Re: secdir review of draft-ietf-secsh-publickey-subsystem-07.txt

To: Sam Weiler <weiler%tislabs.com@localhost>
Subject: Re: secdir review of draft-ietf-secsh-publickey-subsystem-07.txt
From: Jon Bright <jon%siliconcircus.com@localhost>
Date: Thu, 05 Oct 2006 17:38:18 +0200

Hi Sam,

Short replies to your comments below.  Thanks for the review.

Sam Weiler wrote:

Substance:

Section 4.3: Noticing that there's no way to revoke all keys without
explicitly naming them, i'm wondering if it would be wise to say that
implementations SHOULD support the 'list' operation. (Or,alternatively, add a 'revoke all' command.)


I've change the "MAY not..." text to a "SHOULD".

Section 4.1: It's not clear to me whether the "from" list containshostnames, IP addrs, or ...? Perhaps be a bit more specific.

I've added the following text: "For IP-based networks, it is anticipatedthat the "from" parameter will take the form of a specific IP address orhostname."

Section 1 uses a 2119 SHOULD: "If password authentication is used,
servers SHOULD provide a configuration option to disable the use of
password authentication after the first public key is added."  Is that
2119 SHOULD really necessary?

Following the comments from Jeffrey Hutzelman and Sam Hartman, I've notchanged this text.

I was not entirely clear until section 3 that this doc was talking
about USER keys.  Please say that more explicitly in both the abstract
and introduction.

In both the abstract and introduction, I've swapped "...defines anauthentication mechanism..." for "...defines a user authenticationmechanism...".

Throughout, the doc talks about "packets" instead of "messages"
(e.g. in section 3, "the server sends response packets" or in section
3.4, "...the first 15 bytes of the version packet") -- is that really
the appropriate term in this context?


As noted by Jeffrey Hutzelman, it's consistent with SSH terminology.

Section 3.4 mentions that this is version 2 of the protocol.  I'd
appreciate a historical note re: where version 1 is defined or, if itwasn't defined, why we're using version #2.

I've added the following sentence: "Version 1 was used by an early draftof this document. The version number was incremented after changes inthe handling of status packets."

Section 3.1 uses the phrase "...close the subsystem", which seems a
bit unusual.  Is that usage consistent with the rest of the SSH docs?


See Jeffrey Hutzelman's note on this.

--
Jon Bright
Silicon Circus Ltd.
http://www.siliconcircus.com

Follow-Ups:
- Re: secdir review of draft-ietf-secsh-publickey-subsystem-07.txt
  - From: Sam Weiler

Prev by Date: Re: COMMENT: draft-ietf-secsh-publickey-subsystem
Next by Date: IESG comments
Previous by Thread: Re: COMMENT: draft-ietf-secsh-publickey-subsystem
Next by Thread: Re: secdir review of draft-ietf-secsh-publickey-subsystem-07.txt
Indexes:

Home | Main Index | Thread Index | Old Index