Re: Ambiguities in section 3.1 of the keyboard-interactive draft

[pgut001%cs.auckland.ac.nz@localhost (Peter Gutmann)]

Martin Forssen <maf%appgate.com@localhost> writes:

>It is very true that the draft assumes that. A fair indicator is that the
>name contains the word "interactive".

I just assumed that was historical baggage, and because draft-ietf-secsh-auth-
everything-imaginable-except-password-and-publickey.txt would be too long for
the IETF drafts directory.  In any case the proper title is actually "Generic
Message Exchange Authentication", which is a more accurate description of how
it's being used.

>My rationale when starting to do this was that I had a new authentication
>token (cryptocard) which I wanted to use but I realized that I would have to
>upgrade all my clients to add support for it. And when another token came out
>I would have to upgrade again. I wanted to design a protocol so we could add
>new authentication methods without having to modify the installed client
>base.

Fair enough.  Since it's now being used as a kitchen-sink authentication
mechanism though, it would be good to at least have an implementation-
considerations section on non-interactive auth, warning implementors that (for
example) unless they absolutely know there'll always be a real user at the
other end, they should be careful to avoid creating things that require humans
in the loop.  SSH is being used in all sorts of embedded devices and whatnot
where there's no user to handle arbitrary requests, without appropriate
cautions people may be shipping systems that break in this environment when a
small amount of forethought could prevent this.

Peter.