Re: [Isms] wg last call followup - sshtm

["David Harrington" <ietfdbh at comcast.net>]

> -----Original Message-----
> From: Juergen Schoenwaelder 
> [mailto:j.schoenwaelder at jacobs-university.de] 
> Sent: Thursday, March 05, 2009 4:56 AM
> To: David Harrington
> Cc: 'tom.petch'; isms at ietf.org
> Subject: Re: [Isms] wg last call followup - sshtm
> 
> On Wed, Mar 04, 2009 at 10:54:44AM -0500, David Harrington wrote:
>  
> > > Actually, I see this one as ok:-) It tells me that there is a
> > > recipient and that the identifier for that recipient has two
> > > values, one, alice is used in the NO, the other, rtr-nyc4, is
used
> > > in the NR.
> > 
> > And that is the confusion I had (or have) as well. I think 
> saying that
> > alice is the recipient is wrong, if the bob@ format is used. 
> 
> My understanding is that the NO creates the SSH session and this
> results in the following:
> 
> - NO gets an authenticated SSH host identity
> - NR gets an authenticated SSH user name
> 
> So in both cases (with or without the bob@ format), the NO does
access
> control against a locally known securityName that is bound to an SSH
> transport address via local configuration and the engine has to make
> sure that the SSH host is getting properly authenticated before
> shipping the notification.

OK. I do not think the draft states this adequately. 

Should we add a version of this last paragraph in the security
considerations? in the SSH introduction? maybe section 3.3 for
notifications and proxy? 

should we separate the notification case from the proxy case, since
proxy does not do access control?

What does the engine have to make sure of for proxy?

dbh