Re: Implicit server authentication: Proposed clarification

To: galb-list%vandyke.com@localhost, nisse%lysator.liu.se@localhost
Subject: Re: Implicit server authentication: Proposed clarification
From: pgut001%cs.auckland.ac.nz@localhost (Peter Gutmann)
Date: Fri, 28 Nov 2003 04:55:57 +1300

nisse%lysator.liu.se@localhost (Niels =?iso-8859-1?q?M=F6ller?=) writes:

>Peter complained earlier about the chattyness of the userauth protocol, but
>it doesn't have to be chatty. The client can send a password or public
>userauth key + signature immediately after the SERVICE_REQUEST packet,
>perhaps in the same IP packet. That way, one can connect and login using a
>fairly small number of roundtrips, which I believe was one of the original
>design goals.

That was my concern, you can save 1RTT by bundling the service request with
the userauth, so you've already sent the password before you get a reply to
the service request confirming the correct crypto/MAC keys.

>So I propose the following change to the final paragraph of section 6, Key
>Exchange:

Looks good, it'll clear up the ambiguity in the current text.  One small
comment, it may be worth adding a note to the effect that "Clients concerned
about potential exposure of sensitive data MAY choose to wait until they
receive and verify the service-request response from the server to verify that
client and server share the same encryption and MAC keys before sending
further messages", not so much because it's a critical security item but to
let readers know that the issue has been considered during the protocol design
process and isn't regarded as a serious problem.

Peter.

Prev by Date: Re: I-D ACTION:draft-ietf-secsh-scp-sftp-ssh-uri-01.txt
Next by Date: Problems with draft
Previous by Thread: sftp message lost in the spam filter..
Next by Thread: Problems with draft
Indexes:

Home | Main Index | Thread Index | Old Index