Re: [Isms] ssh authn

To: <j.schoenwaelder at jacobs-university.de>
Subject: Re: [Isms] ssh authn
From: "David Harrington" <ietfdbh at comcast.net>
Date: Thu, 22 Jan 2009 16:32:01 -0500
Cc: isms at ietf.org
Delivered-to: ietfarch-isms-archive at core3.amsl.com
Delivered-to: isms at core3.amsl.com
In-reply-to: <20090122194722.GB7322 at elstar.local>
List-archive: <http://www.ietf.org/pipermail/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
References: <0b9501c97be4$024201d0$0600a8c0 at china.huawei.com> <20090122194722.GB7322 at elstar.local>
Sender: isms-bounces at ietf.org
Thread-index: Acl8ykWe6ZCkUtenRPWqSAIkB+FtMgADX0Hw

sentence 1 talks about server authn, which I assume means RFC4253.
sentences 2-4 talk about user authn, which I assume means RFC4252
sentence 5 talks about server authn, which I assume means RFC4253.

It strikes me that this paragraph should be reworked to separate the
server auth and the user auth discussions.

Unless, of course, I am misunderstanding this text.
Maybe this is about how to use tmTransportAddress during server authn,
and it just is not clear.

is this all about server authn, or is client and server authn mixed in
this paragraph?

dbh

> -----Original Message-----
> From: Juergen Schoenwaelder 
> [mailto:j.schoenwaelder at jacobs-university.de] 
> Sent: Thursday, January 22, 2009 2:47 PM
> To: David Harrington
> Cc: isms at ietf.org
> Subject: Re: [Isms] ssh authn
> 
> On Wed, Jan 21, 2009 at 11:19:16AM -0500, David Harrington wrote:
> > In the following paragraph, is this all about server authn, or is
> > client and server authn mixed into this paragraph?
> > 
> > Using tmTransportAddress, the client will establish an
> >         SSH transport connection using the SSH transport protocol,
> >         authenticate the server, and exchange keys for message
> >         integrity and encryption. The tmTransportAddress field may
> >         contain a user-name followed by an '@' character 
> (ASCII 0x40)
> >         that will indicate a specific user-name string that 
> should be
> >         presented to the ssh server as the "user name" for
> >         authentication purposes. This MAY be different than 
> the passed
> >         tmSecurityName value that will be used in the 
> remaining steps
> >         below. If there is no specified user-name in the
> >         tmTransportAddress then the tmSecurityName should be used
> >         as the user-name. The other parameters of the transport
> >         connection and the credentials used to authenticate the
> >         server are provided in an implementation-dependent manner.
> 
> I am not sure where your question is supposed to leads to. The text
> tells me that the user-name portion of the tmTransportAddress if
> present is used as the ssh user name instead of tmSecurityName.  The
> user name is relevant for SSH client authentication, not for SSH
> server authentication. That said, I am still wondering what the
reason
> behind your question is...
> 
> /js
> 
> -- 
> Juergen Schoenwaelder           Jacobs University Bremen gGmbH
> Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
> Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>
> 

_______________________________________________
Isms mailing list
Isms at ietf.org
https://www.ietf.org/mailman/listinfo/isms

Follow-Ups:
- Re: [Isms] ssh authn
  - From: Juergen Schoenwaelder

References:
- [Isms] ssh authn
  - From: David Harrington
- Re: [Isms] ssh authn
  - From: Juergen Schoenwaelder

Prev by Date: [Isms] tsm pre11
Next by Date: Re: [Isms] ssh authn
Previous by thread: Re: [Isms] ssh authn
Next by thread: Re: [Isms] ssh authn
Index(es):
- Date
- Thread

Re: [Isms] ssh authn

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.