I-D Action: draft-ylonen-sshkeybcp-00.txt
internet-drafts@ietf.org Mon, 18 February 2013 22:55 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: i-d-announce@ietfa.amsl.com
Delivered-To: i-d-announce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2280121E8043 for <i-d-announce@ietfa.amsl.com>; Mon, 18 Feb 2013 14:55:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.558
X-Spam-Level:
X-Spam-Status: No, score=-102.558 tagged_above=-999 required=5 tests=[AWL=0.041, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LKtxFeHm1p8W for <i-d-announce@ietfa.amsl.com>; Mon, 18 Feb 2013 14:55:03 -0800 (PST)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30DB71F0D0C for <i-d-announce@ietf.org>; Mon, 18 Feb 2013 14:55:01 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Subject: I-D Action: draft-ylonen-sshkeybcp-00.txt
X-Test-IDTracker: no
X-IETF-IDTracker: 4.40
Message-ID: <20130218225500.2234.21547.idtracker@ietfa.amsl.com>
Date: Mon, 18 Feb 2013 14:55:00 -0800
X-BeenThere: i-d-announce@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: internet-drafts@ietf.org
List-Id: Internet Draft Announcements only <i-d-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/i-d-announce>
List-Post: <mailto:i-d-announce@ietf.org>
List-Help: <mailto:i-d-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Feb 2013 22:55:13 -0000
X-List-Received-Date: Mon, 18 Feb 2013 22:55:13 -0000
A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Automated Access Using SSH Keys - Current Recommended Practice
Author(s) : Tatu Ylonen
Greg Kent
Mitchell Klein
Filename : draft-ylonen-sshkeybcp-00.txt
Pages : 60
Date : 2013-02-18
Abstract:
This document presents current recommended practice for configuring,
managing, auditing, and associated policies around automated access
to information systems, with particular emphasis on SSH user keys as
authentication and authorization tokens but also looking into other
automated access mechanisms, such as Kerberos.
Starting with a review of authentication methods that can be
configured for automated access, the document describes the risks
involved when the management of automated access and SSH keys is
neglected. It scopes the extent of the problem in particular
organizations, provides a detailed roadmap for bringing automated
access and SSH keys under control, and presents recommendations on
continuous monitoring and ongoing management of automated access in
information systems.
Various remedial actions are presented and mapped to the problems
they address and residual risks in the event the recommendations are
not implemented.
Guidance is also provided on how to organize management of automated
access with the objective of reducing the system administration
burden and organization operational cost, and on tools for automating
the process.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ylonen-sshkeybcp
There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ylonen-sshkeybcp-00
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
- I-D Action: draft-ylonen-sshkeybcp-00.txt internet-drafts