IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: I-D ACTION:draft-ietf-secsh-scp-sftp-ssh-uri-00.txt



On Wed, Aug 13, 2003 at 11:20:55AM -0700, Joseph Salowey wrote:
> > I don't think explicitly specifying port 22 in all cases
> > where the URL doesn't specify a port number is correct; what
> > about SRV DNS records?
> [Joe] So the suggestion would be something like:
> 
> If the URL doesn't specify a port number the it should check for a SRV
> DNS record if it is available, if it is not then it should use port 22.

Then you need to describe this in detail (e.g., SRV RR naming).  And the
fact that DNS is often deployed in insecure configurations is definitely
something to point out in the security considerations section - that is,
if the SRV lookup cannot be done securely then 22 should be used, IMO.

Cheers,

Nico
-- 



Home | Main Index | Thread Index | Old Index