Re: [Isms] TBD secshell

To: "David B Harrington" <dbharrington at comcast.net>
Subject: Re: [Isms] TBD secshell
From: Wes Hardaker <wjhns1 at hardakers.net>
Date: Tue, 10 Feb 2009 13:29:43 -0800
Cc: 'Jeffrey Hutzelman' <jhutz at cmu.edu>, isms at ietf.org
Delivered-to: isms at core3.amsl.com
In-reply-to: <095b01c98b36$c25d2970$0600a8c0 at china.huawei.com> (David B. Harrington's message of "Mon, 9 Feb 2009 23:19:25 -0500")
List-archive: <http://www.ietf.org/mail-archive/web/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
Organization: Sparta
References: <20090127083933.GC12355 at elstar.local> <200901282258.n0SMw53g024330 at toasties.srv.cs.cmu.edu> <4BB6D8A8E1F91F93B85A62F7 at atlantis.pc.cs.cmu.edu> <200901282344.n0SNiunA000877 at grapenut.srv.cs.cmu.edu> <CF95F6B3BDFD3B171FFD4DA3 at atlantis.pc.cs.cmu.edu> <200901290108.n0T18S7R014276 at raisinbran.srv.cs.cmu.edu> <8026D632B9CA159AAC2154FA at atlantis.pc.cs.cmu.edu> <sdk57zm8ep.fsf at wes.hardakers.net> <095b01c98b36$c25d2970$0600a8c0 at china.huawei.com>
User-agent: Gnus/5.110011 (No Gnus v0.11) XEmacs/21.4.21 (linux, no MULE)

>>>>> On Mon, 9 Feb 2009 23:19:25 -0500, "David B Harrington" <dbharrington at comcast.net> said:

DBH> I just sent out updates to all three documents.
DBH> This problem is not addressed.
DBH> Can you tell me how to change the text?
DBH> I am not sure I understand the edits.

Sure. The only thing that needs to be added, IMHO, is a note saying the
address should be consistent during the life of a session. i.e.:

5.1. Procedures for an Incoming Message

1. The SSH Transport Model queries the SSH engine, in an
implementation-dependent manner, to determine the
transportAddress, the principal name authenticated by SSH, and a
session identifier. {+The transportAddress must be consistent
during the life of a SSH session.+}

... jump to text after bullet 2 of 5.1 ...

Prepare the transport parameters for the ASI:

transportDomain = snmpSSHDomain

transportAddress = the address {+of the SSH session that+} the message
originated from, determined in an implementation-dependent way

... jump to bullet 2 of section 5.3 ...

2. Using tmTransportAddress, the client will establish an SSH
transport connection using the SSH transport protocol,
authenticate the server, and exchange keys for message integrity
and encryption. {+The transportAddress associated with a session
MUST remain constant during the lifetime of the SSH session.
Implementations may need to cache the transportAddress passed to
the openSession API for later use when performing incoming
message processing (see section Section 5.1).+}

--
Wes Hardaker
Sparta, Inc.

References:
- Re: [Isms] TBD secshell
  - From: Jeffrey Hutzelman
- Re: [Isms] TBD secshell
  - From: Jeffrey Hutzelman
- Re: [Isms] TBD secshell
  - From: Jeffrey Hutzelman
- Re: [Isms] TBD secshell
  - From: Wes Hardaker
- Re: [Isms] TBD secshell
  - From: David B Harrington

Prev by Date: Re: [Isms] Comments about draft-ietf-isms-secshell-13, Section 5
Next by Date: Re: [Isms] tsm pre11 - minor issues
Previous by thread: Re: [Isms] TBD secshell
Next by thread: Re: [Isms] [j.schoenwaelder at jacobs-university.de: Re: secshell-pre14]
Index(es):
- Date
- Thread

Re: [Isms] TBD secshell

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.