IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

draft minutes from IETF57 secure shell meeting.



Send comments/corrections/etc to me by next week..

					- Bill

Secure Shell WG Meeting - IETF 57 - 7/16/2003

Chair: Bill Sommerfeld

Summary of IETF57 Secure Shell WG meeting.

The actual meeting was short, mostly largely of document status
updates.  Attendance was very light.  There was brief discussion of
open issues with several of the documents.  One document is now in the
IESG's hands: draft-ietf-secsh-dns-04.txt (SSH key fingerprints in
DNS).  The core draft update to resolve IESG issues missed publication
deadline for this meeting, but editing is now done and the documents
should reappear shortly.  This will hopefully break the logjam and get
the rest of the documents moving.

There are few open issues at present -- mostly editorial nits.

Starting with this IETF, the AD has requested that I list the actions
expected before the next IETF meeting (November 9-14, 2003, in
Minneapolis).

Expected within next month:			  [responsible party]
	Creation of issue tracking database for the WG.	 [chair]

	core drafts reissued with revised sec-cons	 [moffat]

	draft-ietf-secsh-dh-group-exchange-04.txt	 [provos/friedl]
		reissued with nit fixed		         [provos/friedl]
		to AD for IETF-wide Last Call		 [chair]

	core drafts back to IESG review.		 [chair]
	
	Completion of WG last call period on
		draft-ietf-secsh-gsskeyex-06.txt	 [jhutz]
		draft-ietf-secsh-auth-kbdinteract-05.txt [cusack/forssen]

Expected before next IETF:

	Reissue of extensions drafts with WG chair's nits fixed, and
	run WG last call:

		draft-ietf-secsh-break-00.txt		 [galbraith/remaker]
		draft-ietf-secsh-filexfer-04.txt	 [galbraith]	
		draft-ietf-secsh-fingerprint-01.txt	 [friedl]
		draft-ietf-secsh-publickeyfile-03.txt	 [galbraith]

	Discussion and resolution of technical issues with extension drafts:

		draft-ietf-secsh-agent-01		 [lehtinen]

			Issue: moving keys to root agent vs. moving
			requests to keys.

		draft-ietf-secsh-newmodes-00.txt 	 [kohno]

			Issue: Tweak/prune algorithm list?


	Discussion of whether to accept individual submissions as WG items:

		draft-galb-secsh-publickey-subsystem-01.txt [mcclure]

Detailed minutes:

WG Chair Bill Sommerfeld opened the meeting with the traditional agenda
bashing/blue sheet dispersal.

Bill said that he sent a flurry of email out last night, saying that
he believes most of the documents are ready for the IESG.

General items:

	- WG Chair was busy since the last IETF.
	- Chair would like to use an issue tracking system (if anyone has
	  preferences, let him know) 
	[Subsequent to this, we adopted RT, at rt.psg.com]
	- Flurry of notes last night included various nits.

Recent active discussions

	- File Transfer Performance (mostly resolved)
	  - Pipelining the requests
	  - Use large channel windows

	- GSS Key Exchange Nits
	  - Comments from the document author? (none)

General nits for all drafts:

	- References split (normative/nonnormative)
	  - Claim is that this helps documents move faster once they leave
	    the IESG (this helps out RFC editor).

	- Security considerations section
	  - Looks REALLY lame if the security area forgets that
	  - IESG has gotten really picky lately.

	- IANA Considerations sections

	- ID Nits - see ID-Nits web page

	- IPR references if made need to follow 2026
	  - IETF dos not make judgements on IPR claims
	  - BAD: There is a patent/trademark
	  - GOOD: "There may be IPR claims"

Core Drafts:

	- Bounced from IESG for security considerations work

	- Revised sections drafted and last-called

	- Just missed deadline for this IETF (DSL failure delayed them)

	- All five sent out late Monday
	  (one bounced, will be resent)

	- One more nit found (X11 cookies)

	- Will be sent to IESG once remaining items are cleaned up.

draft-ietf-secsh-dns-04.txt

	- Survived IETF-wide Last Call

	- Stuck somewhere in IESG - unjammed by AD

Other extensions drafts revised to fix nits:

	Keyboard-interactive
	- Now has a security-considerations section
	- Started WGLC last night

	GSSAPI - Started WGLC

	DH Group Exchange
	- Lost somewhere in the wash before last IETF
	- Needed references split, done by authors

Still in need of revisions:

	Public key file format - missing security considerations

	SSH Fingerprint Format

	Agent Forwarding - Should be implementable, and the usual nits

	File Transfer - Usual nits, and vaguer IPR text

Issue tracking:

	Several systems out there being used successfully:

	- Bugzilla (Chair believes that is too complex)
	- RT (run by Randy Bush)
	- Roundup
	  - Seems to use termology that matches IETF process, might be
	    worth a closer look

	Strong options/preferences, please notify WG chair.

	Jeff Hutzelman: Noted that KRB-WG tried to use RT for issue
	tracking, and we fell flat on our face.  Needs strong direction
	from WG leadership

	Sam H: Note that if your process is already working, an issue tracker
	may slow you down.

	Paul Hoffman: In IPsec, one person controls the issue tracker,
	instead of document authors, and it works well.

	Bill notes that part of the motivation is to give him a list of
	things to bug document authors.

New modes/transport fixes:

	- draft-ietf-secsh-newmodes-00.txt

	- Submitted by Tadayoshi Kohno (tkohno%cs.ucsd.edu@localhost)

	- Usual nits, needs a respin

	- Opinions of working group: Should we go this way? (lots of
	  algorithms versus few).  WG members should send comments
	  to the list.

	Jeff Hutzelman notes that a lot of algorithms are recommended:
	do we really need all of them?

GSSAPI:

	Document author thinks it's done, so WGLC has been started.

	Significant keyex discussion (claimed problems with gss-keyex
	negotiation and keyex and in general).

	Jeff H: Admits that he's been lame and hasn't followed the
	discussion.

	Bill: Sounds like a task for Jeff for next time.

File Transfer:

	Significant discussion of performance problems; seems like that's
	been resolved, so this is getting close.

Agent forwarding:

	If you do agent forwarding to a remote host, it pushes the long-term
	public key to the remote system.  Draft is silent on this issue.
	Bill says at the very least the draft should talk about this
	issue.

"Please send draft":

	X509/PKIX support: Steve Hanna
	Line mode - Thor Simon
	Performance analysis - Bill Squier

With no further comments, Bill closed the meeting.



Home | Main Index | Thread Index | Old Index