RE: Formal consultation prior to closing the secsh working group

To: "Sam Hartman" <hartmans-ietf%mit.edu@localhost>, <ietf-ssh%netbsd.org@localhost>
Subject: RE: Formal consultation prior to closing the secsh working group
From: "Richard Whalen" <Whalenr%process.com@localhost>
Date: Mon, 31 Jul 2006 09:16:38 -0400

> -----Original Message-----
> From: ietf-ssh-owner%NetBSD.org@localhost [mailto:ietf-ssh-owner%NetBSD.org@localhost]On
> Behalf Of Sam Hartman
> Sent: Saturday, July 29, 2006 7:15 PM
> To: ietf-ssh%netbsd.org@localhost
> Cc: housley%vigilsec.com@localhost
> Subject: Formal consultation prior to closing the secsh working group
> 
:  
> 
> I'm very concerned about the filexfer draft.  It is well on the way to
> becoming a filesystem, not just an ftp-like protocol.  I am concerned
> that we don't have enough reviewers to manage the complexity of the
> draft and to force us to make hard decisions about what features we
> really need.  Instead, we're close to including everything.  I have
> received several private comments to this effect.  I am not sure that
> we have the skill set necessary to design and review a filesystem
> document and I think that is what filexfer is becoming.

The Filexfer draft was never a ftp-like protocol.  It was originally a
file access protocol that was missing a text access method.  After the
text access method got added it has moved towards becoming a file system
protocol.

I feel that the filexfer draft has grown so much that many don't have
the resources to implement the current drafts, hence many implementations
are still a few versions back.

I feel that there is a significant need for the technology though and
would like to see a protocol for the transfer of file data over SSH
standardized.  Secsh may not be the right place for this.  SSH may be
well enough established that people can think of it as a transport and
that the proper protocol can be developed in the applications area.

I would also like to see the Publickey Subsystem standardized, because
I believe that there is a need for it, though fewer people realize it
because the process of setting up authorization keys is done infrequently.
Perhaps its need will become more evident when the security experts
start enforcing the idea that such keys should have expiration dates.


----------------
Richard Whalen
Process Software

Follow-Ups:
- Re: Formal consultation prior to closing the secsh working group
  - From: Nicolas Williams

Prev by Date: Re: Formal consultation prior to closing the secsh working group
Next by Date: Re: Formal consultation prior to closing the secsh working group
Previous by Thread: Re: Formal consultation prior to closing the secsh working group
Next by Thread: Re: Formal consultation prior to closing the secsh working group
Indexes:

Home | Main Index | Thread Index | Old Index