Public-key subsystem draft submitted

To: <ietf-ssh%netbsd.org@localhost>
Subject: Public-key subsystem draft submitted
From: "Brent McClure" <mcclure%swcp.com@localhost>
Date: Wed, 23 Oct 2002 13:11:52 -0600

We have submitted the following draft of the "Secure Shell Public-Key Subsystem"
as an individual submission to the Secure Shell Working Group:
  
  http://www.ietf.org/internet-drafts/draft-galb-secsh-publickey-subsystem-00.txt

The public-key subsystem allows clients to upload, list and manage
public keys in an implementation-independent fashion.

This draft is similar to a draft that we submitted in November 2000. At the 
time there was a fair amount of interest in the draft, but in general the 
consensus seemed to be that this public-key management should be defined as 
a subsystem instead of as a channel as it had been in that draft.

We have implemented this subsystem in our products, and we've created a
patch to the OpenSSH distribution that implements it in that server
as well. We've seen a fair amount of interest in this.

Is this something that the working group would be interested in taking up?

I've included the abstract of the draft below.

thanks, 
Brent McClure
bdm%vandyke.com@localhost

----
Abstract

   SECSH defines an authentication mechanism that is based on public
   keys, but does not define any mechanism for key distribution.  No
   common key management solution exists in current implementations.
   This document describes a protocol that can be used to configure
   public keys in an implementation-independent fashion, allowing client
   software to take on the burden of this configuration.

   This protocol is intended to be used from the Secure Shell Connection
   Protocol [4] as a subsystem, as described in Section ``Starting a
   Shell or a Command''.  The subsystem name used with this protocol is

   "publickey%vandyke.com@localhost".

   The public-key subsystem provides a server-independent mechanism for
   clients to add public keys, remove public keys, and list the current
   public keys known by the server.  Rights to manage public keys are
   specific and limited to the authenticated user.

   A public key may also be associated with a mandatory command.

Prev by Date: Meeting in Atlanta...
Next by Date: SSHv2 GSS spec issue wrt gss error tokens
Previous by Thread: Meeting in Atlanta...
Next by Thread: SSHv2 GSS spec issue wrt gss error tokens
Indexes:

Home | Main Index | Thread Index | Old Index