Re: WG Last Call on draft-ietf-secsh-publickey-subsystem-02

[der Mouse <mouse%Rodents.Montreal.QC.CA@localhost>]

>> [various minor criticisms of publickey-subsystem-02]
> [replies]

Looks good; see my comments on publickey-subsystem-03 for more.

>> There also is no provision for cases such as imposing certain hosts'
>> presence or absence in (say) the "agent" list.
> I presume you mean the "from" list?

I actually meant the agent list, but it was just an example; similar
remarks apply to the from list.

> For presence, I again don't see the case where an admin wants this.

Neither do I, but I'm not confident there are none.

I suppose, though, that anyone who has such desires will probably be
ready to ignore anything in the spec that seems to forbid that.

>> In 5.2.1, there is a restriction in that the length limit applies
>> even to domain-localized names.  This seems semi-broken, since FQDNs
>> can be relatively long (though 64 seems generous now, I have little
>> confidence it will remain so - I already have a private name 43
>> characters long).
> You also have one 22 characters long, though
> (rodents.montreal.qc.ca).

By "private name" I meant a domain-localized name.  The longest name I
have in use is fixed-forwarded-tcpip%rodents.montreal.qc.ca@localhost, which is
44 characters long (43 was probably a mistake on my part).

64 is probably safe for the foreseeable future, though I am put in mind
of etdomenenavnkanmaksimaltinneholdesekstitrebokstaversliksomdette.com
(which is already 67 characters long).  While its holder(s) probably
aren't working on ssh, and obviously chose the name for its length
(given the meaning), it's still already over the limit.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse%rodents.montreal.qc.ca@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B