IESG comments

[Jon Bright <jon%siliconcircus.com@localhost>]

Hi,

I've sent individual mails to Lisa Dusseault and Sam Weiler regarding 
their comments.  Since I don't have addresses for the other people who 
commented, I'm covering them here.

Lars Eggert:

3.1 para 8 : This is covered in RFC4254.

3.4 para 1 : I've clarified the text to "Both sides MUST start a 
connection..."

4.3 para 4 : critical isn't reported because some servers (indeed, I 
believe most/all current implementations?) may choose not to store that 
information.  The security properties of "critical" are checked at the 
time of the add.

6.2.1 para 2 : Fixed

Cullen Jennings:

In order to be able to add the public key, the user has to have started 
the subsystem, which implies that the SSH connection protocol is 
running, which implies that the user has authenticated themselves to the 
server.  This is equivalent to the various manual methods of adding keys 
the server for authentication.

Dan Romascanu:

I don't believe the document describes anything which requires a 
deployment strategy.  There should be no interactions with other 
subsystems.  No effects on other applications or the network are 
anticipated.  Monitoring and management would probably be covered by any 
monitoring and management for the SSH server itself.  In other words, if 
an operational considerations section were added, it would be short.

--
Jon Bright
Silicon Circus Ltd.
http://www.siliconcircus.com