RE: [Isms]SSHSMRADIUSIntegrationdraft(draft-narayan-isms-sshsm-radius-01.txt)submitted
"David Harrington" <ietfdbh@comcast.net> Fri, 16 March 2007 12:09 UTC
Return-path: <isms-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HSBFe-0003Gr-Cj; Fri, 16 Mar 2007 08:09:42 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HSBFd-0003Gi-Cv for isms@ietf.org; Fri, 16 Mar 2007 08:09:41 -0400
Received: from alnrmhc15.comcast.net ([206.18.177.55]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HSBFb-0004O4-4U for isms@ietf.org; Fri, 16 Mar 2007 08:09:41 -0400
Received: from harrington73653 (c-24-128-104-207.hsd1.nh.comcast.net[24.128.104.207]) by comcast.net (alnrmhc15) with SMTP id <20070316120938b1500c94noe>; Fri, 16 Mar 2007 12:09:38 +0000
From: David Harrington <ietfdbh@comcast.net>
To: j.schoenwaelder@iu-bremen.de, 'Eliot Lear' <lear@cisco.com>
References: <01df01c7670b$4eb38ec0$0600a8c0@china.huawei.com> <618694EF0B657246A4D55A97E38274C3032CC615@xmb-sjc-22d.amer.cisco.com> <20070316084724.GE759@elstar.iuhb02.iu-bremen.de> <45FA7ED0.3060600@cisco.com> <20070316114102.GB991@elstar.iuhb02.iu-bremen.de>
Subject: RE: [Isms]SSHSMRADIUSIntegrationdraft(draft-narayan-isms-sshsm-radius-01.txt)submitted
Date: Fri, 16 Mar 2007 08:09:28 -0400
Message-ID: <001501c767c3$f337c2f0$0600a8c0@china.huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
In-Reply-To: <20070316114102.GB991@elstar.iuhb02.iu-bremen.de>
Thread-Index: Acdnv/1Vu86FBWVbTUaRiEbZYVa7xQAAy+uw
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 3e15cc4fdc61d7bce84032741d11c8e5
Cc: isms@ietf.org
X-BeenThere: isms@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Mailing list for the ISMS working group <isms.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/isms>
List-Post: <mailto:isms@lists.ietf.org>
List-Help: <mailto:isms-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=subscribe>
Errors-To: isms-bounces@lists.ietf.org
Hi, Yes, I was off-track. A local password or key pair should be acceptable. dbh > -----Original Message----- > From: Juergen Schoenwaelder [mailto:j.schoenwaelder@iu-bremen.de] > Sent: Friday, March 16, 2007 7:41 AM > To: Eliot Lear > Cc: Kaushik Narayan (kaushik); David Harrington; David B. > Nelson; isms@ietf.org > Subject: Re: > [Isms]SSHSMRADIUSIntegrationdraft(draft-narayan-isms-sshsm-rad > ius-01.txt)submitted > > On Fri, Mar 16, 2007 at 12:26:08PM +0100, Eliot Lear wrote: > > > And then Dave Harrington responded: > > > > >So far, I have not seen any proposals, either written or > just proposed > > >verbally, that provides a secure transport with all the security > > >characteristics of USM. A critical feature of USM, not > provided by SSH > > >or TLS or RADIUS proposals so far, is local authentication with NO > > >ties to a third party authenticator. > > > > Kaushik, Keith and I proposed a method last summer that would have > > precisely addressed the 2nd sentence in that paragraph. I > believe this > > leaves David Nelson's question somewhat unanswered. > > Again, is a local password or key pair in the context of SSH not > exactly addressing the 2nd sentence above, namely "local > authentication with NO ties to a third party authenticator"? I remain > in the confused state for now. > > /js > > PS: Our implementation calls out to PAM and it actually does not > matter whether you configure radius, something else, or local > passwords if you like that. > > -- > Juergen Schoenwaelder Jacobs University Bremen > <http://www.eecs.iu-bremen.de/> P.O. Box 750 561, > 28725 Bremen, Germany > _______________________________________________ Isms mailing list Isms@lists.ietf.org https://www1.ietf.org/mailman/listinfo/isms
- [Isms] SSHSM RADIUS Integration draft (draft-nara… Kaushik Narayan (kaushik)
- RE: [Isms] SSHSM RADIUS Integration draft(draft-n… David Harrington
- RE: [Isms] SSHSM RADIUS Integrationdraft(draft-na… David B. Nelson
- RE: [Isms] SSHSM RADIUSIntegrationdraft(draft-nar… David Harrington
- Re: [Isms] SSHSM RADIUSIntegrationdraft(draft-nar… Eliot Lear
- RE: [Isms] SSHSM RADIUSIntegrationdraft(draft-nar… David Harrington
- RE: [Isms] SSHSMRADIUSIntegrationdraft(draft-nara… Kaushik Narayan (kaushik)
- Re: [Isms] SSHSM RADIUSIntegrationdraft(draft-nar… Eliot Lear
- Re: [Isms] SSHSMRADIUSIntegrationdraft(draft-nara… Juergen Schoenwaelder
- Re: [Isms] SSHSMRADIUSIntegrationdraft(draft-nara… Eliot Lear
- Re: [Isms] SSHSMRADIUSIntegrationdraft(draft-nara… Juergen Schoenwaelder
- RE: [Isms]SSHSMRADIUSIntegrationdraft(draft-naray… David Harrington
- RE: [Isms]SSHSMRADIUSIntegrationdraft(draft-naray… Kaushik Narayan (kaushik)
- Re: [Isms]SSHSMRADIUSIntegrationdraft(draft-naray… Juergen Schoenwaelder
- RE: [Isms]SSHSMRADIUSIntegrationdraft(draft-naray… Fleischman, Eric
- RE: [Isms]SSHSMRADIUSIntegrationdraft(draft-naray… Kaushik Narayan (kaushik)
- RE: [Isms]SSHSMRADIUSIntegrationdraft(draft-naray… Fleischman, Eric