Secure Shell Public Key Subsystem
draft-ietf-secsh-publickey-subsystem-08
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2006-12-07
|
08 | (System) | IANA Action state changed to Waiting on RFC Editor from RFC-Ed-Ack |
2006-11-08
|
08 | (System) | Request for Early review by SECDIR Completed. Reviewer: Sam Weiler. |
2006-11-08
|
08 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on Authors |
2006-11-07
|
08 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2006-11-06
|
08 | (System) | IANA Action state changed to In Progress from Waiting on Authors |
2006-11-01
|
08 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2006-10-30
|
08 | (System) | IANA Action state changed to In Progress from Waiting on RFC Editor |
2006-10-30
|
08 | (System) | IANA Action state changed to In Progress from Waiting on RFC Editor |
2006-10-17
|
08 | Jari Arkko | Added Bert to notice list due to early copyedit experiment. |
2006-10-17
|
08 | Jari Arkko | State Change Notice email list have been change to secsh-chairs@tools.ietf.org,bwijnen@lucent.com from secsh-chairs@tools.ietf.org |
2006-10-09
|
08 | Amy Vezza | State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza |
2006-10-09
|
08 | Amy Vezza | IESG state changed to Approved-announcement sent |
2006-10-09
|
08 | Amy Vezza | IESG has approved the document |
2006-10-09
|
08 | Amy Vezza | Closed "Approve" ballot |
2006-10-06
|
08 | Sam Hartman | State Changes to Approved-announcement to be sent from Approved-announcement to be sent::Point Raised - writeup needed by Sam Hartman |
2006-10-06
|
08 | (System) | New version available: draft-ietf-secsh-publickey-subsystem-08.txt |
2006-09-29
|
08 | (System) | Removed from agenda for telechat - 2006-09-28 |
2006-09-28
|
08 | Amy Vezza | State Changes to Approved-announcement to be sent::Point Raised - writeup needed from IESG Evaluation by Amy Vezza |
2006-09-28
|
08 | Bill Fenner | [Ballot Position Update] New position, No Objection, has been recorded by Bill Fenner |
2006-09-28
|
08 | Sam Hartman | [Ballot Position Update] Position for Sam Hartman has been changed to Yes from Discuss by Sam Hartman |
2006-09-28
|
08 | Jon Peterson | [Ballot Position Update] New position, No Objection, has been recorded by Jon Peterson |
2006-09-27
|
08 | David Kessens | [Ballot Position Update] New position, No Objection, has been recorded by David Kessens |
2006-09-27
|
08 | Russ Housley | [Ballot Position Update] New position, No Objection, has been recorded by Russ Housley |
2006-09-27
|
08 | Mark Townsley | [Ballot Position Update] New position, No Objection, has been recorded by Mark Townsley |
2006-09-27
|
08 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded by Jari Arkko |
2006-09-27
|
08 | Cullen Jennings | [Ballot Position Update] New position, No Objection, has been recorded by Cullen Jennings |
2006-09-27
|
08 | Cullen Jennings | [Ballot comment] I was imaging an ssh client that supported this and it seems that it would end up having some "send public key" to … [Ballot comment] I was imaging an ssh client that supported this and it seems that it would end up having some "send public key" to other side. However, does that automatically add a key to the authorized list? The text that this draft has around things like setting the command-overide implies to me that the act of adding a key actually adds the keys to the authorization list as well. Now if this is the case what soft of "verification" should the client require? Do you need the password again? In a typical client, if the I get the sys admin to log in from my computer to the server and walk look the other direction for 30 seconds, can I add my private keys to the server and be able to log on any time? Anyways, I think the draft should say more about what the authorization assumptions are around adding or removing keys and give advice to client implementers about security concerns on whey they should allow keys to a be added. |
2006-09-27
|
08 | Sam Hartman | [Ballot Position Update] Position for Sam Hartman has been changed to Discuss from Yes by Sam Hartman |
2006-09-27
|
08 | Magnus Westerlund | [Ballot Position Update] New position, No Objection, has been recorded by Magnus Westerlund |
2006-09-27
|
08 | Dan Romascanu | [Ballot Position Update] New position, No Objection, has been recorded by Dan Romascanu |
2006-09-27
|
08 | Dan Romascanu | [Ballot comment] The document is completely missing any reference to the operational considerations of deploying a secure shell public-key subsystem. I would have expected a … [Ballot comment] The document is completely missing any reference to the operational considerations of deploying a secure shell public-key subsystem. I would have expected a short section to be included describing what is the deployment strategy, what subsystems are effected and need to be upgraded, if there any default settings or operations at installation, if there is any expected impact on the behavior of the network or other applications, and if any means of monitoring or management are needed or recommended. |
2006-09-27
|
08 | Yoshiko Fong | IANA Last Call Comments: As described in the IANA Considerations section of this document, upon approval of this document IANA understands it must take two … IANA Last Call Comments: As described in the IANA Considerations section of this document, upon approval of this document IANA understands it must take two actions: First, in the registry located at: http://www.iana.org/assignments/ssh-parameters in the subregistry marked: "Connection Protocol Subsystem Names" IANA will register the subsystem name "publickey" Second, in the registry located at: http://www.iana.org/assignments/ssh-parameters IANA will create three new subregistries. They are "Request Names," "Response Names," and "Attribute Names." In each case, requests for new assignments in these subregistries will be done through IETF consensus. The initial values for the new subregistries are as follows: Request Name ------------- version add remove list listattributes Response Name -------------- version status publickey attribute Attribute Name --------------- comment comment-language command-override subsystem x11 shell exec agent env from port-forward reverse-forward IANA understands that these are the only actions required upon publication of the document. |
2006-09-26
|
08 | Lisa Dusseault | [Ballot comment] This comment: A question on results ordering and a note on language tagging and selecting language. Is there any requirement for server ordering … [Ballot comment] This comment: A question on results ordering and a note on language tagging and selecting language. Is there any requirement for server ordering of public keys in response to a 'list'? it might be worth saying the list is unordered so that clients don't come to depend on some accidental ordering. Language tagging: First, a note on the experience of another group that attempted to define text properties with language tagging -- WebDAV. We discovered that servers never implemented storing multiple properties, one per language (although it may be that the spec wasn't clear on this point). But worse, servers didn't even preserve the language information because no client bothered to provide it and so it was usually missed in testing. It remains an interoperability hole (though not a problem as nobody uses it) 8 years later. I'm not even sure what lesson to draw from this property language tagging experience. Possibly clients should be required to provide language tags -- this at least forces servers to do the right thing, and most clients can at least pull up a user's system language default value. Certainly I'd conclude that if single-value language tagging is so seldom used, multiple-value-by-language-tag is even less likely to be used. Finally, I notice that although the language packet allows the description language to be tagged, there's no way for the client to request that status descriptions be in their own language. Is the status description intended for display? Would it be poor form instead for a client to use the status code to look up an appropriate locally-stored description of the status code and discard the description provided by the server which might be in an inappropriate language? |
2006-09-26
|
08 | Lisa Dusseault | [Ballot Position Update] New position, No Objection, has been recorded by Lisa Dusseault |
2006-09-26
|
08 | Lars Eggert | [Ballot comment] Section 3.1., paragraph 8: > It is RECOMMENDED that clients request and check the reply for this > request. What … [Ballot comment] Section 3.1., paragraph 8: > It is RECOMMENDED that clients request and check the reply for this > request. What would that check entail? Section 3.4., paragraph 1: > Both sides MUST start by sending a version packet that indicates the > version of the protocol they are using. Section 3.1 already talked about starting the public-key subsystem; what is started here? Section 4.3., paragraph 4: > uint32 attribute-count > string attrib-name > string attrib-value Any reason why "critical" isn't reported? (See 4.1.) Section 6.2.1., paragraph 2: > "name@domainname" (without the double quotes) where the part > preceeding the at-sign is the name. The format of the part preceding Nit: s/preceeding/preceding/ |
2006-09-26
|
08 | Lars Eggert | [Ballot Position Update] New position, No Objection, has been recorded by Lars Eggert |
2006-09-25
|
08 | Sam Hartman | Note field has been cleared by Sam Hartman |
2006-09-21
|
08 | Sam Hartman | State Changes to IESG Evaluation from Waiting for AD Go-Ahead by Sam Hartman |
2006-09-21
|
08 | Sam Hartman | State Changes to Waiting for AD Go-Ahead from Waiting for Writeup by Sam Hartman |
2006-09-21
|
08 | Sam Hartman | [Ballot Position Update] New position, Yes, has been recorded for Sam Hartman |
2006-09-21
|
08 | Sam Hartman | Ballot has been issued by Sam Hartman |
2006-09-21
|
08 | Sam Hartman | Created "Approve" ballot |
2006-09-19
|
08 | (System) | State has been changed to Waiting for Writeup from In Last Call by system |
2006-09-08
|
08 | (System) | IANA Action state changed to In Progress |
2006-09-07
|
08 | Sam Hartman | Placed on agenda for telechat - 2006-09-28 by Sam Hartman |
2006-09-05
|
08 | Amy Vezza | Last call sent |
2006-09-05
|
08 | Amy Vezza | State Changes to In Last Call from Last Call Requested by Amy Vezza |
2006-09-05
|
08 | Sam Hartman | Last Call was requested by Sam Hartman |
2006-09-05
|
08 | Sam Hartman | State Changes to Last Call Requested from AD Evaluation::AD Followup by Sam Hartman |
2006-09-05
|
08 | (System) | Ballot writeup text was added |
2006-09-05
|
08 | (System) | Last call text was added |
2006-09-05
|
08 | (System) | Ballot approval text was added |
2006-09-05
|
08 | (System) | Sub state has been changed to AD Follow up from New Id Needed |
2006-09-05
|
07 | (System) | New version available: draft-ietf-secsh-publickey-subsystem-07.txt |
2006-08-27
|
08 | Sam Hartman | [Note]: 'Requested comments be fixed by October 31' added by Sam Hartman |
2006-08-27
|
08 | Sam Hartman | Draft Added by Sam Hartman in state AD Evaluation |
2006-07-31
|
06 | (System) | New version available: draft-ietf-secsh-publickey-subsystem-06.txt |
2005-09-21
|
05 | (System) | New version available: draft-ietf-secsh-publickey-subsystem-05.txt |
2005-09-14
|
04 | (System) | New version available: draft-ietf-secsh-publickey-subsystem-04.txt |
2005-08-24
|
03 | (System) | New version available: draft-ietf-secsh-publickey-subsystem-03.txt |
2005-03-23
|
02 | (System) | New version available: draft-ietf-secsh-publickey-subsystem-02.txt |
2004-04-02
|
01 | (System) | New version available: draft-ietf-secsh-publickey-subsystem-01.txt |
2003-10-24
|
00 | (System) | New version available: draft-ietf-secsh-publickey-subsystem-00.txt |