Re: draft-ietf-secsh-gss-keyex and null host keys

To: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>
Subject: Re: draft-ietf-secsh-gss-keyex and null host keys
From: Bill Sommerfeld <sommerfeld%sun.com@localhost>
Date: Mon, 11 Apr 2005 20:49:08 -0400

On Mon, 2005-04-11 at 14:47, Jeffrey Hutzelman wrote:
> On Thursday, March 31, 2005 02:51:21 PM -0500 Jeffrey Hutzelman 
> <jhutz%cmu.edu@localhost> wrote:
> 
> > I'm adding the following text to the next version of the draft:
> 
> Well, there's been some discussion on this issue, and I can't add any text 
> without a consensus.  Bill?

i'm not sure we have consensus but don't let that stop you from
resurrecting the draft.  wg last call is when consensus really matters
and I may be the outlyer here.

we have a conflict between:
 1) the true paranoids who exchange server keys or key hashes out of
band.
vs
 2) the average guy who "just says yes".

(and complicating #1 is the interaction with the SSH DNS fingerprint
document, because that *is* a way of securely exchanging the
fingerprints out of band, at least if dnssec is turned on...)

						- Bill

Follow-Ups:
- Re: draft-ietf-secsh-gss-keyex and null host keys
  - From: Sam Hartman

References:
- Re: draft-ietf-secsh-gss-keyex and null host keys
  - From: Jeffrey Hutzelman
- Re: draft-ietf-secsh-gss-keyex and null host keys
  - From: Jeffrey Hutzelman

Prev by Date: Re: draft-ietf-secsh-gss-keyex and null host keys
Next by Date: Re: draft-ietf-secsh-gss-keyex and null host keys
Previous by Thread: Re: draft-ietf-secsh-gss-keyex and null host keys
Next by Thread: Re: draft-ietf-secsh-gss-keyex and null host keys
Indexes:

Home | Main Index | Thread Index | Old Index