Re: FW: SCP/SFTP/SSH URI Format Draft Update

To: "Joseph Salowey" <jsalowey%cisco.com@localhost>
Subject: Re: FW: SCP/SFTP/SSH URI Format Draft Update
From: Bill Sommerfeld <sommerfeld%sun.com@localhost>
Date: Sun, 16 Nov 2003 17:48:47 -0500

[oops, you just sent in the draft.  murphy's law in action..]

[WG chair hat off]

Nit:

   The URIs for SFTP and SCP are hierarcical URIs where each component  

I think you mean "hierarchical".

Content:

   The fingerprint MAY be used to validate the 
   authenticity of the host key if the URL was obtained from an 
   authenticated source with its integrity protected.  

awkward wording.  how about:

   The fingerprint MAY be used to validate the authenticity of the
   host key if the URL was obtained from a trusted source.  

Yes, "trusted" is overloaded.  The text as written would disallow an
embedded system from using the fingerprint part of a URI if it was,
for example, burned into a boot image..
   
This one I'm taking issue with:

   There MUST be only one fingerprint parameter per host-key-alg for a
   given URL. 

I'm sure there's a good reason for this restriction, but I don't see
it offhand.  Seems like having multiple fingerprints would allow for
graceful host-key rollover...

					- Bill

Follow-Ups:
- RE: FW: SCP/SFTP/SSH URI Format Draft Update
  - From: Joseph Salowey

Prev by Date: Re: additional core draft nits in need of WG attention.
Next by Date: Re: additional core draft nits in need of WG attention.
Previous by Thread: Comments on DH-GEX draft
Next by Thread: RE: FW: SCP/SFTP/SSH URI Format Draft Update
Indexes:

Home | Main Index | Thread Index | Old Index