Re: [Isms] Discussion: Architecture direction for ISMS
Eric Rescorla <ekr@rtfm.com> Wed, 13 April 2005 13:37 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA25444; Wed, 13 Apr 2005 09:37:47 -0400 (EDT)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DLiDk-0007Ox-2V; Wed, 13 Apr 2005 09:47:56 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DLhqS-0001lx-RH; Wed, 13 Apr 2005 09:23:52 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DLhqR-0001lL-Kn for isms@megatron.ietf.org; Wed, 13 Apr 2005 09:23:51 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA24545 for <isms@ietf.org>; Wed, 13 Apr 2005 09:23:42 -0400 (EDT)
Received: from romeo.rtfm.com ([198.144.203.242]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DLi05-000766-Fw for isms@ietf.org; Wed, 13 Apr 2005 09:33:51 -0400
Received: by romeo.rtfm.com (Postfix, from userid 1001) id 4F8091705B; Wed, 13 Apr 2005 06:30:54 -0700 (PDT)
To: Robert Story <rstory@freesnmp.com>
Subject: Re: [Isms] Discussion: Architecture direction for ISMS
References: <0BDFFF51DC89434FA33F8B37FCE363D5030B9B0D@zcarhxm2.corp.nortel.com> <20050413091744.4814dd63@aud>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 13 Apr 2005 06:30:54 -0700
In-Reply-To: <20050413091744.4814dd63@aud> (Robert Story's message of "Wed, 13 Apr 2005 09:17:44 -0400")
Message-ID: <86mzs2u7ld.fsf@romeo.rtfm.com>
User-Agent: Gnus/5.1002 (Gnus v5.10.2) XEmacs/21.4 (Security Through Obscurity, berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7baded97d9887f7a0c7e8a33c2e3ea1b
Cc: isms@ietf.org
X-BeenThere: isms@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: EKR <ekr@rtfm.com>
List-Id: Mailing list for the ISMS working group <isms.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/isms>
List-Post: <mailto:isms@lists.ietf.org>
List-Help: <mailto:isms-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=subscribe>
Sender: isms-bounces@ietf.org
Errors-To: isms-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: cab78e1e39c4b328567edb48482b6a69
Robert Story <rstory@freesnmp.com> writes: > On Wed, 13 Apr 2005 08:28:22 -0400 Martin wrote: > MS> Why does the reverse communication require any different configuration, > > Again, I'm using the specific example of ssh in its current form. To > communicate with a peer: > > 1) generate my private/public keys > 2) configure peer with my public key > 3) connect to host (and peer host key is save for future reference) > > This is the existing infrastructure that I am referring to. Note that while I > do have a key for the host, it is only used to verify that I'm talking to the > same host the next time I connect. > > To allow the host to connect back to my machine autonomously, I would have to: > > 4) generate a private/public key on the peer (possibly could re-use host key) > 5) configure my host with the peer's public key > 6) install/configure/run ssh server > > The point is that these steps are extra, and not part of the configuration of > the existing infrastructure. In SSL, at least, this problem has already been attacked in the context of FTP, which involves callbacks on the data channel. Basically, you do session resumption but the party that does the active open (what one would think of as a TCP client) acts as the SSL server. See draft-murray-auth-ftp-ssl-16.txt (though the text isn't as clear as it could be). Note that this assumes you want to tear down the TCP connection. If you don't, then there's no problem, of course. Incidentally, with DTLS you can just leave the DTLS association up. -Ekr _______________________________________________ Isms mailing list Isms@lists.ietf.org https://www1.ietf.org/mailman/listinfo/isms
- [Isms] Discussion: Architecture direction for ISMS Ken Hornstein
- Re: [Isms] Discussion: Architecture direction for… David T. Perkins
- Re: [Isms] Discussion: Architecture direction for… Robert Story
- RE: [Isms] Discussion: Architecture direction for… David B Harrington
- Re: [Isms] Discussion: Architecture direction for… Robert Story
- Re: [Isms] Discussion: Architecture direction for… Juergen Schoenwaelder
- Re: [Isms] Discussion: Architecture direction for… Kaushik Narayan
- Re: [Isms] Discussion: Architecture direction for… Wes Hardaker
- Re: [Isms] Discussion: Architecture direction for… Wes Hardaker
- Re: Re: [Isms] Discussion: Architecture direction… Kaushik Narayan
- Re: Re: [Isms] Discussion: Architecture direction… David T. Perkins
- Re: [Isms] Discussion: Architecture direction for… Wes Hardaker
- Re: Re: [Isms] Discussion: Architecture direction… Kaushik Narayan
- RE: [Isms] Discussion: Architecture direction for… Sharon Chisholm
- RE: [Isms] Discussion: Architecture direction for… Blumenthal, Uri
- RE: [Isms] Discussion: Architecture direction for… Sharon Chisholm
- Re: [Isms] Discussion: Architecture direction for… Robert Story
- RE: [Isms] Discussion: Architecture direction for… Blumenthal, Uri
- RE: [Isms] Discussion: Architecture direction for… McDonald, Ira
- Re: [Isms] Discussion: Architecture direction for… Wes Hardaker
- RE: [Isms] Discussion: Architecture direction for… Sharon Chisholm
- Re: [Isms] Discussion: Architecture direction for… Wes Hardaker
- Re: [Isms] Discussion: Architecture direction for… Marcus Leech
- Re: [Isms] Discussion: Architecture direction for… Marcus Leech
- Re: [Isms] Discussion: Architecture direction for… Wes Hardaker
- RE: [Isms] Discussion: Architecture direction for… David T. Perkins
- RE: [Isms] Discussion: Architecture direction for… Sharon Chisholm
- RE: [Isms] Discussion: Architecture direction for… David T. Perkins
- Re: [Isms] Discussion: Architecture direction for… Sam Hartman
- RE: [Isms] Discussion: Architecture direction for… Martin Soukup
- Re: [Isms] Discussion: Architecture direction for… Randy Presuhn
- RE: [Isms] Discussion: Architecture direction for… Martin Soukup
- Re: [Isms] Discussion: Architecture direction for… Randy Presuhn
- RE: [Isms] Discussion: Architecture direction for… Blumenthal, Uri
- Re: [Isms] Discussion: Architecture direction for… Juergen Schoenwaelder
- RE: [Isms] Discussion: Architecture direction for… Blumenthal, Uri
- Re: [Isms] Discussion: Architecture direction for… Eliot Lear
- Re: [Isms] Discussion: Architecture direction for… Robert Story
- RE: [Isms] Discussion: Architecture direction for… Martin Soukup
- Re: [Isms] Discussion: Architecture direction for… Robert Story
- RE: [Isms] Discussion: Architecture direction for… Martin Soukup
- Re: [Isms] Discussion: Architecture direction for… Robert Story
- Re: [Isms] Discussion: Architecture direction for… Eric Rescorla
- RE: [Isms] Discussion: Architecture direction for… Martin Soukup
- RE: [Isms] Discussion: Architecture direction for… David B Harrington
- Re: [Isms] Discussion: Architecture direction for… Eliot Lear
- RE: [Isms] Discussion: Architecture direction for… Blumenthal, Uri
- RE: [Isms] Discussion: Architecture direction for… David T. Perkins
- Re: [Isms] Discussion: Architecture direction for… David T. Perkins
- Re: [Isms] Discussion: Architecture direction for… Juergen Schoenwaelder
- RE: [Isms] Discussion: Architecture direction for… David T. Perkins
- RE: [Isms] Discussion: Architecture direction for… David B Harrington
- RE: [Isms] Discussion: Architecture direction for… David T. Perkins
- Re: [Isms] Discussion: Architecture direction for… Sam Hartman
- Re: [Isms] Discussion: Architecture direction for… Sam Hartman
- Re: [Isms] Discussion: Architecture direction for… Randy Presuhn
- RE: [Isms] Discussion: Architecture direction for… Martin Soukup
- RE: [Isms] Discussion: Architecture direction for… David B Harrington
- RE: [Isms] Discussion: Architecture direction for… Blumenthal, Uri
- Re: [Isms] Discussion: Architecture direction for… David T. Perkins
- Re: [Isms] Discussion: Architecture direction for… Wes Hardaker
- Re: [Isms] Discussion: Architecture direction for… Sam Hartman
- Re: [Isms] Discussion: Architecture direction for… Juergen Schoenwaelder
- RE: [Isms] Discussion: Architecture direction for… Blumenthal, Uri
- Re: [Isms] Discussion: Architecture direction for… Sam Hartman
- RE: [Isms] Discussion: Architecture direction for… Blumenthal, Uri
- Re: [Isms] Discussion: Architecture direction for… Juergen Schoenwaelder
- RE: [Isms] Discussion: Architecture direction for… Blumenthal, Uri
- Re: [Isms] Discussion: Architecture direction for… Sam Hartman
- RE: [Isms] Discussion: Architecture direction for… Blumenthal, Uri
- Re: [Isms] Discussion: Architecture direction for… Sam Hartman
- Re: [Isms] Discussion: Architecture direction for… Randy Presuhn
- RE: [Isms] Discussion: Architecture direction for… Blumenthal, Uri
- Re: [Isms] Discussion: Architecture direction for… Wes Hardaker
- RE: [Isms] Discussion: Architecture direction for… Blumenthal, Uri
- Re: [Isms] Discussion: Architecture direction for… Thierry Moreau
- Re: [Isms] Discussion: Architecture direction for… Thierry Moreau
- RE: [Isms] Discussion: Architecture direction for… Blumenthal, Uri
- Re: [Isms] Discussion: Architecture direction for… Thierry Moreau
- RE: [Isms] Discussion: Architecture direction for… Blumenthal, Uri
- Re: [Isms] Discussion: Architecture direction for… Randy Presuhn
- Re: [Isms] Discussion: Architecture direction for… Thierry Moreau
- Re: [Isms] SSH / Reusability / etc Eliot Lear
- RE: [Isms] Discussion: Architecture direction for… Martin Soukup
- RE: [Isms] Discussion: Architecture direction for… Martin Soukup
- RE: [Isms] Discussion: Architecture direction for… Blumenthal, Uri
- RE: [Isms] Discussion: Architecture direction for… Martin Soukup
- RE: [Isms] Discussion: Architecture direction for… Blumenthal, Uri
- Re: [Isms] Discussion: Architecture direction for… David T. Perkins
- Re: [Isms] SSH / Reusability / etc Sam Hartman
- Re: [Isms] Discussion: Architecture direction for… Sam Hartman
- RE: [Isms] Discussion: Architecture direction for… David T. Perkins
- [Isms] RADIUS is not a trusted third party Sam Hartman
- Re: [Isms] Discussion: Architecture direction for… Sam Hartman
- RE: [Isms] Discussion: Architecture direction for… Blumenthal, Uri
- Re: [Isms] Discussion: Architecture direction for… Thierry Moreau
- RE: [Isms] Discussion: Architecture direction for… Fleischman, Eric
- RE: [Isms] Discussion: Architecture direction for… Blumenthal, Uri
- Re: [Isms] Discussion: Architecture direction for… Sam Hartman
- RE: [Isms] Discussion: Architecture direction for… David T. Perkins
- Re: [Isms] Discussion: Architecture direction for… Randy Presuhn
- Re: [Isms] Discussion: Architecture direction for… Wes Hardaker
- Re: [Isms] SSH / Reusability / etc Wes Hardaker
- RE: [Isms] Discussion: Architecture direction for… Blumenthal, Uri
- Re: [Isms] SSH / Reusability / etc Wes Hardaker
- Re: [Isms] Discussion: Architecture direction for… David T. Perkins
- Re: [Isms] SSH / Reusability / etc Sam Hartman
- Re: [Isms] Discussion: Architecture direction for… Randy Presuhn
- RE: [Isms] SSH / Reusability / etc David B Harrington
- RE: [Isms] Discussion: Architecture direction for… Fleischman, Eric
- RE: [Isms] Discussion: Architecture direction for… Blumenthal, Uri
- RE: [Isms] Discussion: Architecture direction for… Blumenthal, Uri
- Re: [Isms] Discussion: Architecture direction for… Sam Hartman
- RE: [Isms] Discussion: Architecture direction for… Martin Soukup
- RE: [Isms] Discussion: Architecture direction for… Martin Soukup
- Re: [Isms] Discussion: Architecture direction for… Randy Presuhn
- Re: [Isms] Discussion: Architecture direction for… Sam Hartman
- RE: [Isms] Discussion: Architecture direction for… Blumenthal, Uri
- RE: [Isms] Discussion: Architecture direction for… Blumenthal, Uri
- Re: [Isms] Discussion: Architecture direction for… Sam Hartman
- Re: [Isms] Discussion: Architecture direction for… Wes Hardaker
- Re: [Isms] Discussion: Architecture direction for… Sam Hartman