Re: [Isms] #8: Do we need a mapping between the SSH key and SNMPengineID?
Sam Hartman <hartmans-ietf@mit.edu> Wed, 19 October 2005 09:23 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ESAAv-0005YA-Jv; Wed, 19 Oct 2005 05:23:57 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ESAAt-0005Vz-Hr for isms@megatron.ietf.org; Wed, 19 Oct 2005 05:23:55 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA01981 for <isms@ietf.org>; Wed, 19 Oct 2005 05:23:47 -0400 (EDT)
Received: from carter-zimmerman.suchdamage.org ([69.25.196.178] helo=carter-zimmerman.mit.edu) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1ESAMa-0004rW-Jc for isms@ietf.org; Wed, 19 Oct 2005 05:36:02 -0400
Received: by carter-zimmerman.mit.edu (Postfix, from userid 8042) id 23C40E0038; Wed, 19 Oct 2005 05:23:53 -0400 (EDT)
To: "David T. Perkins" <dperkins@dsperkins.com>
Subject: Re: [Isms] #8: Do we need a mapping between the SSH key and SNMPengineID?
References: <Pine.LNX.4.10.10510171005010.9177-100000@shell4.bayarea.net>
From: Sam Hartman <hartmans-ietf@mit.edu>
Date: Wed, 19 Oct 2005 05:23:53 -0400
In-Reply-To: <Pine.LNX.4.10.10510171005010.9177-100000@shell4.bayarea.net> (David T. Perkins's message of "Mon, 17 Oct 2005 12:36:48 -0700 (PDT)")
Message-ID: <tslwtk9rhau.fsf@cz.mit.edu>
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 769a46790fb42fbb0b0cc700c82f7081
Cc: isms@ietf.org
X-BeenThere: isms@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Mailing list for the ISMS working group <isms.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/isms>
List-Post: <mailto:isms@lists.ietf.org>
List-Help: <mailto:isms-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=subscribe>
Sender: isms-bounces@lists.ietf.org
Errors-To: isms-bounces@lists.ietf.org
>>>>> "David" == David T Perkins <dperkins@dsperkins.com> writes: David> 3) In SSH, a server is identified by a transport address David> (SSH experts jump in if I've used the incorrect David> terminology) I'm not sure that the ssh protocol documents specify how servers are named. I think this may be a local matter. It sounds from the architecture document like servers are typically named by hostname, but many implementations also name servers by IP address. I'd appreciate a more specific citation to a claim that servers are identified by transport address. David> and is authenticated via use of a public key David> pair (RSA or DSA). (from draft-ietf-secsh-transport-24.txt David> and draft-ietf-secsh-architecture-22.txt) And is often authenticated by a public key. There is already another standards track mechanism for authenticating servers: draft-ietf-secsh-gssapi-keyex, which like the core ssh documents is waiting in the rfc-editor queue. Other mechanisms are possible. >From this I conclude that anything in SSHSM that depends on the particular way servers are authenticated will limit the applicability of SSHSM. It may be appropriate (and possibly even necessary) to define ways of managing certain information based on particular authentication methods. It is desirable to avoid depending on particular authentication methods and is probably desirable to be conservative in accepting authentication method information that may not be available from some authentication methods into architectural elements in SSHSM or TMSM. David> 4) In SSH, a client is identified by a "user name" (from David> draft-ietf-secsh-userauth-27.txt, section 5) and is David> authenticated via a mechanism identified by a "method David> name". The typical ones are "publickey" and "password" (see David> draft-ietf-secsh-assignednumbers-12.txt, section 4.8) A client is authenticated by zero or more methods. Method are in fact named. --Sam _______________________________________________ Isms mailing list Isms@lists.ietf.org https://www1.ietf.org/mailman/listinfo/isms
- RE: [Isms] #8: Do we need a mapping between the S… Kaushik Narayan (kaushik)
- RE: [Isms] #8: Do we need a mapping between the S… Blumenthal, Uri
- RE: [Isms] #8: Do we need a mapping between the S… David T. Perkins
- RE: [Isms] #8: Do we need a mapping between the S… Miao Fuyou
- RE: [Isms] #8: Do we need a mapping between the S… Blumenthal, Uri
- RE: [Isms] #8: Do we need a mapping between the S… David T. Perkins
- RE: [Isms] #8: Do we need a mapping between the S… Blumenthal, Uri
- RE: [Isms] #8: Do we need a mapping between the S… David B Harrington
- Re: [Isms] #8: Do we need a mapping between the S… Sam Hartman
- RE: [Isms] #8: Do we need a mapping between the S… David B Harrington
- RE: [Isms] #8: Do we need a mapping between the S… Miao Fuyou
- Re: [Isms] #8: Do we need a mapping between the S… Sam Hartman
- Re: [Isms] #8: Do we need a mapping between the S… Sam Hartman
- RE: [Isms] #8: Do we need a mapping between the S… Miao Fuyou
- RE: [Isms] #8: Do we need a mapping between the S… David B Harrington