Re: [Isms] secshell-pre14 - transport validation

To: j.schoenwaelder at jacobs-university.de, David Harrington <ietfdbh at comcast.net>
Subject: Re: [Isms] secshell-pre14 - transport validation
From: Dave Shield <D.T.Shield at liverpool.ac.uk>
Date: Fri, 6 Feb 2009 11:10:53 +0000
Cc: isms at ietf.org
Delivered-to: isms at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=maZKdNtlsnvO4egA2v06o/ZWdqh9gNqXSTTzMaUI06I=; b=lhAjt9WDuE7bDQrL58MNyrwdkDORureqMGu9m//EzDLICj5VyNkCTuhaziw3SOT6MD oXvucHJKM0q7ah/Az9WmEgsyFpVGf4SMl1lFK5ced8//llNFxtxt85brjKBiuWz1sy8k GnIb1jYfZ04Lmiy101/tkjO5e/i/LXRGNsmZc=
Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:cc:content-type:content-transfer-encoding; b=sSL2HzPUlkn/IUewA93rsixqGBvQIcoCk72+qyEE5NKV8dvVXXf3Pp8UxU6sXBiWo9 PQxsUTQgUEfrnQIqfTOouJidnp4zgE069OFcQDvant0fal37/qSSJ6sPYHCQ0KUiScmY ZnfuLi9e2NjyMBNrWhp275ZK99Ux4SllQAI9Q=
List-archive: <http://www.ietf.org/mail-archive/web/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
Sender: dave.shield at googlemail.com

2009/1/23 Juergen Schoenwaelder <j.schoenwaelder at jacobs-university.de>:
> On Thu, Jan 22, 2009 at 03:42:22PM -0500, David Harrington wrote:
>
>> This is an updated draft for secshell.
>
> Can the WG members please review the changes?

I've spotted a few (related) issues in section 5.2:
      Procedures for sending an Outgoing Message.


1)  The ASI sendMessage includes two parameters
     'destTransportDomain' and 'destTransportAddress'.
    The tmStateReference cache entry includes two fields
    'tmTransportDomain' and 'tmTransportAddress'

    The expectation is clearly that these two pairs will have the
    same value.   What should be the behaviour if they do not?


2)  If the tmSameSecurity flag is set, then tmSessionID is
     used to look up the appropriate SSH session.

     What should be the behaviour if the remote end of this
     connection does not match the specified tmTransportAddress?


Clearly, in a well-behaved environment, neither of these should
occur.  Is it safe to assume that these situations are impossible,
or should the EoP include some form of validation?


  3)  Steps 1) and 2) check and extract tmTransportDomain,
       but the value is never used (neither here, nor in 5.3)

       What should be the behaviour if this value is not
       'snmpSSHDomain' ?


  4)  Step 1) checks for the existence of various fields in the
      tmStateReference cache, but this list does not include
      tmSessionID.

      What should be the behaviour if this entry is missing
      from the cache?
      Does it make a difference whether tmSameSession
      is set or not?


Dave

Follow-Ups:
- Re: [Isms] secshell-pre14 - transport validation
  - From: David Harrington

Prev by Date: Re: [Isms] tmsm pre-16 - mandatory transport model
Next by Date: Re: [Isms] tmsm pre-16 - mandatory transport model
Previous by thread: Re: [Isms] tmsm pre-16 - mandatory transport model
Next by thread: Re: [Isms] secshell-pre14 - transport validation
Index(es):
- Date
- Thread

Re: [Isms] secshell-pre14 - transport validation

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.