IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

draft-ietf-secsh-gsskeyex-06.txt security considerations



I'd like to propose adding the following text to
draft-ietf-secsh-gsskeyex-06.txt after the end of the paragraph in the
security considerations section that starts with ``The key exchange
method described in section 1'':

   However, the security of the key exchange does not require that the
   GSSAPI mechanism provide any replay detection.

I also notice that the key exchange mechanism is actually discussed in
section 2 and not section 1.

And it seems somewhat asymetrical that security considerations talks
about the required properties of a GSSAPI mechanism used for key
exchange, but says nothing about user authentication.

However, it also might be cleaner, if some security considerations are
sprinkled throughout the document, to move all security considerations
to the body of the document.



Home | Main Index | Thread Index | Old Index