[abfab] [Phil Lello] [saag] SSH Protocol Extensions
Sam Hartman <hartmans@painless-security.com> Wed, 12 August 2015 16:01 UTC
Return-Path: <hartmans@mit.edu>
X-Original-To: abfab@ietfa.amsl.com
Delivered-To: abfab@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 41FF21A899D
for <abfab@ietfa.amsl.com>; Wed, 12 Aug 2015 09:01:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.234
X-Spam-Level:
X-Spam-Status: No, score=-1.234 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_SOFTFAIL=0.665]
autolearn=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id MQCsQrbfX-Dh for <abfab@ietfa.amsl.com>;
Wed, 12 Aug 2015 09:01:26 -0700 (PDT)
Received: from mail.painless-security.com (mail.painless-security.com
[23.30.188.241])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 770DD1A8989
for <abfab@ietf.org>; Wed, 12 Aug 2015 09:01:26 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
by mail.painless-security.com (Postfix) with ESMTP id 04BFE20798
for <abfab@ietf.org>; Wed, 12 Aug 2015 12:00:09 -0400 (EDT)
Received: from mail.painless-security.com ([127.0.0.1])
by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id XdHOVw8b91g0 for <abfab@ietf.org>;
Wed, 12 Aug 2015 12:00:08 -0400 (EDT)
Received: from carter-zimmerman.suchdamage.org (unknown [10.1.10.105])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "laptop", Issuer "laptop" (not verified))
by mail.painless-security.com (Postfix) with ESMTPS
for <abfab@ietf.org>; Wed, 12 Aug 2015 12:00:08 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042)
id E0DFB80A45; Wed, 12 Aug 2015 12:01:24 -0400 (EDT)
From: Sam Hartman <hartmans@painless-security.com>
To: abfab@ietf.org
Date: Wed, 12 Aug 2015 12:01:24 -0400
Message-ID: <tsly4hgzeaz.fsf@mit.edu>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
Archived-At: <http://mailarchive.ietf.org/arch/msg/abfab/tSPKzbSwbmSYtS4uiqc-Px1xD8g>
Subject: [abfab] [Phil Lello] [saag] SSH Protocol Extensions
X-BeenThere: abfab@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Application Bridging,
Federated Authentication Beyond \(the web\)" <abfab.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/abfab>,
<mailto:abfab-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/abfab/>
List-Post: <mailto:abfab@ietf.org>
List-Help: <mailto:abfab-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abfab>,
<mailto:abfab-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Aug 2015 16:01:28 -0000
This is out of scope for ABFAB but probably interesting to folks here.
--- Begin Message ---Hi, I'm currently working on extensions to the SSH protocol; as I believe the SecSH WG is effectively dormant, is this list the best place to discuss the proposals? Briefly, I am seeking to add support for federated/asserted identities to SSH, for scenarios where the protocol is used as an application transport (e.g. git, svn). This involves the client sending a desired username for authentication, along with a authentication token from a trusted 3rd party. In the initial implementation, this would be a SAML assertion, although I intend to make the implementation generic enough to support other mechanisms. Trust relationships for valid IdPs would be handled according to local policy. A related extension will be a formal websocket binding for SSH, and I expect the reference implementation of this to be a patch to Gerrit (a git-based code review tool that contains an embedded Java SSH server). Phil Lello_______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag--- End Message ---