Re: WG Last Call (third time's the charm?) for SSH core drafts

To: ietf-ssh%netbsd.org@localhost
Subject: Re: WG Last Call (third time's the charm?) for SSH core drafts
From: Darren Moffat <Darren.Moffat%eng.sun.com@localhost>
Date: Mon, 4 Feb 2002 14:51:57 -0800 (PST)

>> Based on recent traffic I think we might have one outstanding issue,
>> to do with SSH_MSG_USERAUTH_PASSWD_CHANGEREQ. Currently the text allows
>> the client to ignore the message and assume SUCCESS (at least that is how
>> I read it).  
>
>I don't read it that way -- the current text is just plain silent
>about both client and server behavior should the client not send a
>password change request.
>
>I assume the proposed fix is to say something like:
>
>	server MAY send an error message and drop the connection if
>	client fails to send a password change request.

I could live with that but I would change the MAY to a SHOULD (I think
the final outcome is pretty much the same but it is more a hint to where the
burden of responsibility should be).  Compare this to telnet if you
have to change your password you probably can't get past giving a good
new password. 

Actually it might even be better to have it as a MUST since not doing
so allows for the potential of a client/server pair that can bypass admin
policy and we shouldn't really encourage that.

I'm okay with the server ignoring the client sending PASSWD_CHANGEREQ
messages.

--
Darren J Moffat

Follow-Ups:
- Re: WG Last Call (third time's the charm?) for SSH core drafts
  - From: Bill Sommerfeld

Prev by Date: Re: WG Last Call (third time's the charm?) for SSH core drafts
Next by Date: Re: WG Last Call (third time's the charm?) for SSH core drafts
Previous by Thread: Re: WG Last Call (third time's the charm?) for SSH core drafts
Next by Thread: Re: WG Last Call (third time's the charm?) for SSH core drafts
Indexes:

Home | Main Index | Thread Index | Old Index