IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: IESG feedback on core drafts.
In message <000501c2e999$29c4d9f0$4d00a8c0%galb.vandyke.com@localhost>, "Joseph Galbraith
" writes:
>Well, I'm not sure if this is what we need or not, but
>here is my first stab--
>
....
>
>Is this what is needed, or am I way off track?
>
Very nice. There's one more point I want mentioned, aside from
Bill's suggestions: a caveat about the dangers of using forwarding
(of ports, X11, or the authentication agent) to machines that
aren't trustworthy. (Some of that should, perhaps, be in -connect
instead, since there's already related text.)
One more thing, and this is probably my own experiences talking:
suggest that implementations provide a simple way for a logged-in
client to retrieve the fingerprint of the host's key, as well as
the stored fingerprint. Furthermore, this should be done in a
way that's hard for a MITM attacker to spoof. The idea is that
sometimes, you log in to a new machine -- but then you'd like to
verify that the key you just accepted indeed matches what's stored
on the new machine. (Ideally, there's be something involving,
say, the Interlock Protocol, but that's a job for a new document,
not for Security Considerations in this one.)
Home |
Main Index |
Thread Index |
Old Index