IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Draft secsh minutes from IETF61
Send comments/corrections/omissions to me.
Draft minutes from Secure Shell WG meeting at IETF61.
We met for an hour on Tuesday, November 9th, 2004.
We haven't met in about a year, mostly because the core documents have
been delayed by a combination of a busy document editor and a number of
process issues connected to the switch from RFC2026 to RFC3667/3668.
During these offline discussions it became clear that RFC3667 has a
bug in that it does not specify precisely *how* the trademark
references it requires should appear in RFCs. The IESG has asked the
IPR working group to clarify this question, and we are now waiting for
the resolution.
We reviewed a short list of relatively minor issues, mostly
editorial/clarification; perhaps the most significant is that, at the
advice of Sam Hartman (new security AD) we've tentatively decided to
reference the SASL stringprep profile (currently in the RFC editor
queue) for UTF8-encoded login names and passwords (this is believed to
have relatively little or no impact on the deployed base).
The specific issue list and proposed resolutions from the meeting have
already been sent to the WG, and are repeated at the end of this
document.
Once the trademark-reference clarification is resolved we believe the
documents should be ready to finally pass the IESG.
Core Draft Issue summary:
(see https://rt.psg.com, username "ietf", password "ietf" for
read-only access; contact WG chair for read-write access).
ticket 440, 441, 450: close, edits complete.
ticket 453: WG chair to identify stable reference for sshv1
(sent to list recently)
ticket 454: explicitly grandfather 3DES
Editor to insert text equivalent to:
NOTE: There is a known attack on 3-key 3DES involving
2^112 space and 2^56 time; however, for the purposes of this
requirement 3DES is considered to be strong enough.
ticket 461 (implicit server auth):
Editor to dig up clarification from list archives,
insert into document.
ticket 462: different algs in each direction
proposal: allow but discourage; Editor to supply text.
ticket 463: login timeout
proposal: no change to document
rationale:
- 10 minutes is shorter than typical SMTP listener idle timeout
- user interaction is covered in this timeout (entering
passwords, etc.,; as a result there may be accessibility
requirements
for slow typers..)
- implementations will likely have knobs to adjust this
ticket 464: utf8:
utf8 requires input canonicalization; stringprep of usernames
and passwords was previously solved by SASL in
draft-ietf-sasl-saslprep-10.txt (in RFC Editor Queue, EDIT
state)
Rather than reinvent the wheel, just cite it.
ticket 465: close. was request for consulting
ticket 474: x509: remove x509-related text. joe galbraith to supply
followup I-D documenting what they do for x509
ticket 460, 601: no consensus on list.
flipped coin, heads for "group2", tails for "group14",
came up tails
will stick with diffie-hellman-group14-sha1
Home |
Main Index |
Thread Index |
Old Index