Re: [Isms] ssh authn

To: <j.schoenwaelder at jacobs-university.de>, "David Harrington" <ietfdbh at comcast.net>
Subject: Re: [Isms] ssh authn
From: "tom.petch" <cfinss at dial.pipex.com>
Date: Tue, 27 Jan 2009 17:57:55 +0100
Cc: isms at ietf.org
Delivered-to: ietfarch-isms-archive at core3.amsl.com
Delivered-to: isms at core3.amsl.com
List-archive: <http://www.ietf.org/pipermail/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
References: <0b9501c97be4$024201d0$0600a8c0 at china.huawei.com><20090122194722.GB7322 at elstar.local><0cc301c97cd8$dcaff8f0$0600a8c0 at china.huawei.com> <20090122231008.GA7514 at elstar.local>
Reply-to: "tom.petch" <cfinss at dial.pipex.com>
Sender: isms-bounces at ietf.org

I have no problem with the original formulation.

If you do opt for Juergen's, I would prefer 'other parameters' - as in the
original - to just 'parameters'.

Tom Petch

----- Original Message -----
From: "Juergen Schoenwaelder" <j.schoenwaelder at jacobs-university.de>
To: "David Harrington" <ietfdbh at comcast.net>
Cc: <isms at ietf.org>
Sent: Friday, January 23, 2009 12:10 AM
Subject: Re: [Isms] ssh authn


> On Thu, Jan 22, 2009 at 04:32:01PM -0500, David Harrington wrote:
> > Hi,
> >
> > sentence 1 talks about server authn, which I assume means RFC4253.
> > sentences 2-4 talk about user authn, which I assume means RFC4252
> > sentence 5 talks about server authn, which I assume means RFC4253.
> >
> > It strikes me that this paragraph should be reworked to separate the
> > server auth and the user auth discussions.
> >
> > Unless, of course, I am misunderstanding this text.
> > Maybe this is about how to use tmTransportAddress during server authn,
> > and it just is not clear.
> >
> > is this all about server authn, or is client and server authn mixed in
> > this paragraph?
>
> So you want to change this text to something like this:
>
>    Using tmTransportAddress, the client will establish an SSH
>    transport connection using the SSH transport protocol, authenticate
>    the server, and exchange keys for message integrity and encryption.
>    The parameters of the transport connection and the credentials used
>    to authenticate the server are provided in an implementation-dependent
>    manner.
>
>    The tmTransportAddress field may contain a user-name followed by an
>    '@' character (ASCII 0x40) that will indicate a specific user-name
>    string that should be presented to the ssh server as the "user
>    name" for user authentication purposes. This user-name MAY be
>    different than the passed tmSecurityName value that will be used in
>    the remaining steps below. If there is no specified user-name in
>    the tmTransportAddress then the tmSecurityName should be used as
>    the user-name.
>
> Such a change is fine with me.
>
> /js
>
> --
> Juergen Schoenwaelder           Jacobs University Bremen gGmbH
> Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
> Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>
> _______________________________________________
> Isms mailing list
> Isms at ietf.org
> https://www.ietf.org/mailman/listinfo/isms

_______________________________________________
Isms mailing list
Isms at ietf.org
https://www.ietf.org/mailman/listinfo/isms

References:
- [Isms] ssh authn
  - From: David Harrington
- Re: [Isms] ssh authn
  - From: Juergen Schoenwaelder
- Re: [Isms] ssh authn
  - From: David Harrington
- Re: [Isms] ssh authn
  - From: Juergen Schoenwaelder

Prev by Date: Re: [Isms] IsmsSNMP SSH ports
Next by Date: [Isms] TBD secshell
Previous by thread: Re: [Isms] ssh authn
Next by thread: Re: [Isms] ssh authn
Index(es):
- Date
- Thread

Re: [Isms] ssh authn

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.