Re: [saag] SSH Protocol Extensions
Nico Williams <nico@cryptonector.com> Wed, 12 August 2015 16:50 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00BE21A9031 for <saag@ietfa.amsl.com>; Wed, 12 Aug 2015 09:50:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.366
X-Spam-Level:
X-Spam-Status: No, score=-2.366 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XN5fxlHX2HCo for <saag@ietfa.amsl.com>; Wed, 12 Aug 2015 09:50:16 -0700 (PDT)
Received: from homiemail-a49.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 61B141A8F4D for <saag@ietf.org>; Wed, 12 Aug 2015 09:50:16 -0700 (PDT)
Received: from homiemail-a49.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a49.g.dreamhost.com (Postfix) with ESMTP id C07D7200D30C2; Wed, 12 Aug 2015 09:50:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:subject:message-id:references:mime-version:content-type :in-reply-to; s=cryptonector.com; bh=PYPsnHRbAtwxccM/DnU+RCrVda8 =; b=vE+0ltLQIza66Ip0Gr3H2dHCO/ftBAch0g3GXq2Je4G2/3cridSeEM/YNoA Au5C485/eNw5tiqbj0uEwSNiGlP1B3gluIrg7WZ2BLsPC0ibLP3RAQgmVL+FAciV r6z8cndsuuxkqFI+dhy3zqrh2CszVkCfzVj3mbRVqtV/vI1c=
Received: from localhost (108-207-244-174.lightspeed.austtx.sbcglobal.net [108.207.244.174]) (Authenticated sender: nico@cryptonector.com) by homiemail-a49.g.dreamhost.com (Postfix) with ESMTPA id C947D200D30C0; Wed, 12 Aug 2015 09:50:14 -0700 (PDT)
Date: Wed, 12 Aug 2015 11:50:11 -0500
From: Nico Williams <nico@cryptonector.com>
To: saag@ietf.org
Message-ID: <20150812165007.GE3654@localhost>
References: <CAPofZaFwCdNKzM42HJMJzLsx+VSVt07Jp+FHA7rV1g7+X7RNNQ@mail.gmail.com> <55CB2D0F.8000606@restena.lu> <CAPofZaHz6rUE54SOX-sS3VDqtKbdsWifX1iWWqKhySR7rXqdmw@mail.gmail.com> <12386.1439391436@sandelman.ca> <20150812155016.GA24354@localhost> <CAPofZaFxTBJ+fz+n-N09Au_yx_De3pR_JfTdhsBxycW3MnvB8Q@mail.gmail.com> <20150812162214.GS9139@mournblade.imrryr.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20150812162214.GS9139@mournblade.imrryr.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/JZ-h0_kYliqHRbbYTXkQvwxaLvA>
Subject: Re: [saag] SSH Protocol Extensions
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Aug 2015 16:50:21 -0000
On Wed, Aug 12, 2015 at 04:22:14PM +0000, Viktor Dukhovni wrote: > On Wed, Aug 12, 2015 at 05:13:02PM +0100, Phil Lello wrote: > > > Admittedly, I'm currently put off by > > what appears to be a steep learning curve once GSS, RADIUS, et al. come > > into the mix, but with my 'lazy coder' hat on, it doesn't seem unreasonable > > that other potential implementers will feel the same. > > Is this confusing implementation with deployment? I don't see a mention of deployment. I suspect that Phil wants to implement from scratch, not use an off-the-shelf implementation. > Once the platform's GSSAPI library supports ABFAB, it becomes a > question of deployment, not implementation. I should note that one should be able to implement and deploy an SSH client and server that use a system GSS library for some GSS mechanisms, and a non-system GSS mechanism used directly without reference to any GSS libraries. Some SASL and SMB implementations do this sort of thing. Nico --
- [saag] SSH Protocol Extensions Phil Lello
- Re: [saag] SSH Protocol Extensions Stefan Winter
- Re: [saag] SSH Protocol Extensions Phil Lello
- Re: [saag] SSH Protocol Extensions Michael Richardson
- Re: [saag] SSH Protocol Extensions Nico Williams
- Re: [saag] SSH Protocol Extensions Sam Hartman
- Re: [saag] SSH Protocol Extensions Phil Lello
- Re: [saag] SSH Protocol Extensions Viktor Dukhovni
- Re: [saag] SSH Protocol Extensions Nico Williams
- Re: [saag] SSH Protocol Extensions Nico Williams
- Re: [saag] SSH Protocol Extensions Nico Williams
- Re: [saag] SSH Protocol Extensions Sam Hartman
- Re: [saag] SSH Protocol Extensions Simon Josefsson
- Re: [saag] SSH Protocol Extensions Nico Williams
- Re: [saag] SSH Protocol Extensions Benjamin Kaduk
- Re: [saag] [kitten] SSH Protocol Extensions Cantor, Scott
- Re: [saag] [kitten] SSH Protocol Extensions Phil Lello