Re: [Isms] wg last call followup - sshtm

To: "David Harrington" <ietfdbh at comcast.net>
Subject: Re: [Isms] wg last call followup - sshtm
From: Wes Hardaker <wjhns1 at hardakers.net>
Date: Thu, 05 Mar 2009 09:21:25 -0800
Cc: isms at ietf.org
Delivered-to: isms at core3.amsl.com
In-reply-to: <18fd01c99db3$7906ded0$0600a8c0 at china.huawei.com> (David Harrington's message of "Thu, 5 Mar 2009 11:57:30 -0500")
List-archive: <http://www.ietf.org/mail-archive/web/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
Organization: Sparta
References: <sd3adv66x2.fsf at wes.hardakers.net> <007901c99c09$b6cd0ce0$0601a8c0 at allison> <sd1vtezimz.fsf at wes.hardakers.net> <c64ae3380903030830k65951767g2a27b479ad80501c at mail.gmail.com> <sdocwiy16j.fsf at wes.hardakers.net> <016501c99c38$54f035e0$0601a8c0 at allison> <20090303223106.GA5648 at elstar.local> <14bd01c99c5d$9abeb1d0$0600a8c0 at china.huawei.com> <01f201c99cc9$61b85640$0601a8c0 at allison> <15f501c99ce1$8a015e90$0600a8c0 at china.huawei.com> <20090305095539.GA8180 at elstar.local> <18fd01c99db3$7906ded0$0600a8c0 at china.huawei.com>
User-agent: Gnus/5.110011 (No Gnus v0.11) XEmacs/21.4.21 (linux, no MULE)

>>>>> On Thu, 5 Mar 2009 11:57:30 -0500, "David Harrington" <ietfdbh at comcast.net> said:

>> So in both cases (with or without the bob@ format), the NO does
DH> access
>> control against a locally known securityName that is bound to an SSH
>> transport address via local configuration and the engine has to make
>> sure that the SSH host is getting properly authenticated before
>> shipping the notification.

DH> OK. I do not think the draft states this adequately. 

DH> Should we add a version of this last paragraph in the security
DH> considerations? in the SSH introduction? maybe section 3.3 for
DH> notifications and proxy? 

I tried to put something like that in the security considerations
section for the document I posted yesterday.  Does it meet your needs?

DH> should we separate the notification case from the proxy case, since
DH> proxy does not do access control?

There are two separate cases:

Clients that does access control before sending (NOs only)
Those that don't                                (everything else)

I wouldn't spell out proxies generically since they're already lumped
into the other case.
-- 
Wes Hardaker
Sparta, Inc.

Follow-Ups:
- Re: [Isms] wg last call followup - sshtm
  - From: David Harrington
- Re: [Isms] wg last call followup - sshtm
  - From: Juergen Schoenwaelder

References:
- Re: [Isms] wg last call followup - sshtm
  - From: Wes Hardaker
- Re: [Isms] wg last call followup - sshtm
  - From: tom.petch
- Re: [Isms] wg last call followup - sshtm
  - From: Wes Hardaker
- Re: [Isms] wg last call followup - sshtm
  - From: Dave Shield
- Re: [Isms] wg last call followup - sshtm
  - From: Wes Hardaker
- Re: [Isms] wg last call followup - sshtm
  - From: tom.petch
- Re: [Isms] wg last call followup - sshtm
  - From: Juergen Schoenwaelder
- Re: [Isms] wg last call followup - sshtm
  - From: David Harrington
- Re: [Isms] wg last call followup - sshtm
  - From: tom.petch
- Re: [Isms] wg last call followup - sshtm
  - From: David Harrington
- Re: [Isms] wg last call followup - sshtm
  - From: Juergen Schoenwaelder
- Re: [Isms] wg last call followup - sshtm
  - From: David Harrington

Prev by Date: Re: [Isms] wg last call followup - sshtm
Next by Date: Re: [Isms] Proposed SSHTM document modifications: take 2
Previous by thread: Re: [Isms] wg last call followup - sshtm
Next by thread: Re: [Isms] wg last call followup - sshtm
Index(es):
- Date
- Thread

Re: [Isms] wg last call followup - sshtm

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.