Nicolas Williams | 3 Dec 23:18 2002
Picon

Language negotiation clarification requested

The draft-ietf-secsh-transport-15.txt document is under-specified with
respect to how languages are to be negotiated (or even what they are
negotiated for).

I propose a few clarifications:

 - The default language for messages that have missing optional language
   tags should be taken to be the primary language negotiated for the
   direction of the message or, if none was agreed, the first language
   in the sender's language support list.

 - Language tag negotiation during key exchange should be done in such a
   manner that exact matches are preferred, followed by matches by
   language tag prefix (language tags have a primary tag and optional
   sub-tags; "en-GB" has a primary tag "en" and a sub-tag "GB").  Other
   algorithms are possible, but only one should be specified and allowed.

   That is, if one side speaks only "en-GB" and the other only "en-US"
   then the agreed upon language should be "en" and one side should
   treat "en" as an alias of "en-GB" and the other as an alias of
   "en-US" (because, Churchill's witty remark(s) to the contrary
   notwithstanding, the two are close enough for our purposes :)

   The exact algorithm by which a single language set is derived from
   two languages_client_to_server or two languages_server_to_client
   value should be specified because there's currently no other
   way for each side to determine the other's view of the end result of
   language negotiation.  Alternatively the language negotiation should
   be extended with additional messages.  Either way, at the end of the
   negotiation both side have to agree exactly on negotiated languages
(Continue reading)

Paul Swartz | 3 Dec 23:26 2002

SSH2 server/client supporting PGP keys?

I sent this originally to c.s.ssh, but I thought 
I'd try here too.
The SSH2 spec supports PGP keys in OpenPGP format 
for host keys and for user authentication. I plan 
on adding support for this to my SSH2 server and 
client and was wondering if there are other 
servers and clients that support this that I could 
test against? 
-p
--

-- 
     Paul Swartz
(o_  http://twistedmatrix.com/users/z3p.twistd/
//\  z3p <at> twistedmatrix.com
V_/_ AIM: Z3Penguin

Bill Sommerfeld | 3 Dec 23:57 2002
Picon

Re: Language negotiation clarification requested

the core drafts are currently "frozen" except for process nits.

i'm taking this as yet another "defer until we come back to draft
standard" issue.

					- Bill

Chris Newman | 4 Dec 01:22 2002
Picon

Re: Language negotiation clarification requested

begin quotation by Nicolas Williams on 2002/12/3 14:18 -0800:
> Additionally, the SSHv2 drafts should reference RFC3066, not RFC1766
> (the former obsoletes the latter).

begin quotation by Bill Sommerfeld on 2002/12/3 17:57 -0500:

> the core drafts are currently "frozen" except for process nits.
>
> i'm taking this as yet another "defer until we come back to draft
> standard" issue.

A normative reference to an obsolete RFC is a process nit.  If the ADs 
notice, they will tell you to update the reference before publication 
(although fixing it in RFC editor 48-hour last call is probably fine).

The other points are valid, but I concur with the decision to defer them.

                - Chris

Richard Whalen | 4 Dec 15:09 2002

RE: New draft-draft of sftp...

I don't recall seeing any discussion on the proposed "file is hidden" flag.

I have no problems with it, though it will not be used in a VMS
implementation.

No problems with the rest of the changes below either.

-----Original Message-----
From: Joseph Galbraith [mailto:galb-list <at> vandyke.com]
Sent: Monday, November 25, 2002 4:40 PM
To: ietf-ssh <at> netbsd.org
Subject: New draft-draft of sftp...

Greetings,

Here, is a new draft-draft of the sftp draft.

Changes are a little bit more extensive than
I remembered at the meeting:

o Copied more NFS to clarify ACLs and reserved
  identifiers for the ACL who field.  Thanks
  Richard.

  (I may need to do one more round of this--
  in the context of normative vs. non-normative,
  I would prefer our NFS references to be non-normative,
  which means we have to included sufficient
  information to stand alone.  Probably a good
  idea anyway.)
(Continue reading)

Nicolas Williams | 5 Dec 00:48 2002
Picon

Connectathon 2003 reminder

[Reminder: The early registration for Connectathon closes at the end of
           this month.]

Get ready for Connectathon 2003!  The 17th annual interoperability
testing event for engineers only will be held Feb. 27-March 6, 2003 in
San Jose, California.  For the past 2 years, Connectathon booth space
has sold out!  Get your registration forms and fees in early and take
advantage of registration discounts available through December 31st.

Connectathon, sponsored by Sun Microsystems, Inc., hosts over 50
companies annually in an effort to test and debug source code which
utilize the following technologies and protocols:

NFS versions 2, 3 and 4
NFS over RDMA
NFSv4 replication and migration
Lock Manager
Kerberos
Automounter
IPv6
IPsec
NDMP
Mobile IPv6
Secure Shell
CIFS

Based on demand, in addition we are considering to offer:
Diameter/AAA
SCTP
LDAP
(Continue reading)

Bill Sommerfeld | 6 Dec 03:31 2002
Picon

Re: SSH2 server/client supporting PGP keys?

> I sent this originally to c.s.ssh, but I thought 
> I'd try here too.
> The SSH2 spec supports PGP keys in OpenPGP format 
> for host keys and for user authentication. I plan 
> on adding support for this to my SSH2 server and 
> client and was wondering if there are other 
> servers and clients that support this that I could 
> test against? 

I'm personally unaware of any implementation which does this but i'm
not omniscient.  (this isn't fatal at proposed standard status).

If you find the spec ambiguous/underspecified, you owe us an I-D
fleshing out the details ;-)

					- Bill

Richard Silverman | 6 Dec 05:26 2002
Picon
Picon

Re: SSH2 server/client supporting PGP keys?

On Thu, 5 Dec 2002, Bill Sommerfeld wrote:

> > I sent this originally to c.s.ssh, but I thought
> > I'd try here too.
> > The SSH2 spec supports PGP keys in OpenPGP format
> > for host keys and for user authentication. I plan
> > on adding support for this to my SSH2 server and
> > client and was wondering if there are other
> > servers and clients that support this that I could
> > test against?
>
> I'm personally unaware of any implementation which does this but i'm
> not omniscient.  (this isn't fatal at proposed standard status)...

The ssh.com Unix implementation can use OpenPGP keys for public-key
authentication.

--

-- 
  Richard Silverman
  slade <at> shore.net

Bill Sommerfeld | 6 Dec 05:28 2002
Picon

Re: New draft-draft of sftp...

> There are certainly undeniable reasons why client-side globbing
> causes problems. Unfortunately, I consider this to be an undeniable
> reason why server-side globbing can _also_ cause problems. Where
> does that leave us? On the one hand, we have potentially inaccurate
> results; on the other, we have a potential security hazard (although
> as far as I know I'm the only SCP implementor who considers it
> remotely important). 

(WG chair hat off)

yes, I agree that seems like something to worry about.

Trusting that the server won't feed you bogus pathnames as the result
of a glob request seems unwise.

					  - Bill

Picon

Comunicacion cientifica a la comunidad de Internet y de la Sociedad de la Informacion

Versión español al frente, versión portuguesa a continuación,
versión inglesa al final.
----------------------------------------------------------------------
------------

Comunicación científica a la comunidad de Internet y a la comunidad
de la Sociedad de la Información.
La Sociedad Digital – www.sociedaddigital.org /
www.asociedadedigital.org 

La presente comunicación tiene como objetivo informar a la comunidad
de Internet y a la comunidad de la Sociedad de la Información las
novedades de los últimos meses del Proyecto La Sociedad Digital.

La Sociedad Digital es un proyecto abierto a la comunidad de
Internet y de la Sociedad de la Información en el ámbito
iberoamericano principalmente, pero no restringido exclusivamente a
él. Se trata de la creación del primer espacio de convergencia para
los especialistas de habla castellana y portuguesa, bajo la forma de
un Portal de la Sociedad de la Información (www.sociedaddigital.org
/ www.asociedadedigital.org).

La estructuración de este espacio comprende, en primer lugar, una
subdivisión por áreas temáticas consideradas trascendentes para el
desarrollo de la Sociedad de la Información, tales como lengua,
brecha digital, gobierno digital, estudios especiales, legislación,
situación por países, etc. Una segunda subdivisión apunta a
elementos de interactividad como noticias, proyectos, observatorios
de información, etc. que apuntan a generar un espacio de intercambio
y sinergia entre los especialistas de la región, en la búsqueda de
(Continue reading)


Gmane