Re: [Isms] [j.schoenwaelder at jacobs-university.de: Re: secshell-pre14]

To: <j.schoenwaelder at jacobs-university.de>, <isms at ietf.org>
Subject: Re: [Isms] [j.schoenwaelder at jacobs-university.de: Re: secshell-pre14]
From: "David B Harrington" <dbharrington at comcast.net>
Date: Thu, 5 Feb 2009 10:15:45 -0500
Delivered-to: isms at core3.amsl.com
In-reply-to: <20090205080119.GA1186 at elstar.iuhb02.iu-bremen.de>
List-archive: <http://www.ietf.org/mail-archive/web/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
References: <20090127083933.GC12355 at elstar.local> <20090205080119.GA1186 at elstar.iuhb02.iu-bremen.de>
Thread-index: AcmHZ/lBQ6lSk9kkSS+UApYkWblRKgAOjz9A

Hi,

The two ports issue is resolved. We now use two ports; the document
now asks IANA for two ports; and I think the use of two ports has no
effect on the EOP, because the choice of ports is done strictly by the
applications. I will, of course double-check this.

I think the EOP needs to be updated somewhat to address Pasi's
comments. I have not gone through the EOP to see just what needs
changing yet.

I think the EOP needs to be modified to make sure the message
processing model can match the outgoing transportaddress for a request
and the incoming transportaddress from the response, which is how the
MPM determines which application is waiting for a response. If the
request was sent using a user at foo.com address, then SSHTM uses parses
the address into a foo.com address and uses foo instead of the
tmsecurityname specified by the security model. When we get a response
from user at foo.com, we need to make the TM pass the MPM a transport
address of the user at foo.com format, and set the tmsecurityname to
match what was requested by the security model. I don't think it will
be terribly difficult to update the EOP, but I am not sure where the
TM stores the request-state (tmsecurityname) that it must restore when
it gets the response.

I'll try to get a revision posted within the next week.

dbh

> -----Original Message-----
> From: Juergen Schoenwaelder 
> [mailto:j.schoenwaelder at jacobs-university.de] 
> Sent: Thursday, February 05, 2009 3:01 AM
> To: Dave Harrington
> Subject: Re: [j.schoenwaelder at jacobs-university.de: Re: 
> [Isms]secshell-pre14]
> 
> On Tue, Jan 27, 2009 at 09:39:33AM +0100, Juergen Schoenwaelder
wrote:
> > David,
> > 
> > can you quickly explain the issues? I would like to move 
> forward with
> > resolving them and push for a second last call.
> 
> David,
> 
> where are we with the open issues. You once mentioned:
> 
> > We still need work on 
> > 1) the processes for client versus server
> > 2) two ports
> 
> Then there was some discussion around the SSH username embedded in
an
> SSH TAddress. So we might have three issues still to solve but I am
> not 100% sure what the issues are. Can you help us by stating the
> issue clearly? I want to get this ISMS thing done; and it needs to
be
> good enough not perfect for Proposed Standard.
> 
> /js
> 
> -- 
> Juergen Schoenwaelder           Jacobs University Bremen gGmbH
> Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
> Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>
>

Prev by Date: Re: [Isms] TBD secshell
Next by Date: Re: [Isms] tmsm pre-16 - minor issues
Previous by thread: [Isms] TBD secshell
Next by thread: Re: [Isms] tmsm pre-16 - minor issues
Index(es):
- Date
- Thread

Re: [Isms] [j.schoenwaelder at jacobs-university.de: Re: secshell-pre14]

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.