IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: IESG feedback on core drafts.



RJ Atkinson <rja%extremenetworks.com@localhost> wrote:

> Generally speaking, the goal of the Security Considerations section
> ought to be to:
[...]
>     - leave the reader of the document with a clear and accurate
>       understanding of what the deployment risks are, so that
>       an operator/user can make an informed decision about
>       whether to deploy/use the technology in the RFC

Quite so. And hence, if PK authentication is a useful means of
mitigating host key risks in some but not all situations, it seems
important to the reader's clear and accurate understanding that they
should be aware of which situations are which.

Cheers,
Simon
-- 
Simon Tatham         "I'm cross. I'm going to have a tantrum.
<anakin%pobox.com@localhost>    <pause> How do I start?"            - my uncle



Home | Main Index | Thread Index | Old Index