Re: draft-ietf-secsh-gss-keyex and null host keys

To: Sam Hartman <hartmans-ietf%mit.edu@localhost>
Subject: Re: draft-ietf-secsh-gss-keyex and null host keys
From: Bill Sommerfeld <sommerfeld%sun.com@localhost>
Date: Tue, 12 Apr 2005 23:12:53 -0400

On Tue, 2005-04-12 at 10:38, Sam Hartman wrote:
> >>>>> "Bill" == Bill Sommerfeld <sommerfeld%sun.com@localhost> writes:
> 
>     Bill> (and complicating #1 is the interaction with the SSH DNS
>     Bill> fingerprint document, because that *is* a way of securely
>     Bill> exchanging the fingerprints out of band, at least if dnssec
>     Bill> is turned on...)
> 
> I'd argue that gss-authenticated keys are out-of-band in the same
> sense that the dns document is.  The signed key is exchanged by a
> mechanism that does not depend on that key being a trust anchor for
> the security of the exchange.  I.E. in one case my trust anchor is
> some DNS related key, in another case it is a Kerberos key or some
> other GSS credential

if there are multiple potential sources for a given host's key, they
could disagree.

at the very least we need to provide a clue to implementors for what to
do in the event of a disagreement between allegedly-authoritative
sources of information on the host-to-host-key binding.

						- Bill

Follow-Ups:
- Re: draft-ietf-secsh-gss-keyex and null host keys
  - From: Sam Hartman

References:
- Re: draft-ietf-secsh-gss-keyex and null host keys
  - From: Jeffrey Hutzelman
- Re: draft-ietf-secsh-gss-keyex and null host keys
  - From: Jeffrey Hutzelman
- Re: draft-ietf-secsh-gss-keyex and null host keys
  - From: Bill Sommerfeld
- Re: draft-ietf-secsh-gss-keyex and null host keys
  - From: Sam Hartman

Prev by Date: Re: draft-ietf-secsh-gss-keyex and null host keys
Next by Date: Re: draft-ietf-secsh-gss-keyex and null host keys
Previous by Thread: Re: draft-ietf-secsh-gss-keyex and null host keys
Next by Thread: Re: draft-ietf-secsh-gss-keyex and null host keys
Indexes:

Home | Main Index | Thread Index | Old Index