming there will be a big push for ssh x.509
certs.  It probably will be standardized; some people will probably
implement it.  However one of the major attractive features of ssh is
that it does not use x.509.

Sam, what you see as attractive is also a scaling limitation. It's easy for us to ship a core set of PCA certs in a device. Think about this way. My aunt goes to her local supermarket to buy a new set top box that she wants to use with her service provider, who will give her a username and a password. You want her to be sure that her device authenticates the configuration server. How is she supposed to verify that the host key is the right one?

This is why it's important for X.509 certs to be done.

Eliot

_______________________________________________
Isms mailing list
Isms at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms

Follow-Ups:
- Re: [Isms] #2: is server authentication a requirement that SNMP willrequire
  - From: Sam Hartman

References:
- RE: [Isms] #2: is server authentication a requirement that SNMP willrequire
  - From: Kaushik Narayan \(kaushik\)
- Re: [Isms] #2: is server authentication a requirement that SNMP willrequire
  - From: Juergen Schoenwaelder
- Re: [Isms] #2: is server authentication a requirement that SNMP willrequire
  - From: Eliot Lear
- Re: [Isms] #2: is server authentication a requirement that SNMP willrequire
  - From: Sam Hartman

Prev by Date: Re: [Isms] #33: does the mib need to be writable?
Next by Date: Re: [Isms] #2: is server authentication a requirement that SNMP willrequire
Previous by thread: Re: [Isms] #2: is server authentication a requirement that SNMP willrequire
Next by thread: Re: [Isms] #2: is server authentication a requirement that SNMP willrequire
Index(es):
- Date
- Thread

Re: [Isms] #2: is server authentication a requirement that SNMP willrequire

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.