IESG feedback on core drafts.

To: ietf-ssh%netbsd.org@localhost
Subject: IESG feedback on core drafts.
From: Bill Sommerfeld <sommerfeld%east.sun.com@localhost>
Date: Thu, 20 Feb 2003 21:12:37 -0500

Some time ago I mentioned that the core drafts were being held up due
to concerns about the security considerations section.

I've just gotten feedback from Steve Bellovin (security co-AD).

He states that in his opinion, the security consideration section is
inadequate and should be rewritten along the lines described in
draft-iab-sec-cons-03.txt including:

    ".. a discussion of the limitations of the protocol, the
    countermeasures, and the residual vulnerabilities.  Looking just
    at the architecture document, it says (in that section) nothing
    about the risks from users accepting unknown host keys.  The
    information is present in diffuse form in 3.1, but it isn't
    spelled out clearly in one spot.  A possible countermeasure would
    be some way for a logged-in user to then verify the fingerprint,
    in a way that a clever mitm proxy would find hard to
    mimic. Similarly, the draft says little about the security of the
    endpoint being important.  It's not any one thing; it's that I'd
    really like SEC-area documents to be better than average, and this
    isn't up to the standards that I, at least, have been demanding of
    documents from other areas."

WG members interested in forward progress of the core drafts should
take the time to read draft-iab-sec-cons-03 and send suggested text to
the list..

						- Bill

Follow-Ups:
- Re: IESG feedback on core drafts.
  - From: Joseph Galbraith

Prev by Date: Re: WGLC ending 2/21/2003: draft-ietf-secsh-dns-02.txt
Next by Date: I-D ACTION:draft-ietf-secsh-dh-group-exchange-03.txt
Previous by Thread: define string
Next by Thread: Re: IESG feedback on core drafts.
Indexes:

Home | Main Index | Thread Index | Old Index