Draft secsh minutes from IETF61

To: ietf-ssh%netbsd.org@localhost
Subject: Draft secsh minutes from IETF61
From: Bill Sommerfeld <sommerfeld%sun.com@localhost>
Date: Tue, 23 Nov 2004 17:33:17 -0500

Send comments/corrections/omissions to me.

Draft minutes from Secure Shell WG meeting at IETF61.

We met for an hour on Tuesday, November 9th, 2004.

We haven't met in about a year, mostly because the core documents have
been delayed by a combination of a busy document editor and a number of
process issues connected to the switch from RFC2026 to RFC3667/3668.

During these offline discussions it became clear that RFC3667 has a
bug in that it does not specify precisely *how* the trademark
references it requires should appear in RFCs.  The IESG has asked the
IPR working group to clarify this question, and we are now waiting for
the resolution.

We reviewed a short list of relatively minor issues, mostly
editorial/clarification; perhaps the most significant is that, at the
advice of Sam Hartman (new security AD) we've tentatively decided to
reference the SASL stringprep profile (currently in the RFC editor
queue) for UTF8-encoded login names and passwords (this is believed to
have relatively little or no impact on the deployed base).

The specific issue list and proposed resolutions from the meeting have
already been sent to the WG, and are repeated at the end of this
document.

Once the trademark-reference clarification is resolved we believe the
documents should be ready to finally pass the IESG.

Core Draft Issue summary:
	(see https://rt.psg.com, username "ietf", password "ietf" for
	read-only access; contact WG chair for read-write access).

ticket 440, 441, 450: close, edits complete.

ticket 453: WG chair to identify stable reference for sshv1
        (sent to list recently)

ticket 454: explicitly grandfather 3DES
        Editor to insert text equivalent to:

        NOTE: There is a known attack on 3-key 3DES involving
        2^112 space and 2^56 time; however, for the purposes of this
        requirement 3DES is considered to be strong enough.

ticket 461 (implicit server auth): 
        Editor to dig up clarification from list archives, 
        insert into document.

ticket 462: different algs in each direction
        proposal: allow but discourage; Editor to supply text.

ticket 463: login timeout
        proposal: no change to document

        rationale:
        - 10 minutes is shorter than typical SMTP listener idle timeout
        - user interaction is covered in this timeout (entering
        passwords, etc.,; as a result there may be accessibility
requirements
        for slow typers..)
        - implementations will likely have knobs to adjust this

ticket 464: utf8:
        utf8 requires input canonicalization; stringprep of usernames
        and passwords was previously solved by SASL in
        draft-ietf-sasl-saslprep-10.txt (in RFC Editor Queue, EDIT
state)

        Rather than reinvent the wheel, just cite it.

ticket 465: close.  was request for consulting

ticket 474: x509: remove x509-related text.  joe galbraith to supply
        followup I-D documenting what they do for x509

ticket 460, 601:  no consensus on list.
        flipped coin, heads for "group2", tails for "group14", 
        came up tails

        will stick with diffie-hellman-group14-sha1

Prev by Date: new drafts
Next by Date: SFTP text open and EBCDIC
Previous by Thread: new drafts
Next by Thread: SFTP text open and EBCDIC
Indexes:

Home | Main Index | Thread Index | Old Index