Re: [Isms] SSHSMRADIUSIntegrationdraft(draft-narayan-isms-sshsm-radius-01.txt)submitted
Juergen Schoenwaelder <j.schoenwaelder@iu-bremen.de> Fri, 16 March 2007 11:41 UTC
Return-path: <isms-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HSAo2-0000VC-4L; Fri, 16 Mar 2007 07:41:10 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HSAo1-0000V7-Mv for isms@ietf.org; Fri, 16 Mar 2007 07:41:09 -0400
Received: from hermes.iu-bremen.de ([212.201.44.23]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HSAo0-000779-9R for isms@ietf.org; Fri, 16 Mar 2007 07:41:09 -0400
Received: from localhost (demetrius.iu-bremen.de [212.201.44.32]) by hermes.iu-bremen.de (Postfix) with ESMTP id A50406DBFE; Fri, 16 Mar 2007 12:41:07 +0100 (CET)
Received: from hermes.iu-bremen.de ([212.201.44.23]) by localhost (demetrius.iu-bremen.de [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id 14261-06; Fri, 16 Mar 2007 12:41:03 +0100 (CET)
Received: from elstar.iuhb02.iu-bremen.de (elstar.iuhb02.iu-bremen.de [10.50.231.133]) by hermes.iu-bremen.de (Postfix) with ESMTP id ECDD26DB67; Fri, 16 Mar 2007 12:41:03 +0100 (CET)
Received: by elstar.iuhb02.iu-bremen.de (Postfix, from userid 501) id B37731E8CA8; Fri, 16 Mar 2007 12:41:02 +0100 (CET)
Date: Fri, 16 Mar 2007 12:41:02 +0100
From: Juergen Schoenwaelder <j.schoenwaelder@iu-bremen.de>
To: Eliot Lear <lear@cisco.com>
Subject: Re: [Isms] SSHSMRADIUSIntegrationdraft(draft-narayan-isms-sshsm-radius-01.txt)submitted
Message-ID: <20070316114102.GB991@elstar.iuhb02.iu-bremen.de>
Mail-Followup-To: Eliot Lear <lear@cisco.com>, "Kaushik Narayan (kaushik)" <kaushik@cisco.com>, David Harrington <ietfdbh@comcast.net>, "David B. Nelson" <d.b.nelson@comcast.net>, isms@ietf.org
References: <01df01c7670b$4eb38ec0$0600a8c0@china.huawei.com> <618694EF0B657246A4D55A97E38274C3032CC615@xmb-sjc-22d.amer.cisco.com> <20070316084724.GE759@elstar.iuhb02.iu-bremen.de> <45FA7ED0.3060600@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <45FA7ED0.3060600@cisco.com>
User-Agent: Mutt/1.5.14 (2007-02-12)
X-Virus-Scanned: amavisd-new 2.3.3 (20050822) at iu-bremen.de
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0bc60ec82efc80c84b8d02f4b0e4de22
Cc: isms@ietf.org
X-BeenThere: isms@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: j.schoenwaelder@iu-bremen.de
List-Id: Mailing list for the ISMS working group <isms.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/isms>
List-Post: <mailto:isms@lists.ietf.org>
List-Help: <mailto:isms-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=subscribe>
Errors-To: isms-bounces@lists.ietf.org
On Fri, Mar 16, 2007 at 12:26:08PM +0100, Eliot Lear wrote:
> And then Dave Harrington responded:
>
> >So far, I have not seen any proposals, either written or just proposed
> >verbally, that provides a secure transport with all the security
> >characteristics of USM. A critical feature of USM, not provided by SSH
> >or TLS or RADIUS proposals so far, is local authentication with NO
> >ties to a third party authenticator.
>
> Kaushik, Keith and I proposed a method last summer that would have
> precisely addressed the 2nd sentence in that paragraph. I believe this
> leaves David Nelson's question somewhat unanswered.
Again, is a local password or key pair in the context of SSH not
exactly addressing the 2nd sentence above, namely "local
authentication with NO ties to a third party authenticator"? I remain
in the confused state for now.
/js
PS: Our implementation calls out to PAM and it actually does not
matter whether you configure radius, something else, or local
passwords if you like that.
--
Juergen Schoenwaelder Jacobs University Bremen
<http://www.eecs.iu-bremen.de/> P.O. Box 750 561, 28725 Bremen, Germany
_______________________________________________
Isms mailing list
Isms@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms
- [Isms] SSHSM RADIUS Integration draft (draft-nara… Kaushik Narayan (kaushik)
- RE: [Isms] SSHSM RADIUS Integration draft(draft-n… David Harrington
- RE: [Isms] SSHSM RADIUS Integrationdraft(draft-na… David B. Nelson
- RE: [Isms] SSHSM RADIUSIntegrationdraft(draft-nar… David Harrington
- Re: [Isms] SSHSM RADIUSIntegrationdraft(draft-nar… Eliot Lear
- RE: [Isms] SSHSM RADIUSIntegrationdraft(draft-nar… David Harrington
- RE: [Isms] SSHSMRADIUSIntegrationdraft(draft-nara… Kaushik Narayan (kaushik)
- Re: [Isms] SSHSM RADIUSIntegrationdraft(draft-nar… Eliot Lear
- Re: [Isms] SSHSMRADIUSIntegrationdraft(draft-nara… Juergen Schoenwaelder
- Re: [Isms] SSHSMRADIUSIntegrationdraft(draft-nara… Eliot Lear
- Re: [Isms] SSHSMRADIUSIntegrationdraft(draft-nara… Juergen Schoenwaelder
- RE: [Isms]SSHSMRADIUSIntegrationdraft(draft-naray… David Harrington
- RE: [Isms]SSHSMRADIUSIntegrationdraft(draft-naray… Kaushik Narayan (kaushik)
- Re: [Isms]SSHSMRADIUSIntegrationdraft(draft-naray… Juergen Schoenwaelder
- RE: [Isms]SSHSMRADIUSIntegrationdraft(draft-naray… Fleischman, Eric
- RE: [Isms]SSHSMRADIUSIntegrationdraft(draft-naray… Kaushik Narayan (kaushik)
- RE: [Isms]SSHSMRADIUSIntegrationdraft(draft-naray… Fleischman, Eric