Re: IESG feedback on core drafts.

To: "Joseph Galbraith" <galb-list%vandyke.com@localhost>
Subject: Re: IESG feedback on core drafts.
From: "Steven M. Bellovin" <smb%research.att.com@localhost>
Date: Sat, 15 Mar 2003 20:16:36 -0500

In message <000501c2e999$29c4d9f0$4d00a8c0%galb.vandyke.com@localhost>, "Joseph Galbraith
" writes:
>Well, I'm not sure if this is what we need or not, but
>here is my first stab--
>
....
>
>Is this what is needed, or am I way off track?
>

Very nice.  There's one more point I want mentioned, aside from
Bill's suggestions:  a caveat about the dangers of using forwarding
(of ports, X11, or the authentication agent) to machines that
aren't trustworthy.  (Some of that should, perhaps, be in -connect
instead, since there's already related text.)

One more thing, and this is probably my own experiences talking:
suggest that implementations provide a simple way for a logged-in
client to retrieve the fingerprint of the host's key, as well as
the stored fingerprint.  Furthermore, this should be done in a
way that's hard for a MITM attacker to spoof.  The idea is that
sometimes, you log in to a new machine -- but then you'd like to
verify that the key you just accepted indeed matches what's stored
on the new machine.  (Ideally, there's be something involving,
say, the Interlock Protocol, but that's a job for a new document,
not for Security Considerations in this one.)

Follow-Ups:
- Re: IESG feedback on core drafts.
  - From: Bill Sommerfeld

References:
- Re: IESG feedback on core drafts.
  - From: Joseph Galbraith

Prev by Date: Re: IESG feedback on core drafts.
Next by Date: Re: IESG feedback on core drafts.
Previous by Thread: Re: IESG feedback on core drafts.
Next by Thread: Re: IESG feedback on core drafts.
Indexes:

Home | Main Index | Thread Index | Old Index