draft-ietf-secsh-gsskeyex-06.txt security considerations

To: ietf-ssh%netbsd.org@localhost
Subject: draft-ietf-secsh-gsskeyex-06.txt security considerations
From: "Joel N. Weber II" <ietf-secsh%joelweber.com@localhost>
Date: Mon, 14 Jul 2003 11:52:52 -0400

I'd like to propose adding the following text to
draft-ietf-secsh-gsskeyex-06.txt after the end of the paragraph in the
security considerations section that starts with ``The key exchange
method described in section 1'':

   However, the security of the key exchange does not require that the
   GSSAPI mechanism provide any replay detection.

I also notice that the key exchange mechanism is actually discussed in
section 2 and not section 1.

And it seems somewhat asymetrical that security considerations talks
about the required properties of a GSSAPI mechanism used for key
exchange, but says nothing about user authentication.

However, it also might be cleaner, if some security considerations are
sprinkled throughout the document, to move all security considerations
to the body of the document.

Follow-Ups:
- Re: draft-ietf-secsh-gsskeyex-06.txt security considerations
  - From: Nicolas Williams

Prev by Date: Re: Why SFTP performance sucks, and how to fix it
Next by Date: Re: draft-ietf-secsh-gsskeyex-06.txt security considerations
Previous by Thread: Publickey subsystem draft posted
Next by Thread: Re: draft-ietf-secsh-gsskeyex-06.txt security considerations
Indexes:

Home | Main Index | Thread Index | Old Index