Re: AD Review for draft-ietf-secsh-publickey-subsystem

[Jon Bright <jon%siliconcircus.com@localhost>]

Sam Hartman wrote:
> 1) There is no definition of the public key algorithms or the public
> key blobs. Please clearly reference what the contents of the public key
> blob should be.

Opening of section 2: "The format of public-key blobs are detailed in 
the SSH Transport Protocol document [2].".  Is this not sufficient, or 
had you overlooked it?

> 2) The abstract cannot contain references.  

I've moved the paragraph starting "This protocol is intended to be used 
from the Secure Shell Connection Protocol.." out of the Abstract and 
into Introduction.

> There needs to be a
>     terminology section with the standard RFC 2119 language if you are
>     going to use 2119 keywords.  

Added betweek Introduction and Overview.

> id-nits (check
>     http://tools.ietf.org/wg/secsh ) claims there are missing
>     references.

Fixed by updating to the RFCs which obsoleted the referenced RFCs.

> 3) What check must a server apply for the from hosts?  Is that an IP
>     address/reverse DNS check?  Is the server expected to use
>     cryptographic information when available (host keys)?  Presumably not, but you should say this.

That's really platform-dependent.  I've added the following text: "The 
server should use whatever method is appropriate for its platform to 
identify the host - e.g. for IP-based networks, checking the IP address 
or performing a reverse DNS lookup."

> 4) 64-chars seems too short for local names.  A DNS domain name can be
>     much longer than that.

This was discussed previously in the WG.  The requirement is that way 
because the requirement in ssh-arch is the same:

"In this protocol, all algorithm and method identifiers MUST be 
printable US-ASCII, non-empty strings no longer than 64 characters. 
Names MUST be case-sensitive."

> 5) Please use RFC 3066 for language tags.

As above, updated to 1766.

--
Jon Bright
Silicon Circus Ltd.
http://www.siliconcircus.com