IETF Logo Mail Archive

[radext] FW: New Version Notification for draft-vishwakarma-opsawg-ssh-cert-radius-00.txt

"Dev Vishwakarma (dvishwak)" <dvishwak@cisco.com> Tue, 17 November 2020 22:17 UTC

Return-Path: <dvishwak@cisco.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 622663A0D9B; Tue, 17 Nov 2020 14:17:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.6
X-Spam-Level:
X-Spam-Status: No, score=-9.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=M3lkK0hl; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=i57X8Tff
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DebTxrvoGLvT; Tue, 17 Nov 2020 14:17:22 -0800 (PST)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57C003A0D45; Tue, 17 Nov 2020 14:17:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8669; q=dns/txt; s=iport; t=1605651442; x=1606861042; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=DkQMb/N1yZCN9DwssucWdV5QcCp9eFRNwt8V5H4EYB4=; b=M3lkK0hlx6J4IyHWiBqhf387TWN1a1SeLYpltzrorAAZYKwdZLxlsRzZ F3uIzJNi3J+vKgA7FAqSUYxLPzBaOKtTsm7y5L98RPMx3Iozw7lIEAl+N 5q2QmGCq4QCEdNtO0sRmd/4keJzB9VoVDibUr8emr2i0/qPaR1dbxtqWD U=;
X-IPAS-Result: A0BgBwAuS7RffYgNJK1iHQEBAQEJARIBBQUBQIFPgSMvUXtZLy4KhhKBaQONWpQUhHCCUwNUCwEBAQ0BASUIAgQBAYMVgTUCgiICJTgTAgMBAQEDAgMBAQEBBQEBAQIBBgQUAQGGPAyFcgEBAQEDEi4BATUCAQ8CAQgRAwECLzIbAQEFAwIEDgUIGoMFgX5XAy4BDqNcAoE8iGh0gTSDBAEBBYE3Ag5Bgn4YghAJgTiCc4pNG4FBP4FUgk8+gl0BAQIBAYFDGh4NEYMMgiyQdYoTJ50ICoJtiRGSKoMZgSqIbJIWgjSeUpVXAgQCBAUCDgEBBYFrITmBIHAVGoMKCUcXAg2OHzeDOoUUhUR0AjUCBgoBAQMJfIw7AYEQAQE
IronPort-PHdr: 9a23:tSFsIxLDNs2X1Eqf2dmcpTVXNCE6p7X5OBIU4ZM7irVIN76u5InmIFeGvK8/jVLVU8Pc8f0Xw+bVsqW1X2sG7N7BtX0Za5VDWlcDjtlehA0vBsOJSCiZZP7nZiA3BoJOAVli+XzoMEVJFoD5fVKB6nG35CQZTxP4Mwc9L+/pG4nU2sKw0e36+5DabwhSwjSnZrYnJxStpgKXvc4T0oY=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.77,486,1596499200"; d="scan'208,217";a="611389050"
Received: from alln-core-3.cisco.com ([173.36.13.136]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 17 Nov 2020 22:17:21 +0000
Received: from XCH-RCD-003.cisco.com (xch-rcd-003.cisco.com [173.37.102.13]) by alln-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 0AHMHLqt008701 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 17 Nov 2020 22:17:21 GMT
Received: from xhs-aln-002.cisco.com (173.37.135.119) by XCH-RCD-003.cisco.com (173.37.102.13) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 17 Nov 2020 16:17:20 -0600
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 17 Nov 2020 16:17:20 -0600
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Tue, 17 Nov 2020 17:17:19 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EhDOgrBuNSZ/1CYqIcw2cZ1R+2DURdvN0dVhi89ygJc+VH37U9+w1PbulvzWFoW1qzbhZZRuIx6IZIcIhU6+3wJhz8hVTz7ZWJ+gbRptOZ068CdqZTbcimROvZgOeX7QMFx6JI53HjeEUVmPB6ZtgwlJs4JXm2pB8rJ29uxcKlSQ69GrnyqOXI2XXyXWPE1tBoLjX6P177EGYJAkKEe9+XVQ2BlWEcquMGiQkX4FjZT4mbFGqdQDmY3aDi0EusHxiM/64uRuAUySWA7c7xG4eBtt+XyrHK0EmNQ8Nt3r89SgaD6y3Czdb1Ucmq53rAZo5mF2MZx5PNYKduixrVCGGA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EDzI1zc/V74nyPG8XGHYyS+tXmcilQLkuiTN/4jSfnY=; b=LI16G8xB4vAd3o52V7M0TmHv+3ck+HhuZELPbH9B61UStHIerisY+4Kh7DyDkmIsrAiTHoXUS3lv65TN6VerY0c++qXaghlsH1EjsjxshC/tZFnp0XnE0F/7gOCiFJ3rtmxbuI2NVNR7wl2FApponlHZYzQOsm4hqZ0F1YJ1RHeuUkXX2TzCI1TSzTHX9iGazwt6Thwsq293Z08LPYTvCogX5Xwbat7tWpVXudgSdaAsYm9dAyzAA7NYCkwTW613KHLKZ/41zYXSeyGDKAte+fv5eqcIHDPvLJmdEECClImFBPd+8u5UxfkyGMjyav3w60CMzpEJamw33jWXrncWVA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EDzI1zc/V74nyPG8XGHYyS+tXmcilQLkuiTN/4jSfnY=; b=i57X8TffWrdCPUPt/GHqfEwbo8bNJ6rVjUEyLBJRIgPJPUp/IzjRF8b+qI3jhOdAJjfYNJ2uumscE/p/0MUr1xJ2ofWUnryjTn1irvxgUU2zdhXFOHifQbSMDhE+yHOnVSZ/7KeZS3t1F08hxS0jQlDf8iPq2VbsNOokVBbGCyA=
Received: from BN8PR11MB3570.namprd11.prod.outlook.com (2603:10b6:408:90::21) by BN7PR11MB2612.namprd11.prod.outlook.com (2603:10b6:406:b4::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3564.28; Tue, 17 Nov 2020 22:17:15 +0000
Received: from BN8PR11MB3570.namprd11.prod.outlook.com ([fe80::d14b:a720:1529:fa8f]) by BN8PR11MB3570.namprd11.prod.outlook.com ([fe80::d14b:a720:1529:fa8f%7]) with mapi id 15.20.3541.028; Tue, 17 Nov 2020 22:17:15 +0000
From: "Dev Vishwakarma (dvishwak)" <dvishwak@cisco.com>
To: opsawg <opsawg@ietf.org>
CC: "radext@ietf.org" <radext@ietf.org>
Thread-Topic: New Version Notification for draft-vishwakarma-opsawg-ssh-cert-radius-00.txt
Thread-Index: AQHWvSu4G8TWBDPQMUW3SWMBn6/Wb6nM4jA2
Date: Tue, 17 Nov 2020 22:17:15 +0000
Message-ID: <BN8PR11MB35704F4EA2F0FA2E6D07A9ADDDE20@BN8PR11MB3570.namprd11.prod.outlook.com>
References: <160564982230.24525.10556561672632547682@ietfa.amsl.com>
In-Reply-To: <160564982230.24525.10556561672632547682@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [173.38.117.84]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c5ca940a-6c74-46ed-f960-08d88b468a68
x-ms-traffictypediagnostic: BN7PR11MB2612:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <BN7PR11MB26124E693E9B6336335B79C0DDE20@BN7PR11MB2612.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Nx0Ktc1ad8SR2uXyicuTCLZ8v5NofArrWREBV6eUtceUqF3cEUJ2gnFS8PLftZdLNzSM2U/tX0yQI17juZwb1BOaQi/Ee479ADewjXNQCnB+VVbIZipSHPb3n2J2BFpUfLDAFXoroXcAWIIyHSWkoeA3EAwZqceXBUqNEdVRjiY2FynMKPJvxJM5WLU0WrX9eyS9H5vRygegP6cT/GlXdFbYSmVyMETkqRyQ67FYE3nNVq01vrVJ6YHLenA4wDvhXr6frrUnJ+jRTeKYsMYZSk5O60dIeAIQc8mqSc1qJ4pUjV4G7yFe9F3HHzPJeIb0OZXD1arlAKP8lh8ZLTT4IbhBecPdBlebwXQs7totqTME3C/A866Gb5a/d4lNZgMmrssVyS9qEvkq67KOmfkO6A==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN8PR11MB3570.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(376002)(346002)(396003)(39860400002)(136003)(366004)(966005)(478600001)(55016002)(66574015)(186003)(53546011)(6506007)(9686003)(83380400001)(7696005)(316002)(15650500001)(2906002)(33656002)(4001150100001)(26005)(8676002)(4326008)(86362001)(8936002)(52536014)(66476007)(64756008)(66446008)(66556008)(5660300002)(71200400001)(166002)(76116006)(66946007)(91956017)(6916009); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: hJmgIPaWxMaZDJaucOXN35bPicALGDJ5xoRsfZ29g3bfspeiDB44MPa85vBMErWEbh6tbYOwXOFIG8zcnm5cuagUN+jkAd5vitvjzSepa4nHyvT3BqLEhAVZwRmxhGeD0ZJbn+iFWOoQ/G0knXAyJ2lRXjLxrOz+5jsfsgtuZqUuf42P36K7R9B2gMTFNLriXT9fpu+BAYWSxgoRKynypIMUMZW3dESOKI8p52rDABxi989CdyQQaY7rDZFCu9WrT+700AA4tiLBXres3o+1E9TMr6k3ZMeiONrXKWmePZ5M2EdfXnfGVfuwXSEMrvTrS7jXO9A9s1q4JsSaOMryGe9410E0vVfY17OOo3x1Ke3mWFi+dbgQjkhVnjZSfu43BiscWkCSfaltOjz2cssTofx5eAf7MnJjf6SNqd0NCcTvendITWBogaTgjjl+mO3636uzVwzqSHjYugi2g3GfB9QfowGWyFc6jSOJYeSp7T+T9tbcCnhgC6tEwh5fBpuu949vni+PRmqe4bF8ri+7id9f50ME8OFkRbC+F/kfH+tLByFlYhvjhHTS6Te6eZNitcx7Nld6KRG4mIvTeYmDkA3VmOX2oc7gZ1omCaNThceGNPZsz+8G39CTHWHJz3vXVf7m84FuRtO6RDGdtCub0V5jC4qRLBZgowGhvS5rCwlUFIbXYoDd64UW5lzy8zvo9XFFcybmx7zldITy6F3vxcr0rlOZzxST8uih5QL4MHTCEOgf4TWf8iRNs3AGoVsMJdZjuatgdTXnWNHhvoKsvPXtlBWzQNvQ8ne/p5MQ3F+BE+vrfr0+dyTHT7uOzaobl/8HV4sUHK67lD9eK084icYjfhBh1GG6MXv5QLF1UElGJKkao0fb1n5FGw15gh5UGJCo50MdP30oiKXfTVa/+g==
Content-Type: multipart/alternative; boundary="_000_BN8PR11MB35704F4EA2F0FA2E6D07A9ADDDE20BN8PR11MB3570namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN8PR11MB3570.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c5ca940a-6c74-46ed-f960-08d88b468a68
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Nov 2020 22:17:15.5943 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: VEZtOKhfHcLGK/hKVhJqleW/csQ9x9t1YfbRmhZqhWYyYS8ePqWpxBhLZXCXpCBkq5qIawkDulTvtnaHjoqkEA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2612
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.13, xch-rcd-003.cisco.com
X-Outbound-Node: alln-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/wbb8joO1U_Lu-CSFxa0Hv6vNtXg>
Subject: [radext] FW: New Version Notification for draft-vishwakarma-opsawg-ssh-cert-radius-00.txt
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2020 22:17:24 -0000

Hi all,

We have submitted draft that has mechanism for certificate based authentication using RADIUS. Please review and provide your comments.

Thanks,
Dev Vishwakarma

From: internet-drafts@ietf.org <internet-drafts@ietf.org>
Date: Tuesday, November 17, 2020 at 4:50 PM
To: Vivek Agarwal (vivagarw) <vivagarw@cisco.com>, Dev Vishwakarma (dvishwak) <dvishwak@cisco.com>, Prakash Suthar <psuthar@google.com>, Anil Jangam (anjangam) <anjangam@cisco.com>, Prakash Suthar <psuthar@google.com>
Subject: New Version Notification for draft-vishwakarma-opsawg-ssh-cert-radius-00.txt

A new version of I-D, draft-vishwakarma-opsawg-ssh-cert-radius-00.txt
has been successfully submitted by Devendra Vishwakarma and posted to the
IETF repository.

Name:           draft-vishwakarma-opsawg-ssh-cert-radius
Revision:       00
Title:          RADIUS Extension for Certificate-based SSH Authentication
Document date:  2020-11-15
Group:          Individual Submission
Pages:          15
URL:            https://www.ietf.org/archive/id/draft-vishwakarma-opsawg-ssh-cert-radius-00.txt
Status:         https://datatracker.ietf.org/doc/draft-vishwakarma-opsawg-ssh-cert-radius/
Htmlized:       https://datatracker.ietf.org/doc/html/draft-vishwakarma-opsawg-ssh-cert-radius
Htmlized:       https://tools.ietf.org/html/draft-vishwakarma-opsawg-ssh-cert-radius-00


Abstract:
   A scalable and centralized mechanism is required for a certificate-
   based administrative access to multitude of virtualized and physical
   network functions.  While there are mechanisms that exist today to
   provide secure administrative command-line and API-based access,
   there are certain management and maintenance overheads as well as
   certain scalability challenges related to it.  In this draft we
   discuss these challenges and propose a standardized, centralized
   server-based mechanism to authenticate a user over an SSH session
   using its client certificate.




Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

v2.23.0 | Report a Bug | By Email