New Proposal for Section 11.2.3 Local Security Policy

To: ietf-ssh%netbsd.org@localhost
Subject: New Proposal for Section 11.2.3 Local Security Policy
From: Chris Lonvick <clonvick%cisco.com@localhost>
Date: Wed, 14 May 2003 13:49:58 -0700 (PDT)

Hi,

Continuing on with Section 11.2.3.  Please comment.

Thanks,
Chris

=====================================================================

11.2.3 Local Security Policy

   Implementer MUST ensure that the credentials provided validate the
   professed user and also MUST ensure that the local policy of the
   server permits the user the access requested.  In particular,
   because of the flexible nature of the SSH connection protocol, it may
   not be possible to determine the local security policy, if any, that
   should apply at the time of authentication because the kind of service
   being requested is not clear at that instant. For example, local
   policy might allow a user to access files on the server, but not start
   an interactive shell. However, during the authentication protocol, it
   is not known whether the user will be accessing files or attempting to
   use an interactive shell, or even both.  In any event, where local
   security policy for the server host exists, it MUST be applied and
   enforced correctly.

   Implementors are encouraged to provide a default local policy and
   make its parameters known to administrators and users.  At the
   discretion of the implementors, this default policy may be along the
   lines of 'anything goes' where there are no restrictions placed upon
   users, or it may be along the lines of 'excessively restrictive' in
   which case the administrators will have to actively make changes to
   this policy to meet their needs.  Alternatively, it may be some
   attempt at providing something practical and immediately useful to the
   administrators of the system so they don't have to put in much effort
   to get SSH working.  Whatever choice is made MUST be applied and
   enforced as required above.

---Notes---

[Nico:  What if no policy is available?

---Joseph---vv
Then there is nothing to enforce?

   ---Nico---vv
   The implementation MUST provide a default policy, either the "null"
   policy (anything goes) or a highly restrictive policy (the client can
   establish an SSHv2 connection but do nothing with it other than close
   it :).
   ---Nico---^^

Perhaps we should say,
  In any event, where local security policy for the server host exists,
  it MUST be applied and enforced correctly.

and sprinkle a few 'if any' around judiciously.
---Joseph---^^

---Nico---vv
Sure.
---Nico---^^

---Ran---vv
Those proposed edits seem reasonable to me.
---Ran---^^

Follow-Ups:
- New Proposal for Section 11.1.3 Replay
  - From: Chris Lonvick

References:
- Re: Comments on the reviesed Security Section open issues.
  - From: Heikki Nousiainen

Prev by Date: New Proposal for Section 11.3.3 X11 Forwarding
Next by Date: New Proposal for Section 11.1.3 Replay
Previous by Thread: Re: Comments on the reviesed Security Section open issues.
Next by Thread: New Proposal for Section 11.1.3 Replay
Indexes:

Home | Main Index | Thread Index | Old Index