IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: draft-ietf-secsh-gss-keyex and null host keys



On Mon, 2005-04-11 at 14:47, Jeffrey Hutzelman wrote:
> On Thursday, March 31, 2005 02:51:21 PM -0500 Jeffrey Hutzelman 
> <jhutz%cmu.edu@localhost> wrote:
> 
> > I'm adding the following text to the next version of the draft:
> 
> Well, there's been some discussion on this issue, and I can't add any text 
> without a consensus.  Bill?

i'm not sure we have consensus but don't let that stop you from
resurrecting the draft.  wg last call is when consensus really matters
and I may be the outlyer here.

we have a conflict between:
 1) the true paranoids who exchange server keys or key hashes out of
band.
vs
 2) the average guy who "just says yes".

(and complicating #1 is the interaction with the SSH DNS fingerprint
document, because that *is* a way of securely exchanging the
fingerprints out of band, at least if dnssec is turned on...)

						- Bill





Home | Main Index | Thread Index | Old Index