Last Modified: 2004-09-21
|Done||Submit Internet-Draft on SSH-2.0 protocol|
|Done||Decide on Transport Layer protocol at Memphis IETF.|
|Done||Post revised core secsh drafts|
|Done||Submit core drafts to IESG for publication as proposed standard|
|Done||Post extensions drafts for review|
|Done||Start sending extensions drafts to Last Call|
|Apr 02||GSSAPI draft ready for last call|
|Apr 02||Publish draft on new crypto modes|
|May 02||Agent draft ready for last call|
|May 02||Publish draft on X.509v3/pkix support (or subsume into gssapi draft)|
|May 02||Publish draft on terminal server support|
|Dec 02||File transfer draft ready for last call|
Draft minutes from Secure Shell WG meeting at IETF61.
We met for an hour on Tuesday, November 9th, 2004.
We haven't met in about a year, mostly because the core documents have been delayed by a combination of a busy document editor and a number of process issues connected to the switch from RFC2026 to RFC3667/3668.
During these offline discussions it became clear that RFC3667 has a bug in that it does not specify precisely *how* the trademark references it requires should appear in RFCs. The IESG has asked the IPR working group to clarify this question, and we are now waiting for the resolution.
We reviewed a short list of relatively minor issues, mostly editorial/clarification; perhaps the most significant is that, at the advice of Sam Hartman (new security AD) we've tentatively decided to reference the SASL stringprep profile (currently in the RFC editor queue) for UTF8-encoded login names and passwords (this is believed to have relatively little or no impact on the deployed base).
The specific issue list and proposed resolutions from the meeting have already been sent to the WG, and are repeated at the end of this document.
Once the trademark-reference clarification is resolved we believe the documents should be ready to finally pass the IESG.
Core Draft Issue summary:
(see https://rt.psg.com, username "ietf", password "ietf" for read-only access; contact WG chair for read-write access).
ticket 440, 441, 450: close, edits complete.
ticket 453: WG chair to identify stable reference for sshv1
(sent to list recently)
ticket 454: explicitly grandfather 3DES
Editor to insert text equivalent to:
NOTE: There is a known attack on 3-key 3DES involving 2^112 space and 2^56 time; however, for the purposes of this requirement 3DES is considered to be strong enough.
ticket 461 (implicit server auth):
Editor to dig up clarification from list archives, insert into document.
ticket 462: different algs in each direction
proposal: allow but discourage; Editor to supply text.
ticket 463: login timeout
proposal: no change to document
- 10 minutes is shorter than typical SMTP listener idle timeout
- user interaction is covered in this timeout (entering passwords, etc.,; as a result there may be accessibility requirements for slow typers..)
- implementations will likely have knobs to adjust this
ticket 464: utf8:
utf8 requires input canonicalization; stringprep of usernames and passwords was previously solved by SASL in draft-ietf-sasl-saslprep-10.txt (in RFC Editor Queue, EDIT state)
Rather than reinvent the wheel, just cite it.
ticket 465: close. was request for consulting
ticket 474: x509: remove x509-related text. joe galbraith to supply followup I-D documenting what they do for x509
ticket 460, 601: no consensus on list.
flipped coin, heads for "group2", tails for "group14", came up tails
will stick with diffie-hellman-group14-sha1