Re: [saag] draft-kwatsen-reverse-ssh submission for review

["t.petch" <ietfc%btconnect.com@localhost>]

----- Original Message -----
From: "Kent Watsen" <kwatsen%juniper.net@localhost>
To: "Joe Touch" <touch%isi.edu@localhost>
Cc: <saag%ietf.org@localhost>; <ietf-ssh%NetBSD.org@localhost>
Sent: Friday, May 13, 2011 4:49 AM

> > What's the reason for not solving this by having the client just listen
> > on the SSH server port?
>
> Because then it would be expected to be the SSH server.  As discussed in the
Introduction, a goal of this draft is to ensure the device is always the SSH
server and the application is always the SSH client.  We don't want to disturb
which peer is which as far as the SSH Transport, Authentication, and Connection
protocols are concerned.
>

I do :-)

SSH does not authenticate the user or the application, it authenticates SSH.

The proper solution is channel binding in which case it does not matter who
is SSH client and who is SSH server, and the existing SSH technology can
be reused unaltered.

Incidentally, I think that this discussion needs a home, be it ietf-ssh or
whatever;
having more than one makes a mess of mailing lists.

Tom Petch

>
> Thanks,
> Kent
>
>
>