RE: FW: SCP/SFTP/SSH URI Format Draft Update

To: <sommerfeld%sun.com@localhost>
Subject: RE: FW: SCP/SFTP/SSH URI Format Draft Update
From: "Joseph Salowey" <jsalowey%cisco.com@localhost>
Date: Mon, 17 Nov 2003 11:00:20 -0800

> [oops, you just sent in the draft.  murphy's law in action..]
> 
> [WG chair hat off]
> 
> Nit:
> 
>    The URIs for SFTP and SCP are hierarcical URIs where each 
> component  
> 
> I think you mean "hierarchical".
> 
> Content:
> 
>    The fingerprint MAY be used to validate the 
>    authenticity of the host key if the URL was obtained from an 
>    authenticated source with its integrity protected.  
> 
> awkward wording.  how about:
> 
>    The fingerprint MAY be used to validate the authenticity of the
>    host key if the URL was obtained from a trusted source.  
> 
> Yes, "trusted" is overloaded.  The text as written would 
> disallow an embedded system from using the fingerprint part 
> of a URI if it was, for example, burned into a boot image..
>  

[Joe] OK, makes sense.

  
> This one I'm taking issue with:
> 
>    There MUST be only one fingerprint parameter per host-key-alg for a
>    given URL. 
> 
> I'm sure there's a good reason for this restriction, but I 
> don't see it offhand.  Seems like having multiple 
> fingerprints would allow for graceful host-key rollover...
> 
[Joe] I'm not sure we had a good reason to limit it. At least I can't
think of one now.  Unless someone has an objection I think we can allow
this.

> 					- Bill
>

Follow-Ups:
- Re: FW: SCP/SFTP/SSH URI Format Draft Update
  - From: Steve Suehring

References:
- Re: FW: SCP/SFTP/SSH URI Format Draft Update
  - From: Bill Sommerfeld

Prev by Date: Re: sftp-server
Next by Date: Clarification regarding x-authentication
Previous by Thread: Re: FW: SCP/SFTP/SSH URI Format Draft Update
Next by Thread: Re: FW: SCP/SFTP/SSH URI Format Draft Update
Indexes:

Home | Main Index | Thread Index | Old Index