Re: I-D ACTION:draft-ietf-secsh-scp-sftp-ssh-uri-00.txt

To: Joseph Salowey <jsalowey%cisco.com@localhost>
Subject: Re: I-D ACTION:draft-ietf-secsh-scp-sftp-ssh-uri-00.txt
From: Nicolas Williams <Nicolas.Williams%sun.com@localhost>
Date: Wed, 13 Aug 2003 14:35:18 -0700

On Wed, Aug 13, 2003 at 11:20:55AM -0700, Joseph Salowey wrote:
> > I don't think explicitly specifying port 22 in all cases
> > where the URL doesn't specify a port number is correct; what
> > about SRV DNS records?
> [Joe] So the suggestion would be something like:
> 
> If the URL doesn't specify a port number the it should check for a SRV
> DNS record if it is available, if it is not then it should use port 22.

Then you need to describe this in detail (e.g., SRV RR naming).  And the
fact that DNS is often deployed in insecure configurations is definitely
something to point out in the security considerations section - that is,
if the SRV lookup cannot be done securely then 22 should be used, IMO.

Cheers,

Nico
--

Follow-Ups:
- Re: I-D ACTION:draft-ietf-secsh-scp-sftp-ssh-uri-00.txt
  - From: Joel N. Weber II

References:
- Re: I-D ACTION:draft-ietf-secsh-scp-sftp-ssh-uri-00.txt
  - From: Joel N. Weber II
- RE: I-D ACTION:draft-ietf-secsh-scp-sftp-ssh-uri-00.txt
  - From: Joseph Salowey

Prev by Date: Re: Please publish attached draft-ietf-secsh-break-01
Next by Date: Re: I-D ACTION:draft-ietf-secsh-scp-sftp-ssh-uri-00.txt
Previous by Thread: RE: I-D ACTION:draft-ietf-secsh-scp-sftp-ssh-uri-00.txt
Next by Thread: Re: I-D ACTION:draft-ietf-secsh-scp-sftp-ssh-uri-00.txt
Indexes:

Home | Main Index | Thread Index | Old Index