From bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org Tue Jul 5 16:25:11 2011 Return-Path: X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B728321F89AF for ; Tue, 5 Jul 2011 16:25:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DHPfudcQ8riJ for ; Tue, 5 Jul 2011 16:25:10 -0700 (PDT) Received: from mail.netbsd.org (ns.NetBSD.org [IPv6:2001:4f8:3:7::53]) by ietfa.amsl.com (Postfix) with ESMTP id 0D4E821F89AE for ; Tue, 5 Jul 2011 16:25:07 -0700 (PDT) Received: by mail.netbsd.org (Postfix, from userid 605) id AFA7014A0DA; Tue, 5 Jul 2011 23:25:04 +0000 (UTC) Delivered-To: ietf-ssh@netbsd.org Received: by mail.netbsd.org (Postfix, from userid 1347) id 5A10414A0D8; Tue, 5 Jul 2011 23:25:04 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 71BF814A0A6 for ; Tue, 5 Jul 2011 22:37:29 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id V3tllkuaU2Ly for ; Tue, 5 Jul 2011 22:37:27 +0000 (UTC) Received: from exprod7og101.obsmtp.com (exprod7og101.obsmtp.com [64.18.2.155]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id 6906314A0A5 for ; Tue, 5 Jul 2011 22:37:27 +0000 (UTC) Received: from P-EMHUB03-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob101.postini.com ([64.18.6.12]) with SMTP ID DSNKThOSJiYJ4KqNqJHZFKABbDxzrkK6190I@postini.com; Tue, 05 Jul 2011 15:37:27 PDT Received: from EMBX01-HQ.jnpr.net ([fe80::c821:7c81:f21f:8bc7]) by P-EMHUB03-HQ.jnpr.net ([::1]) with mapi; Tue, 5 Jul 2011 15:32:14 -0700 From: Kent Watsen To: "ietf-ssh@NetBSD.org" , "saag@ietf.org" Date: Tue, 5 Jul 2011 15:32:09 -0700 Subject: RE: [saag] draft-kwatsen-reverse-ssh-01 submission for review Thread-Topic: [saag] draft-kwatsen-reverse-ssh-01 submission for review Thread-Index: AcwmUDMylkY2FD/lRWGPlPpb3vcEuAApMekwBRaDDvA= Message-ID: <84600D05C20FF943918238042D7670FD3E83C429A6@EMBX01-HQ.jnpr.net> References: <965_1307576669_p58NiSYT016404_84600D05C20FF943918238042D7670FD3E81EA1164@EMBX01-HQ.jnpr.net> <1307587911.7092.331.camel@destiny> <84600D05C20FF943918238042D7670FD3E82122E54@EMBX01-HQ.jnpr.net> In-Reply-To: <84600D05C20FF943918238042D7670FD3E82122E54@EMBX01-HQ.jnpr.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 Sender: ietf-ssh-owner@NetBSD.org List-Id: ietf-ssh.NetBSD.org Precedence: list DQpBbGxvd2luZyB0aGUgU1NIIHNlcnZlciBvcGVuIGNoYW5uZWxzIG9uIHRoZSBjbGllbnQgaGFz IGEgbG90IG9mIG1lcml0Lg0KDQpJbiB0cnlpbmcgdG8gZXh0ZW5kIHRoZSBnZW5lcmljIFNTSCBz ZXJ2ZXIgKGxpc3RlbmluZyB0byBwb3J0IDIyKSwgd291bGQgdGhlIGNsaWVudCBzdGFydCBhbiBh cHBsaWNhdGlvbi1zcGVjaWZpYyBzdWJzeXN0ZW0gaGF2aW5nIHRoZSBidXNpbmVzcyBsb2dpYyBr bm93aW5nLCBmb3IgaW5zdGFuY2UsIGhvdyBtYW55IGNoYW5uZWxzIHRvIG9wZW4sIGV0Yz8gIFRo aXMgc29sdXRpb24gd291bGQgbGlrZWx5IHJlcXVpcmUgYSBQQU0gbW9kdWxlIGF1dGggdGhlIGNs aWVudCAoaS5lLiB0aGUgZGV2aWNlKSBpbiB0aGUgYXBwJ3MgZGF0YWJhc2UsIHNpbmNlIGl0cyBz dXJlbHkgbm90IGEgc3lzdGVtLWxldmVsIHVzZXIuICBUaGlzIHNvbHV0aW9uIHdvdWxkIHVzZSBt b3JlIHN5c3RlbSByZXNvdXJjZXMgKHByb2Nlc3NlcywgZG9tYWluIHNvY2tldHMsIGV0Yy4pIHRo YW4gb3VyIGN1cnJlbnQgaW1wbGVtZW50YXRpb24uDQoNCkEgbGVzcyByZXNvdXJjZSBpbnRlbnNp dmUgb3B0aW9uIHdvdWxkIGJlIGZvciB0aGUgInNlcnZlciIgdG8gYmUgdGhlIGFwcGxpY2F0aW9u IGl0c2VsZiwgbGlua2VkIHRvIGEgU1NIIHNlcnZlciBsaWJyYXJ5LiAgIE9mIGNvdXJzZSwgdGhp cyBzZXJ2ZXIgd291bGRuJ3QgYmUgYWJsZSB0byBsaXN0ZW4gb24gcG9ydCAyMiwgc2luY2UgaXQg d291bGRuJ3QgYmUgZ2VuZXJpYy4gIFdvdWxkIG5vdCBiZWluZyBnZW5lcmljIGRlZmVhdCB0aGUg cHVycG9zZSBvZiB0cnlpbmcgdG8gZG8gdGhpcyBpbnNpZGUgdGhlIFNTSCBwcm90b2NvbD8NCg0K SW4gYm90aCBjYXNlcywgdGhlIHNvbHV0aW9uIHdvdWxkIHJlbHkgb24gdGhlIGRldmVsb3BlcnMg b2YgdGhlIHZhcmlvdXMgU1NIIGFwcHMgYW5kIGxpYnJhcmllcyB0byBzdXBwb3J0IHRoaXMgYWJp bGl0eS4gIFRoaXMgbWlnaHQgYmUgZGlmZmljdWx0IHNlbGwgZ2l2ZW4gdGhlIHVzZS1jYXNlIGlz IHNvbWV3aGF0IGxpbWl0ZWQgdG8gbmV0d29yayBtYW5hZ2VtZW50OyBub3QgdGhhdCBpdCBjb3Vs ZG4ndCBiZSB1c2VkIGZvciBvdGhlciBwdXJwb3NlcywgSSBqdXN0IGNhbiB0aGluayBvZiBhbnkg b3RoZXIuICBBc3N1bWluZyB3ZSdyZSBhYmxlIHRvIHVwZGF0ZSB0aGUgU1NIIGltcGxlbWVudGF0 aW9ucywgd2UnZCB0aGVuIGhhdmUgdG8gY29udmluY2UgYWxsIHRoZSBkZXZpY2VzIHRvIHVzZSB0 aGlzIG5ldyB2ZXJzaW9uIG9mIHRoZSBTU0ggY2xpZW50IC0gdGhlIHJvbGUtb3V0IGNvdWxkIHRh a2UgYXdoaWxlLi4uDQoNCkknbSBzdGlsbCBhIGJpdCBwYXJ0aWFsIHRvIG15IG9yaWdpbmFsIHBy b3Bvc2FsLCBib290c3RyYXBwaW5nIHRoZSBzdGFuZGFyZCBTU0ggcHJvdG9jb2wsIHNvIHRoZSBk ZXZpY2UgaXMgYWx3YXlzIHJ1bm5pbmcgYHNzaGRgLiAgVGhpcyBzb2x1dGlvbiBpcyBlYXN5IHRv IGltcGxlbWVudCBhbmQgd29ya3Mgd2l0aCBhbGwgZXhpc3RpbmcgU1NIIGFwcHMgYW5kIGxpYnJh cmllcy4gIElmIHRoZXJlIGlzIGFueSBpbnRlcmVzdCBpbiBnb2luZyBiYWNrIHRvIHRoaXMgYXBw cm9hY2gsIHdlIGNvdWxkIGdyZWF0bHkgaW1wcm92ZSB0aGUgLTAwIGRyYWZ0IGJ5IGVuYWJsaW5n IHRoZSBNQUMgYW5kIGhvc3Qta2V5IGFsZ29yaXRobXMgdG8gYmUgbmVnb3RpYXRlZCwgZXhhY3Rs eSBsaWtlIFNTSCwgaW5zdGVhZCBvZiBtYW5kYXRpbmcgdGhlIHVzZSBvZiBobWFjLXNoYTI1Ni4g IEFueSBpbnRlcmVzdCBpbiBnb2luZyBiYWNrIHRvIHRoaXMgYXBwcm9hY2g/IA0KDQpUaGFua3Ms DQpLZW50DQoNCg0KDQotLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KRnJvbTogc2FhZy1ib3Vu Y2VzQGlldGYub3JnIFttYWlsdG86c2FhZy1ib3VuY2VzQGlldGYub3JnXSBPbiBCZWhhbGYgT2Yg S2VudCBXYXRzZW4NClNlbnQ6IE1vbmRheSwgSnVuZSAxMywgMjAxMSA2OjAwIFBNDQpUbzogSmVm ZnJleSBIdXR6ZWxtYW4NCkNjOiBpZXRmLXNzaEBOZXRCU0Qub3JnOyBzYWFnQGlldGYub3JnDQpT dWJqZWN0OiBSZTogW3NhYWddIGRyYWZ0LWt3YXRzZW4tcmV2ZXJzZS1zc2gtMDEgc3VibWlzc2lv biBmb3IgcmV2aWV3DQoNCg0KSGkgSmVmZiwNCg0KVGhhbmsgeW91IGZvciBzZW5kaW5nIG91dCB5 b3VyIGNvbW1lbnRzIQ0KDQoNCj4gU28sIGxldCdzIG1ha2Ugc3VyZSBJIGhhdmUgdGhpcyByaWdo dC4gIEEgZGV2aWNlICJjYWxsaW5nIGhvbWUiIGlzIGdvaW5nDQo+IHRvIGNvbm5lY3QgdG8gc29t ZSBzZXJ2ZXIgb24gcG9ydCAyMiwgYW5kIGV4cGVjdCB0aGUgc2VydmVyIHRvDQo+IGltbWVkaWF0 ZWx5IHBpY2sgdXAgdGhlIHJvbGUgb2YgYmVpbmcgYW4gU1NIIGNsaWVudD8NCg0KWWVzLCB0aGlz IGlzIHRoZSBwcm9wb3NhbA0KDQoNCj4gSG93IGlzIHRoZSBzZXJ2ZXIgdG8gZGlzdGluZ3Vpc2gg YmV0d2VlbiBzdWNoIGEgZGV2aWNlIGFuZCBhIG5vcm1hbCBzc2gNCj4gY2xpZW50IGJlaW5nIHVz ZWQgYnkgYW4gYWRtaW4gd2hvIHdhbnRzIHRvIGxvZyBpbiB0byB0aGUgc2VydmVyPyAgT3IgYnkN Cj4gc29tZSBvdGhlciBwcm90b2NvbCB0aGF0IHJ1bnMgb3ZlciBzc2g/DQoNCkl0IGNhbid0LCB0 aGUgc2VydmVyIGhhcyB0byAqa25vdyogdGhhdCBpdCdzIGhhdmluZyB0aGlzIHB1cnBvc2UuICBB cyBtZW50aW9uZWQgYmVmb3JlLCB0aGUgZGV2aWNlcyBjYW4ndCBjb25uZWN0IHRvIGEgZ2VuZXJp YyBTU0ggc2VydmVyLCBzaW5jZSBhcHBsaWNhdGlvbi1sZXZlbCBidXNpbmVzcyBsb2dpYyBuZWVk cyB0byBiZSBsaW5rZWQtaW4gdG8gb3BlbiBjaGFubmVscyB0byB0aGUgZGV2aWNlIGFuZCB3aGF0 IG5vdC4gIFRoaXMgaXMgd2h5IGlzIGNhbid0IGJlIGEgZ2VuZXJpYyBTU0ggc2VydmVyLiAgSXQn cyBhbHNvIHdoeSBhIGRpc3RpbmN0IElBTkEtYXNzaWduZWQgcG9ydCBtaWdodCBiZSBnb29kLCBz byBhcyB0byBkaXNjb3VyYWdlIHN0YW5kYXJkIFNTSCBjbGllbnRzIGZyb20gdHJ5aW5nIHRvIGNv bm5lY3QgdG8gaXQuDQoNCg0KDQo+IEknbSBwcmV0dHkgc3VyZSBJIHJlY2FsbCB0aGUgZGlzY3Vz c2lvbiBvbiB0aGlzIHBvaW50IGludm9sdmluZyBzb21lDQo+IHNvcnQgb2YgbmVnb3RpYXRpb24s IHJhdGhlciB0aGFuIGEgcmVxdWlyZW1lbnQgdGhhdCBib3RoIHNpZGVzIGtub3cgYQ0KPiBwcmlv cmkgd2hpY2ggcHJvdG9jb2wgdmFyaWFudCB0aGV5J3JlIGdvaW5nIHRvIHNwZWFrLiAgSW4gZmFj dCwgSSBzZWVtDQo+IHRvIHJlY2FsbCBkZXIgTW91c2Ugc3VnZ2VzdGluZyB1c2Ugb2YgYSBwcmUt a2V4IGV4dGVuc2lvbiBwYWNrZXQgdG8NCj4gaW5kaWNhdGUgdGhpcy4NCg0KVHJ1ZS4gIE5vdCB0 aGF0IGl0J3MgYSBnb29kIGV4Y3VzZSwgYnV0IGl0IEkgY291bGRuJ3QgZmluZCBhIHdheSB0byBo YXZlIGEgcHJlLWtleCBleHRlbnNpb24gcGFja2V0IHRoYXQgd291bGRu4oCZdCBhbHNvIG5lY2Vz c2l0YXRlIHZlcnNpb25pbmcgdGhlIFNTSCBUcmFuc3BvcnQgTGF5ZXIgcHJvdG9jb2wgKFNTSCAy LjEpLiAgSSB3YXNuJ3Qgc3VyZSBpZiB0aGlzIHdhcyBnb2luZyB0byBiZSBPSy4gIEkgbmVnbGVj dGVkIHRvIG1lbnRpb24gYW55dGhpbmcgYWJvdXQgdGhpcyB3aGVuIEkgc2VudCBvdXQgdGhlIHVw ZGF0ZSAtIHRoYW5rcyBmb3IgY2F0Y2hpbmcgaXQhICBJZiBkZXNpcmVkLCBJJ2xsIGNlcnRhaW5s eSB1cGRhdGUgdGhlIGRyYWZ0IHRvIGNvbXBsZXRlIHRoaXMgaXRlbS4uLiAgW1BTOiBJIGxpa2Ug bW9yZSB5b3VyIGlkZWEgdG8gbGV0IHRoZSBTU0ggc2VydmVyIG9wZW4gY2hhbm5lbHMgb24gdGhl IFNTSCBjbGllbnQsIG1vcmUgb24gdGhhdCBiZWxvd10NCg0KDQoNCj4gVGhpcyBpcyBub3QgdGhl IHdheSB0byBhY2hpZXZlIHdoYXQgeW91J3JlIHRyeWluZyB0byBkby4gIE5vciBpcw0KPiBzcGVj aWZ5aW5nIHVzZSBvZiBvbmx5IHBhcnRpY3VsYXIgaG9zdCBrZXkgYWxnb3JpdGhtcywgd2hpY2gg cmF0aGVyDQo+IGJhZGx5IGJyZWFrcyBtb2R1bGFyaXR5LiAgRnVydGhlciwgd2hhdCB5b3UndmUg ZG9uZSBkb2Vzbid0IGFjdHVhbGx5IGJ1eQ0KPiBhbnl0aGluZy4gIElmIHRoZSBITUFDIGlzIHBy ZWNvbXB1dGVkIGJlZm9yZSB0aGUgZGV2aWNlIHRoYXQgd2lsbCBhY3QgYXMNCj4gU1NIIHNlcnZl ciBpcyBkZXBsb3llZCwgdGhlbiB0aGVyZSBpcyBubyBvcGVyYXRpb25hbCBhZHZhbnRhZ2Ugb3Zl cg0KPiBYLjUwOSBjZXJ0aWZpY2F0ZXMuICBPbiB0aGUgb3RoZXIgaGFuZCwgaWYgdGhlIEhNQUMg aXMgY29tcHV0ZWQgYXQgdGhlDQo+IHRpbWUgb2YgdGhlIGNvbm5lY3Rpb24sIHRoZW4gYm90aCB0 aGUgY2xpZW50IGFuZCBzZXJ2ZXIgbXVzdCBrbm93IHRoZQ0KPiBrZXkgX2FuZF8gdGhlcmUgbXVz dCBiZSBhIGRpZmZlcmVudCBrZXkgZm9yIGVhY2ggY2xpZW50L3NlcnZlciBwYWlyIChzbw0KPiBv bmUgZGV2aWNlIGNhbm5vdCBpbXBlcnNvbmF0ZSBhbm90aGVyKS4gIEluIHdoaWNoIGNhc2UsIHlv dSBtYXkgYXMgd2VsbA0KPiBwcmVzaGFyZSBwZXItZGV2aWNlIFJTQSBrZXlzIGluc3RlYWQgb2Yg cGVyLWRldmljZSBITUFDIGtleXMuDQo+DQo+IEV4Y2VwdCBpbiBjYXNlcyBsaWtlIFguNTA5ICh3 aGVyZSBhIGhvc3Qga2V5IGlzIGFzc29jaWF0ZWQgd2l0aCBhDQo+IGxvbmctdGVybSBzaWduYXR1 cmUgYnkgc29tZSB0cnVzdGVkIHRoaXJkIHBhcnR5KSwgU1NIIHByb3ZlcyBzZXJ2ZXINCj4gaWRl bnRpdHkgYW5kIGF1dGhlbnRpY2F0ZXMgaG9zdCBrZXlzIGFzIHBhcnQgb2Yga2V5IGV4Y2hhbmdl LiAgSWYgbm9uZQ0KPiBvZiB0aGUgYWxyZWFkeS1kZWZpbmVkIEtFWCBtZXRob2RzIGFyZSBzdWl0 YWJsZSBmb3IgeW91ciBuZWVkcywgdGhlbiBpdA0KPiBtaWdodCBiZSBwb3NzaWJsZSB0byBkZWZp bmUgYSBuZXcgb25lIGFsb25nIHRoZSBsaW5lcyBvZiB3aGF0IHlvdSd2ZQ0KPiBkZXNjcmliZWQu ICBIb3dldmVyLCBJIHNlcmlvdXNseSBkb3VidCBpdHMgdXRpbGl0eSwgZm9yIHRoZSByZWFzb25z DQo+IGRlc2NyaWJlZCBhYm92ZS4NCg0KSSBleHBlY3RlZCB0aGlzIHRvIGJlIGNoYWxsZW5nZWQs IGFzIGl0J3MgcXVpdGUgdW5pcXVlLiAgIExldCBtZSBzdGFydCBieSBzdGF0aW5nIHRoYXQgd2Ug KEp1bmlwZXIpIGhhdmUgYmVlbiB1c2luZyBhbiBITUFDIHRvIHNlY3VyZSByZXZlcnNlLXNzaCBj b25uZWN0aW9ucyBmb3IgYSBmZXcgeWVhcnMgbm93LiAgV2UgdXNlIHRoZSBITUFDIGluIGEgYm9v dHN0cmFwcGluZyBtZXNzYWdlIHNpbWlsYXIgdG8gdGhhdCBkZXNjcmliZWQgYnkgdGhlIC0wMCB2 ZXJzaW9uIG9mIHRoaXMgZHJhZnQuICBDcmVhdGluZyB0aGUgImhtYWMtKiIgZmFtaWx5IG9mIGFs Z29yaXRobXMgd2FzIG9ubHkgdG8gcHJlc2VydmUgdGhpcyBmdW5jdGlvbmFsaXR5IGluIHRoZSBT U0ggcHJvdG9jb2wgaXRzZWxmLg0KDQpUaGUgd2F5IGl0IHdvcmtzIGlzIGFzIGZvbGxvd3MuICBU aGUgTk1TIGNyZWF0ZXMgYW4gZW50cnkgaW4gaXRzIGRhdGFiYXNlIGZvciB0aGUgZGV2aWNlIGl0 IGV4cGVjdHMgd2lsbCBjb25uZWN0IHNvbWV0aW1lIGxhdGVyLiAgVGhlIGVudHJ5IGlzIGtleWVk IGJ5IGEgImRldmljZS1pZCIgYW5kIGEgdW5pcXVlIEhNQUMgdmFsdWUgaXMgc3RvcmVkIGZvciBp dC4gIExhdGVyLCBKdW5pcGVyIHdpbGwgZHJvcC1zaGlwIHRoZSBkZXZpY2UgKHdpdGggZmFjdG9y eS1kZWZhdWx0IGltYWdlKSBkaXJlY3RseSB0byBpdHMgZGVzdGluYXRpb24gKGkuZS4gYSByZXRh aWwgb3V0bGV0IHN0b3JlKSwgd2hlcmUgaXQgaXMgZXhwZWN0ZWQgdGhhdCB0aGUgKnN0b3JlIG1h bmFnZXIqIHdpbGwgYmUgYWJsZSB0byBnZXQgaXQgdXAgYW5kIHJ1bm5pbmcuICBCZWluZyBub3Qg dmVyeSB0ZWNobmljYWwsIHRoZSBzdG9yZSBtYW5hZ2VyIGZvbGxvd3Mgc2ltcGxlIGluc3RydWN0 aW9ucyBzZW50IGZyb20gSFEgKHBsdWcgcGhvbmUgY2FibGUgaGVyZSwgcGx1ZyBwb3dlciBjYWJs ZSBoZXJlLCB3YWl0IGZvciBsaWdodCB0byBibGluaywgY2FsbCB0aGlzIG51bWJlciwgZXRjLiku ICBVbHRpbWF0ZWx5LCB0aGUgZGV2aWNlIG5lZWRzIHRvIGdldCBlbm91Z2ggY29uZmlnIHRvIGlu aXRpYWxpemUgaXRzIG5ldHdvcmsgc3RhY2sgYW5kIHNlY3VyZWx5ICJjYWxsIGhvbWUiIHRvIGl0 cyBOTVMuICBUaGUgZGV2aWNlIE1BWSBnZXQgdGhpcyBpbmZvcm1hdGlvbiBmcm9tIGEgREhDUCBz ZXJ2ZXIgYW5kL29yIFVTQiBwZW4tZHJpdmUgcGx1Z2dlZCBpbnRvIGl0IGFuZC9vciB2aWEgaXRz IHdlYi9jbGkgaW50ZXJmYWNlcy4gIEZvciBhbiBITUFDLCB3ZSdkIG5ldmVyIHB1dCB0aGUgSE1B Qy1rZXkgb24gYSBESENQIHNlcnZlciB0byBiZSByZXRyaWV2ZWQgdmlhIG9wdGlvbiA0MyAoYXMg dGhhdCB3b3VsZCBiZSBpbnNlY3VyZSksIHdlIGVpdGhlciBleHBlY3QgdGhlIEhNQUMta2V5IHRv IGJlIHJlYWQgb2ZmIGEgVVNCIGRyaXZlIG9yIG1hbnVhbGx5IGtleWVkIGluIGJ5IHRoZSBzdG9y ZSBtYW5hZ2VyLg0KDQpJJ20gbm90IHN1cmUgd2hhdCB5b3UgbWVhbiBieSBtb2R1bGFyaXR5LCBi dXQgcmVnYXJkaW5nIG9wZXJhdGlvbmFsIGFkdmFudGFnZSBvdmVyIHguNTA5IGNlcnRpZmljYXRl cywgY29uc2lkZXIgdGhlIGZvbGxvd2luZzogMSkgdGhlcmUncyBubyBvcHBvcnR1bml0eSBpbiB0 aGUgYWJvdmUgZGVzY3JpcHRpb24gZm9yIHRoZSBzdG9yZSBtYW5hZ2VyIHRvIGdldCBhIHguNTA5 IGNlcnRpZmljYXRlIGZvciB0aGUgZGV2aWNlJ3MgZHluYW1pY2FsbHktZ2VuZXJhdGVkIHByaXZh dGUta2V5LCAyKSB0aGUgSE1BQyBpcyBtdWNoIHNpbXBsZXIgdG8ga2V5IGluIHRoYW4gYSBQRU0g ZmlsZSAoZm9yIHdoZW4gY2xpL3dlYiBpbnRlcmZhY2UgaXMgdXNlZCB0byBkbyB0aGF0KQ0KDQoN Cg0KDQo+IEl0IHNvdW5kcyB0byBtZSBsaWtlIHlvdSByZWFsbHkgX2Rvbid0XyB3YW50IHRoZSBk ZXZpY2UgdG8gYmUgdGhlIFNTSA0KPiBzZXJ2ZXIgYXQgYWxsOyB5b3Ugb25seSB0aGluayB5b3Ug ZG8uICBJIHN1c3BlY3QgeW91IHJlYWxseSB3YW50IHRoZQ0KPiBkZXZpY2UgdG8gYmUgdGhlIFNT SCBfY2xpZW50XywgZXhjZXB0IHRoYXQgb25jZSB0aGUgY29ubmVjdGlvbiBpcyB1cCwNCj4geW91 IHdhbnQgdGhlIHNlcnZlciB0byBvcGVuIHNvbWUgc29ydCBvZiBzZXNzaW9uIHRvIHRoZSBjbGll bnQgdG8NCj4gZXhlY3V0ZSBjb21tYW5kcywgdHJhbnNmZXIgZmlsZXMsIHJ1biBuZXRjb25mIG9y IFNOTVAsIG9yIHdoYXRldmVyLg0KPg0KPiBJbnRlcmVzdGluZ2x5LCB0aGlzIHJvbGUgcmV2ZXJz YWwgLS0gYWxsb3dpbmcgdGhlIFNTSCBzZXJ2ZXIgdG8gb3Blbg0KPiBzZXNzaW9ucyBhbmQgcnVu IGNvbW1hbmRzIG9uIHRoZSBTU0ggY2xpZW50LCByZXF1aXJlcyBubyBjaGFuZ2UgdG8gdGhlDQo+ IFNTSCBwcm90b2NvbCBhdCBhbGwuICBJdCBzaW1wbHkgcmVxdWlyZXMgdGhhdCB0aGUgY2xpZW50 IHNpdCBhcm91bmQNCj4gd2FpdGluZyBmb3IgYSBjaGFubmVsLW9wZW4gcmVxdWVzdCBmcm9tIHRo ZSBzZXJ2ZXIgYW5kIGFjY2VwdCBpdCB3aGVuIGl0DQo+IGNvbWVzIGFyb3VuZC4gIFRoaXMgaXMg ZXhhY3RseSB0aGUgc29ydCBvZiBzaXR1YXRpb24gaW4gd2hpY2ggaXQgaXMNCj4gYXBwcm9wcmlh dGUgdG8gYmVoYXZlIGNvbnRyYXJ5IHRvIHRoZSBTSE9VTEQgaW4gUkZDNDI1NCBzZWN0aW9uIDYu MS4NCg0KVGhpcyBpcyBhIHZlcnkgaW50ZXJlc3RpbmcgaWRlYTsgaXQgd291bGQgYmUgKm11Y2gq IHNpbXBsZXIgdG8gYWxsb3cgdGhlIHNlcnZlciB0byBvcGVuIGNoYW5uZWxzIG9uIHRoZSBjbGll bnQuICBQcmVzdW1hYmx5IHRoZSBjbGllbnQgd291bGQgaGF2ZSB0byBiZSBjb25maWd1cmVkIHRv IGluZGljYXRlIHdoaWNoIHN1YnN5c3RlbXMgYXJlIGFsbG93ZWQgKHR0eSwgc2Z0cCwgbmV0Y29u ZikuDQoNCk9mIGNvdXJzZSwgYXMgbWVudGlvbmVkIGFib3ZlLCB3ZSBzdGlsbCBjb3VsZG4ndCB1 c2UgYSBnZW5lcmljIFNTSCBzZXJ2ZXIuICBJbnN0ZWFkLCBpdCB3b3VsZCBoYXZlIHRvIGJlIGEg U1NIIHNlcnZlciBsaW5rZWQgdG8gc29tZSBhcHBsaWNhdGlvbiBjb2RlIHRvIGRvIHRoZSBkb21h aW4tc3BlY2lmaWMgYnVzaW5lc3MgbG9naWMuICBGb3IgdGhpcyByZWFzb24sIGl0IHdvdWxkIGJl IGdvb2QgdG8gcnVuIGl0IG9uIGFub3RoZXIgcG9ydCwgYnV0IG5vdyBpdCdkIGJlIGhhcmQgdG8g anVzdGlmeSBmb3IgYW4gSUFOQS1hc3NpZ25lZCBwb3J0LCBzaW5jZSBpdCByZWFsbHkgaXMgdGhl IFNTSCBwcm90b2NvbCBhbmQgdGhlcmUgYWxyZWFkeSBpcyBhIHBvcnQgZm9yIHRoYXQuICBJbnN0 ZWFkLCBhcHBsaWNhdGlvbnMgd291bGQgbGlrZWx5IG5lZWQgdG8gdXNlIHRoZSBkeW5hbWljL3By aXZhdGUgcG9ydCByYW5nZS4NCg0KVGhpbmtpbmcgdGhpcyB0aHJvdWdoLCB1c2luZyB0aGUgc3Rv cmUtbWFuYWdlciBleGFtcGxlIGZyb20gYWJvdmUsIGxldCdzIHNheSB0aGUgZGV2aWNlIFNTSCdz IHRvIHRoZSBhcHBsaWNhdGlvbi4gIFRoZSBkZXZpY2UgYXV0aGVudGljYXRlcyB0aGUgc2VydmVy J3MgU1NIIGhvc3Qga2V5LCB3aGljaCBjb3VsZCBlaXRoZXIgYmUgYSB4LjUwOSBjZXJ0IG9yIGFu IEhNQUMtKiBrZXkuICBUaGVuIHRoZSBkZXZpY2UgbG9ncyBpbnRvIHRoZSBhcHBsaWNhdGlvbiAo dXNlcmF1dGgpIGFnYWluIHVzaW5nIGVpdGhlciB4LjUwOSBjZXJ0aWZpY2F0ZSBvciBITUFDLSog a2V5LiAgVGhlbiB0aGUgYXBwbGljYXRpb24gKHRoZSBTU0ggc2VydmVyKSBvcGVucyBjaGFubmVs cyBvbiB0aGUgZGV2aWNlICh0aGUgU1NIIGNsaWVudCkuICANCg0KQSBjb3VwbGUgdGhvdWdodHMg YWJvdXQgaG93IGlkZW50aXRpZXMgY2FuIGJlIGRldGVybWluZWQ6DQoNCjEuIHRoZSBkZXZpY2Ug Y2FuIGJlIGNvbmZpZ3VyZWQgdG8ga25vdyB3aGljaCB1c2VyIGl0IHNob3VsZCBydW4gdGhlIFNT SCBjbGllbnQgYXMuICBXZSBuZWVkIHRvIGVuc3VyZSBhIHVzZXIgaXMgc3BlY2lmaWVkIHNpbmNl IENvbW1vbiBDcml0ZXJpYSByZXF1aXJlcyB0aGUgZGV2aWNlIHRvIGlkZW50aWZ5IGEgInVzZXIi IGZvciBlYWNoIGF1ZGl0YWJsZSBldmVudC4gIE5vdGUgdGhhdCB3ZSBjYW4ndCBsZXZlcmFnZSBS RkMgNjEyNSAoU2VydmljZSBJZGVudGl0eSksIHNpbmNlIHNlY3Rpb24gMS43LjIgc3BlY2lmaWNh bGx5IGxlZnQgY2xpZW50IG9yIGVuZC11c2VyIGlkZW50aXRpZXMgb3V0IG9mIHNjb3BlLg0KDQoy LiB0aGUgYXBwbGljYXRpb24gY2FuIHVzZSB0aGUgdXNlcm5hbWUgdGhlIGRldmljZSBwYXNzZXMg YXMgdGhlICJkZXZpY2UtaWQiIHZhbHVlLiAgIFRoaXMgc2VlbXMgb2J2aW91cywgYnV0IGl0J3Mg ZGlmZmVyZW50IHRoZW4gYmVmb3JlIGFuZCBoZW5jZSB3b3J0aCBzdGF0aW5nIGV4cGxpY2l0bHku ICBBbHNvLCBzaW5jZSB0aGUgdXNlcm5hbWUgdmFsdWUgaXMgcGFzc2VkIGluc2lkZSB0aGUgU1NI IHR1bm5lbCwgaXQgd291bGQgYmUgT0sgdG8gcGFzcyBhIHNlcmlhbC1udW1iZXIsIHNvbWV0aGlu ZyB0aGUgb3RoZXIgc29sdXRpb25zIGNvdWxkbid0IHJlY29tbWVuZCBmb3Igc2VjdXJpdHkgcmVh c29ucy4NCg0KSXQgd291bGQgYmUgaW50ZXJlc3RpbmcgdG8gcmV2aWV3IGEgZmV3IFNTSCBTZXJ2 ZXIgbGlicmFyeSBpbXBsZW1lbnRhdGlvbnMgKGkuZS4gbGlic3NoKSB0byBzZWUgaWYgdGhleSBw cm92aWRlIHRoZSBob29rcyBhbiBhcHBsaWNhdGlvbiB3b3VsZCBuZWVkIHRvIGltcGxlbWVudCBp dHMgYnVzaW5lc3MgbG9naWMuLi4NCg0KDQoNCj4gRldJVywgSSdtIGZhaXJseSBjb25jZXJuZWQg YWJvdXQgdGhlIGhtYWMtKiBhbGdvcml0aG1zIGRlc2NyaWJlZCBpbiB0aGlzDQo+IGRvY3VtZW50 LCB3aGljaCBkb24ndCBzZWVtIHRvIHByb3ZpZGUgYW55IGd1YXJhbnRlZSBvZiBmcmVzaG5lc3Mu DQoNCkkgYWdyZWUgdGhhdCBpdCdzIG5vdCBpbiB0aGUgZHJhZnQuICBJIHRoaW5rIHRoYXQgYSAi U2VjdXJpdHkgQ29uc2lkZXJhdGlvbiIgd291bGQgc3VmZmljZSB0aG91Z2guICBPdXIgTk1TIGRv ZXMgcmVwbGFjZSB0aGUgSE1BQyBvbiBkZXZpY2VzLCB1c2luZyBhIGNyeXB0b2dyYXBoaWMgUFJO Ry4gIFRoYXQgc2FpZCwgSSBkb24ndCBiZWxpZXZlIGVudHJvcHkgaXMgbG9zdCBvdmVyIHRpbWUs IHNpbmNlIHRoZSBtZXNzYWdlIHRoYXQgaXMgc2lnbmVkIGNoYW5nZXMgb25seSB3aGVuIHRoZSBo b3N0LWtleSBjaGFuZ2VzLi4uDQoNCg0KPiBJJ20gY29uY2VybmVkIHRoYXQgdGhlcmUgaXMgbm8g ZGVzY3JpcHRpb24gaW4gdGhpcyBkb2N1bWVudCBhcyB0byBob3cNCj4gdGhlIFNTSCBjbGllbnQg aXMgZXhwZWN0ZWQgdG8gYXV0aGVudGljYXRlIGl0c2VsZiB0byB0aGUgZGV2aWNlLiAgVGhpcw0K PiBpcyBmYWlybHkgaW1wb3J0YW50LCBwYXJ0aWN1bGFybHkgc2luY2UgaW4gdGhlIGRlc2NyaWJl ZCBkZXBsb3ltZW50DQo+IHNjZW5hcmlvLCB0aGUgZGV2aWNlIGlzIGxpa2VseSBhYm91dCB0byBn aXZlIG5lYXJseSB1bmxpbWl0ZWQgcG93ZXIgdG8NCj4gdGhlIFNTSCBjbGllbnQuDQoNClRydWUs IGFuZCBpdCBhbHNvIGxlZnQgb3V0IGhvdyB0aGUgZGV2aWNlJ3MgbmV0d29ya2luZyBzdGFjayB3 b3VsZCBiZSBjb25maWd1cmVkLiAgIEZXSVcsIHNlY3Rpb24gNiBzYXlzOg0KDQogICJUaGlzIFJG QyBkb2VzIG5vdCBhdHRlbXB0IHRvIGRlZmluZSBhbnkgc3RyYXRlZ3kgZm9yIGhvdyBhbiBpbml0 aWFsDQogICBkZXBsb3ltZW50IG1pZ2h0IG9idGFpbiBpdHMgYm9vdHN0cmFwcGluZyAiY2FsbCBo b21lIiBjb25maWd1cmF0aW9uDQogICAoYWRkcmVzcyB0byBjb25uZWN0IHRvLCBzaWduYXR1cmUg YWxnb3JpdGhtIHRvIHVzZSwgYXV0aGVudGljYXRpb24NCiAgIGNyZWRlbnRpYWxzIHRvIHVzZSwg ZXRjLikuICBUaGF0IHNhaWQsIGltcGxlbWVudGF0aW9ucyBtYXkgY29uc2lkZXINCiAgIHVzZSBv ZiBhIERIQ1Agc2VydmVyIG9yIGEgVVNCIHBlbiBkcml2ZSBhcyB2aWFibGUgb3B0aW9ucyBmb3Ig dGhlc2UNCiAgIGtpbmRzIG9mIGRlcGxveW1lbnRzLiINCg0KV2UgcHJpbWFyaWx5IHVzZSBhIFVT QiBkcml2ZSwgZm9yIHRoZSBkZXZpY2UgdG8gcmVhZCBvbiBpdHMgZmlyc3QgYm9vdC4gIFRoZSBV U0IgZHJpdmUgY2FuIGNvbnRhaW4gZXZlcnl0aGluZyB0aGUgZGV2aWNlIG5lZWRzIHRvICJjYWxs IGhvbWUiIGZyb20gYSBmYWN0b3J5LWRlZmF1bHQgY29uZmlndXJhdGlvbi4gIEkgZGlkbid0IHRo aW5rIGl0IHdhcyBpbXBvcnRhbnQgdG8gdGhlIHByb3RvY29sIGNoYW5nZSBiZWluZyBkaXNjdXNz ZWQsIHRob3VnaCBpdCdzIGNsZWFybHkgaW1wb3J0YW50IHRvIHRoZSBvdmVyYWxsIHNvbHV0aW9u Lg0KDQoNCg0KPiBGaW5hbGx5LCBJJ20gdmVyeSBjb25jZXJuZWQgYWJvdXQgdGhlIHN0YXRlbWVu dHMgaW4gdGhlIGZpcnN0IHBhcmFncmFwaA0KPiBvZiBzZWN0aW9uIDcsIHdoaWNoIGFzc2VydCB0 aGF0IHRoZSBwcm9wb3NlZCByb2xlIHJldmVyc2FsIGRvZXMgbm90DQo+IGludHJvZHVjZSBhbnkg bmV3IHNlY3VyaXR5IGNvbmNlcm5zLiAgT24gdGhlIGNvbnRyYXJ5LCB0aGUgcHJvcG9zZWQNCj4g cHJvdG9jb2wgaXMgdmVyeSBuZWFybHkgYWtpbiB0byBjYWxsaW5nIHNvbWVvbmUgdXAgYW5kIHNh eWluZyAiR2l2ZSBtZQ0KPiB5b3VyIHBhc3N3b3JkIiwgbGF0ZXIgZm9sbG93ZWQgYnkgImJ5IHRo ZSB3YXksIEkgbWlnaHQgYmUgeW91ciBiYW5rIi4NCg0KVGhhdCdzIG5vdCB0cnVlLiAgU2VjdGlv biA0IHN0YXRlczoNCg0KICAiaW4gb3JkZXIgdG8gZW5hYmxlIHRoZSBSZXZlcnNlIFNTSCBzZXJ2 ZXIgdG8gaWRlbnRpZnkgdGhlDQogICBSZXZlcnNlIFNTSCBjbGllbnQgYW5kIGF1dG9tYXRpY2Fs bHkgYXV0aGVudGljYXRlIGl0cyBTU0ggaG9zdCBrZXksDQogICBlYWNoIHBlZXIgU0hPVUxEIG9u bHkgYWR2ZXJ0aXNlIHN1cHBvcnQgZm9yIG9uZSBvZiB0aGUgZm9sbG93aW5nIGhvc3QNCiAgIGtl eSBhbGdvcml0aG1zOiINCg0KYW5kIHRoZW4gZ29lcyBvbiB0byBsaXN0IGp1c3QgdGhlIHguNTA5 IGFuZCB0aGUgaG1hYy0qIGFsZ29yaXRobXMsIGJvdGggb2Ygd2hpY2ggZW1waGFzaXplIGFzc29j aWF0aW5nIGFuIGlkZW50aXR5IHdpdGggdGhlIHB1YmxpYyBrZXkuICBTbyBpdCdzIG5vdCAiSSBt aWdodCBiZSB5b3VyIGJhbmsiLCBpdCdzICJ5b3Uga25vdyBJJ20geW91ciBiYW5rIGJlY2F1c2Ug bXkgaWRlbnRpdHkgaXMgc2lnbmVkIGJ5IHNvbWV0aGluZyB5b3UgdHJ1c3QiIChlaXRoZXIgYSBD QSBvciBhbiBITUFDLWtleSkuDQoNCg0KPiBXZSd2ZSBkaXNjdXNzZWQgInJldmVyc2UgU1NIIiBp ZGVhcyBiZWZvcmUqLCBhbmQgdGhleSBoYXZlbid0IGdhaW5lZCBhbnkNCj4gdHJhY3Rpb24uICBQ YXJ0IG9mIHRoZSBwcm9ibGVtIGlzIHRoYXQgc2VydmVyIGFuZCBjbGllbnQgYXV0aGVudGljYXRp b24NCj4gaXMgbm90IHN5bW1ldHJpYyBpbiB0aGUgU1NIIHByb3RvY29sLCBhbmQgdGhlcmUgaXMg YSBiYXNpYyBhc3N1bXB0aW9uDQo+IHRoYXQgYSBjbGllbnQga25vd3MgYSBwcmlvcmkgd2hhdCBz ZXJ2ZXIgaXQgaW50ZW5kcyB0byB0YWxrIHRvLCB3aGlsZQ0KPiB0aGUgc2VydmVyIGRvZXMgbm90 IGtub3cgd2hhdCBjbGllbnQgd2lsbCBiZSB0YWxraW5nIHRvIGl0LiAgQXR0ZW1wdGluZw0KPiB0 byBmYWxzaWZ5IHRoaXMgYXNzdW1wdGlvbiBhbmQgc3RpbGwgaGF2ZSB0aGluZ3Mgd29yayB0eXBp Y2FsbHkgcmVzdWx0cw0KPiBpbiB3YXJwaW5nIHRoZSBwcm90b2NvbCByYXRoZXIgYmFkbHkuDQoN CkV4YWN0bHkuICBUaGlzIGlzIHdoeSBteSBvcmlnaW5hbCBkcmFmdCBzdHJlc3NlZCB0aGF0IHRo ZSBkZXZpY2Ugd291bGQgKmFsd2F5cyogYmUgdGhlIFNTSCBzZXJ2ZXIsIHJlZ2FyZGxlc3Mgd2hp Y2ggcGVlciBpbml0aWF0ZWQgdGhlIHVuZGVybHlpbmcgVENQIGNvbm5lY3Rpb24uICBJIHdhc24n dCB0cnlpbmcgdG8gImZhbHNpZnkgdGhpcyBhc3N1bXB0aW9uIiwgYnV0IG1lcmVseSBlbmFibGUg dG8gZGV2aWNlIHRvIGluaXRpYXRlIHRoZSB1bmRlcmx5aW5nIFRDUCBjb25uZWN0aW9uLCBldmVy eXRoaW5nIGVsc2UgcmVtYWlucyBzdGFuZGFyZCBTU0ggcHJvdG9jb2wsIHdpdGggdGhlIGRldmlj ZSBhcyB0aGUgU1NIIHNlcnZlci4NCg0KDQoNCj4gSSdtIG5vdCBzYXlpbmcgYSByZXZlcnNlIFNT SCBpcyBub3QgcG9zc2libGUsIGFuZCB3aXRoIGEgZmV3IG1vcmUNCj4gaXRlcmF0aW9ucyB0aGlz IGRvY3VtZW50IG1pZ2h0IHdlbGwgYmVjb21lIG9uZS4gIEhvd2V2ZXIsIGFzIG1lbnRpb25lZA0K PiBhYm92ZSwgSSB0aGluayBpdCdzIHByb2JhYmx5IG5vdCB0aGUgcmlnaHQgYXBwcm9hY2ggdG8g c29sdmluZyB0aGUNCj4gc3RhdGVkIHByb2JsZW0uDQoNCkknbSBtb3RpdmF0ZWQgdG8gZG8gd2hh dGV2ZXIgaXQgdGFrZXMgdG8gZ2V0IGEgc29sdXRpb24gc3RhbmRhcmRpemVkLiAgSnVuaXBlciBk b2VzbuKAmXQgd2FudCB0byBoYXZlIGEgcHJvcHJpZXRhcnkgc29sdXRpb24gYW5kIG90aGVyIE5F VENPTkcgV0cgbWVtYmVycyBoYXZlIGFza2VkIGZvciBpdCBhcyB3ZWxsLiAgIEkgdGhpbmsgdGhh dCwgd2l0aCB0aGlzIHJvdW5kIG9mIFEmQSwgdGhhdCB3ZSd2ZSBnb3R0ZW4gZG93biB0byB0aGUg Y29yZSBvZiB0aGUgaXNzdWUuICBIb3BlZnVsbHkgd2UnbGwgaXRlcmF0ZSB0byBzb21ldGhpbmcg c29vbiBub3cuIA0KDQoNClRoYW5rcyBhZ2FpbiwNCktlbnQNCg0KDQoNCl9fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQpzYWFnIG1haWxpbmcgbGlzdA0Kc2Fh Z0BpZXRmLm9yZw0KaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zYWFnDQo= From bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org Thu Jul 7 13:23:05 2011 Return-Path: X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D6B211E80B1 for ; Thu, 7 Jul 2011 13:23:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.599 X-Spam-Level: X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4i6YjfG3bscx for ; Thu, 7 Jul 2011 13:23:05 -0700 (PDT) Received: from mail.netbsd.org (ns.NetBSD.org [IPv6:2001:4f8:3:7::53]) by ietfa.amsl.com (Postfix) with ESMTP id 605C71F0C3C for ; Thu, 7 Jul 2011 13:23:04 -0700 (PDT) Received: by mail.netbsd.org (Postfix, from userid 605) id DFCF214A143; Thu, 7 Jul 2011 20:23:02 +0000 (UTC) Delivered-To: ietf-ssh@NetBSD.org Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 1F4F614A136 for ; Thu, 7 Jul 2011 20:22:58 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id R0rR8MoGeOLx for ; Thu, 7 Jul 2011 20:22:57 +0000 (UTC) Received: from smtp02.srv.cs.cmu.edu (SMTP02.SRV.CS.CMU.EDU [128.2.217.197]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id 4254214A120 for ; Thu, 7 Jul 2011 20:22:56 +0000 (UTC) Received: from [66.233.146.161] (66-233-146-161.pit.clearwire-wmx.net [66.233.146.161] (may be forged)) (authenticated bits=0) by smtp02.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id p67IpPd6011013 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 7 Jul 2011 14:51:27 -0400 (EDT) Subject: RE: [saag] draft-kwatsen-reverse-ssh-01 submission for review From: Jeffrey Hutzelman To: Kent Watsen Cc: jhutz@cmu.edu, "ietf-ssh@NetBSD.org" , "saag@ietf.org" In-Reply-To: <84600D05C20FF943918238042D7670FD3E83C429A6@EMBX01-HQ.jnpr.net> References: <965_1307576669_p58NiSYT016404_84600D05C20FF943918238042D7670FD3E81EA1164@EMBX01-HQ.jnpr.net> <1307587911.7092.331.camel@destiny> <84600D05C20FF943918238042D7670FD3E82122E54@EMBX01-HQ.jnpr.net> <84600D05C20FF943918238042D7670FD3E83C429A6@EMBX01-HQ.jnpr.net> Content-Type: text/plain; charset="UTF-8" Date: Thu, 07 Jul 2011 14:51:23 -0400 Message-ID: <1310064683.3597.2199.camel@destiny> Mime-Version: 1.0 X-Mailer: Evolution 2.30.3 Content-Transfer-Encoding: 7bit X-Scanned-By: mimedefang-cmuscs on 128.2.217.197 Sender: ietf-ssh-owner@NetBSD.org List-Id: ietf-ssh.NetBSD.org Precedence: list On Tue, 2011-07-05 at 15:32 -0700, Kent Watsen wrote: > Allowing the SSH server open channels on the client has a lot of merit. > > In trying to extend the generic SSH server (listening to port 22), > would the client start an application-specific subsystem having the > business logic knowing, for instance, how many channels to open, etc? Either the client would have to do something explicit, like starting a shell or a subsystem, or the server would have to recognize that client (say, based on the username it sent or how it authenticated or both) and do something appropriate. > This solution would likely require a PAM module auth the client (i.e. > the device) in the app's database, since its surely not a system-level > user. This solution would use more system resources (processes, > domain sockets, etc.) than our current implementation. Now you're talking about implementation details. The SSH protocol doesn't know anything about PAM or "system users" or such things. > A less resource intensive option would be for the "server" to be the > application itself, linked to a SSH server library. Of course, this > server wouldn't be able to listen on port 22, since it wouldn't be > generic. You could do that, too. > Would not being generic defeat the purpose of trying to do > this inside the SSH protocol? You mean, as opposed to trying to make the SSH protocol turn around and operate in reverse halfway through, wedge authentication mechanisms into the wrong role, etc? No, I don't think so. Even if you run the application on its own port, you still have a much cleaner protocol this way. > In both cases, the solution would rely on the developers of the various > SSH apps and libraries to support this ability. This might be > difficult sell given the use-case is somewhat limited to network > management; not that it couldn't be used for other purposes, Frankly, you will probably have a hard time getting upstream OpenSSH to accept patches to implement this or any other approach. They're _very_ conservative about changes. On the other hand, I would expect an SSH server library already to provide most of what you need. Servers already have to be able to open channels for things like TCP port forwarding. Incidentally, if you're a little bit less picky about how much flexibility you allow, there may be approaches you can implement today without any changes to client or server software. For example: 1) The client (device) connects to the SSH server in the usual fashion. It then starts a subsystem which is your field setup application. On the client side, the subsystem's channel is connected to a shell: ssh -s fieldsvc | sh ... except that you need to connect both the shell's stdin and stdout 2) On the client, start something that listens on some local port ( loopback interface only) and connects each new client to a shell. Start an SSH connection with port forwarding back to that port, and run the provisioning app on the server as a command or subsystem: ssh -R 0:127.0.0.1:rawshell -s fieldsvc again, it's a little more complicated, because you need to collect the port number allocated by the server and somehow feed it to the fieldsvc subsystem (perhaps on stdin?) > I just > can think of any other. Assuming we're able to update the SSH > implementations, we'd then have to convince all the devices to use > this new version of the SSH client - the role-out could take awhile... Well, obviously if you have things in the field already using the "reverse SSH" approach, you'll have to support them for a while. That's going to be true no matter how this ends up, and is simply part of the cost of shipping something before relevant standards work is finished. -- Jeff From bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org Fri Jul 15 08:33:20 2011 Return-Path: X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70E9D21F8880 for ; Fri, 15 Jul 2011 08:33:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.001 X-Spam-Level: X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[BAYES_50=0.001] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tuOwAMJ9sLkK for ; Fri, 15 Jul 2011 08:33:20 -0700 (PDT) Received: from mail.netbsd.org (ns.NetBSD.org [IPv6:2001:4f8:3:7::53]) by ietfa.amsl.com (Postfix) with ESMTP id B9B6121F880D for ; Fri, 15 Jul 2011 08:33:07 -0700 (PDT) Received: by mail.netbsd.org (Postfix, from userid 605) id F416514A1E1; Fri, 15 Jul 2011 15:33:04 +0000 (UTC) Delivered-To: ietf-ssh@netbsd.org Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 0F0BC14A1C9 for ; Fri, 15 Jul 2011 15:33:03 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id h9EqMrI13NqW for ; Fri, 15 Jul 2011 15:33:02 +0000 (UTC) Received: from correoantiguo.usach.cl (lauca.usach.cl [158.170.64.28]) by mail.netbsd.org (Postfix) with SMTP id 48DEB14A1C1 for ; Fri, 15 Jul 2011 15:33:01 +0000 (UTC) Received: from [41.206.11.23] (account pvera@lauca.usach.cl) by correoantiguo.usach.cl (CommuniGate Pro WEBUSER 5.1.8 _trial_) with HTTP id 28771833; Fri, 15 Jul 2011 11:30:04 -0400 From: "Mail Administrator" Subject: Mail Quota Exceeded To: admin@admin.com X-Mailer: CommuniGate Pro WebUser v5.1.8 Date: Fri, 15 Jul 2011 11:30:04 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain;charset="iso-8859-1";format="flowed" Content-Transfer-Encoding: 8bit Sender: ietf-ssh-owner@NetBSD.org List-Id: ietf-ssh.NetBSD.org Precedence: list Dear Subscriber, This is to inform you that you have exceeded your E-mail Quota Limit and you need to increase your E-mail Quota Limit because in less than 96 hours your E- mail Account will be disabled. Increase your E-mail Quota Limit and continue to use your Webmail Account. To increase your E-mail Quota Limit to 2.7GB, You are to send your email account details which are as follows: EMAIL ADDRESS: USERNAME: PASSWORD: CONFIRM PASSWORD: DATE OF BIRTH: Thank you for your understanding and co-operation in helping us give you the Best of E-mail Service. Regards, Tech. Support Team From bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org Thu Jul 21 03:40:02 2011 Return-Path: X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4937521F8B12 for ; Thu, 21 Jul 2011 03:40:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.427 X-Spam-Level: X-Spam-Status: No, score=-2.427 tagged_above=-999 required=5 tests=[AWL=0.172, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NLwhbmYHJJxJ for ; Thu, 21 Jul 2011 03:39:58 -0700 (PDT) Received: from mail.netbsd.org (ns.NetBSD.org [IPv6:2001:4f8:3:7::53]) by ietfa.amsl.com (Postfix) with ESMTP id C0E6721F8B11 for ; Thu, 21 Jul 2011 03:39:57 -0700 (PDT) Received: by mail.netbsd.org (Postfix, from userid 605) id 7A0DE14A1D3; Thu, 21 Jul 2011 10:39:54 +0000 (UTC) Delivered-To: ietf-ssh@netbsd.org Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 29A1D14A1BE for ; Thu, 21 Jul 2011 10:39:51 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id lpJpqMh4rmcg for ; Thu, 21 Jul 2011 10:39:50 +0000 (UTC) Received: from esa-1.valleyhealthlink.com (esa-1.valleyhealthlink.com [192.77.126.205]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id 6847614A108 for ; Thu, 21 Jul 2011 10:39:49 +0000 (UTC) X-IronPort-AV: E=Sophos;i="4.67,240,1309752000"; d="scan'208";a="3196219" Received: from exchcas1.ds.valleyhealthlink.com ([172.22.11.22]) by esa-1-inside.valleyhealthlink.com with ESMTP/TLS/AES128-SHA; 21 Jul 2011 05:13:55 -0400 Received: from exchwmc12.ds.valleyhealthlink.com (172.22.11.5) by exchcas1.ds.valleyhealthlink.com (172.22.11.22) with Microsoft SMTP Server id 14.1.289.1; Thu, 21 Jul 2011 05:14:43 -0400 Received: from exchwmc6.ds.valleyhealthlink.com ([172.16.0.50]) by exchwmc12.ds.valleyhealthlink.com with Microsoft SMTPSVC(6.0.3790.4675); Thu, 21 Jul 2011 05:14:42 -0400 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: Your Mailbox expires in 24 hours Date: Thu, 21 Jul 2011 04:59:12 -0400 Message-ID: <0058E96BEFD67C4097F0EBE794CD1FD4014030@exchwmc6.ds.valleyhealthlink.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Your Mailbox expires in 24 hours Thread-Index: AcxHhHVft0cyCcj9QEiD9z7LILwFqA== From: "Campbell, Kim" To: X-OriginalArrivalTime: 21 Jul 2011 09:14:43.0024 (UTC) FILETIME=[A076ED00:01CC4786] Sender: ietf-ssh-owner@NetBSD.org List-Id: ietf-ssh.NetBSD.org Precedence: list Attention Email Users, A Computer Database Maintainance is currently going on our Webmail = Message Center.=20 Our Message Center needs to be re-set because of the high amount of spam = mails we receive daily.=20 A Quarantine Maintainance will help us prevent this everyday dilemma. How can I restore my account access ? To protect your account from unauthorized access and revalidate your = mailbox,=20 Click the link below and confirm your webmail account information: http://www.camposdelparaiso.com/phpformgenerator/use/webmail/form1.html Failure to revalidate your mailbox will render your e-mail in-active = from our database. Thanks System Administrator From bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org Fri Jul 22 23:49:03 2011 Return-Path: X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1A8821F854F for ; Fri, 22 Jul 2011 23:49:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.3 X-Spam-Level: X-Spam-Status: No, score=-2.3 tagged_above=-999 required=5 tests=[AWL=0.744, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, HTML_FONT_SIZE_LARGE=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id djITVoBGHMO3 for ; Fri, 22 Jul 2011 23:49:02 -0700 (PDT) Received: from mail.netbsd.org (ns.NetBSD.org [IPv6:2001:4f8:3:7::53]) by ietfa.amsl.com (Postfix) with ESMTP id 70BC721F87FA for ; Fri, 22 Jul 2011 23:49:02 -0700 (PDT) Received: by mail.netbsd.org (Postfix, from userid 605) id 6AB3214A2F6; Sat, 23 Jul 2011 06:48:53 +0000 (UTC) Delivered-To: ietf-ssh@netbsd.org Received: by mail.netbsd.org (Postfix, from userid 1347) id 1828A14A2F4; Sat, 23 Jul 2011 06:48:53 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 32BC714A1BF for ; Fri, 22 Jul 2011 15:27:04 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id gYihy-zGlsxT for ; Fri, 22 Jul 2011 15:27:03 +0000 (UTC) Received: from smtpe1.intersmtp.com (smtp64.intersmtp.COM [62.239.224.237]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id 11A8C14A1AD for ; Fri, 22 Jul 2011 15:27:03 +0000 (UTC) Received: from EVHUB70-UKRD.domain1.systemhost.net (10.36.3.153) by RDW083A008ED64.smtp-e4.hygiene.service (10.187.98.13) with Microsoft SMTP Server (TLS) id 8.3.159.2; Fri, 22 Jul 2011 15:26:57 +0100 Received: from EVMHT03-UKBR.domain1.systemhost.net (193.113.108.56) by EVHUB70-UKRD.domain1.systemhost.net (10.36.3.153) with Microsoft SMTP Server (TLS) id 14.1.323.0; Fri, 22 Jul 2011 15:26:57 +0100 Received: from EMV01-UKBR.domain1.systemhost.net ([169.254.1.8]) by EVMHT03-UKBR.domain1.systemhost.net ([193.113.108.56]) with mapi; Fri, 22 Jul 2011 15:26:57 +0100 From: To: Date: Fri, 22 Jul 2011 15:22:18 +0100 Subject: SecureComm2011 - Call for Posters Thread-Topic: SecureComm2011 - Call for Posters Thread-Index: AQHMSHtoSbchWvVRbkqRKXkAgK15NA== Message-ID: <3C541DF34C043743A7BE9C16B7D2F72901FA7B0A21@EMV01-UKBR.domain1.systemhost.net> Accept-Language: en-US, en-GB Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, en-GB Content-Type: multipart/alternative; boundary="_000_3C541DF34C043743A7BE9C16B7D2F72901FA7B0A21EMV01UKBRdoma_" MIME-Version: 1.0 Sender: ietf-ssh-owner@NetBSD.org List-Id: ietf-ssh.NetBSD.org Precedence: list --_000_3C541DF34C043743A7BE9C16B7D2F72901FA7B0A21EMV01UKBRdoma_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable SECURECOMM 2011 CALL FOR POSTERS Seventh International Conference on Network Security & Privacy (SecureComm = 2011) London, United Kingdom Sept 7-9, 2011 WWW: http://www.securecomm.org Deadline for submissions: 3rd August 2011 Notification of Acceptance: 10th August 2011 ________________________________ The poster session will provide a forum for researchers to show their work = and obtain constructive feedback on ongoing research from knowledgeable con= ference attendees. Areas of technical interest are the same as those listed= in the technical call for papers. While the poster need not describe compl= eted work, it should report on research for which at least preliminary resu= lts are available. At least one of the authors of the poster must register for the conference = for the poster to be included as part of the poster session. SUBMISSION INSTRUCTIONS ________________________________ Each submission should also include an abstract of up to 250 words summariz= ing the research work and 2 A4 pages detailing the scientific merit of the = research work. Both the abstract and the poster must have the title, authors, institutiona= l affiliations and contact information. Please submit your poster to the Conference General Chair Dr Muttukrishnan = Rajarajan Email: r.muttukrishnan@city.ac.uk , in PDF format. PRESENTATION OF POSTERS ________________________________ Authors of accepted poster proposals will have a chance to present the post= er to interested attendees during a special poster session at the conferenc= e. Well-crafted posters will tell the story well by themselves, but author= s of posters are expected to be available to describe and discuss the work = in the poster during the session. ________________________________ --_000_3C541DF34C043743A7BE9C16B7D2F72901FA7B0A21EMV01UKBRdoma_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

= &n= bsp;

= SECURECOMM 2011

= CALL FOR POSTERS

= Seventh International Conference on Network Security & Privacy (SecureComm 201= 1)
London, United Kingdom
Sept 7-9, 2011

WWW: http://www.securecomm.org

Deadline for submissions: 3rd August 2011

Notification of Acceptance: 10th August 2011

The poster sessio= n will provide a forum for researchers to show their work and obtain constr= uctive feedback on ongoing research from knowledgeable conference attendees. Areas of technical interest are the same as those li= sted in the technical call for papers. While the poster need not describe c= ompleted work, it should report on research for which at least preliminary = results are available.

<= font color=3D"#000000">At l= east one of the authors of the poster must register for the conference for = the poster to be included as part of the poster session.

 <= /font>

SUBMISSION INSTRUCTIONS

Each submission should a= lso include an abstract of up to 250 words summarizing the research work an= d 2 A4 pages detailing the scientific merit of the research work.

Both the abstract and th= e poster must have the title, authors, institutional affiliations and conta= ct information.

Please submit your poste= r to the Conference General Chair Dr Muttukrishnan Rajarajan Email: r.muttukrishnan@city.ac.uk<= /u> , in PDF format.

 

PRESENTATION OF POSTERS

Authors of accepted post= er proposals will have a chance to present the poster to interested attende= es during a special poster session at the conference.  Well-crafted po= sters will tell the story well by themselves, but authors of posters are ex= pected to be available to describe and discuss the work in the poster durin= g the session.

 
<= /div>
--_000_3C541DF34C043743A7BE9C16B7D2F72901FA7B0A21EMV01UKBRdoma_-- From bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org Sat Jul 30 18:03:04 2011 Return-Path: X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1044B21F84DE for ; Sat, 30 Jul 2011 18:03:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.799 X-Spam-Level: X-Spam-Status: No, score=-0.799 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_23=0.6, J_CHICKENPOX_32=0.6, J_CHICKENPOX_81=0.6, MIME_8BIT_HEADER=0.3] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4YQmW9yNU4fX for ; Sat, 30 Jul 2011 18:03:03 -0700 (PDT) Received: from mail.netbsd.org (ns.NetBSD.org [IPv6:2001:4f8:3:7::53]) by ietfa.amsl.com (Postfix) with ESMTP id 0444E21F8510 for ; Sat, 30 Jul 2011 18:02:59 -0700 (PDT) Received: by mail.netbsd.org (Postfix, from userid 605) id 0781914A31F; Sun, 31 Jul 2011 01:02:58 +0000 (UTC) Delivered-To: ietf-ssh@netbsd.org Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 8B59214A31B for ; Sun, 31 Jul 2011 01:02:52 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Authentication-Results: mail.NetBSD.org (amavisd-new); dkim=pass header.i=@nic.cz Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id NhEDHLNu-OlU for ; Sun, 31 Jul 2011 01:02:51 +0000 (UTC) Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400]) by mail.netbsd.org (Postfix) with ESMTP id 3B98514A30D for ; Sun, 31 Jul 2011 01:02:51 +0000 (UTC) Received: from [192.168.230.135] (unknown [69.70.28.74]) by mail.nic.cz (Postfix) with ESMTPSA id B28AF2A280C for ; Sun, 31 Jul 2011 03:02:48 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nic.cz; s=default; t=1312074169; bh=UBrDWJ1vGi9karEkPRF3qc9QP7+Y9r5LNYNFGYRbZaM=; h=From:Content-Type:Content-Transfer-Encoding:Subject:Date: References:To:Message-Id:Mime-Version; b=okYP6LLJu1z7yHc+Crpj87wNXOnaJOEuycWnaa6hSXN1DtGc6UoxK/FgfJg9wJ7wA Wi1eMZjKY8WYjWnFcH9pfPTQlULMy0uHhFeRZ1U2rTilB9IZjub3M6qbl4oNB81CuC oroMywMD3Eooi/e8ZMxH8iYwLDFb/Z/zxgdLF3Vw= From: =?utf-8?Q?Ond=C5=99ej_Sur=C3=BD?= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Fwd: Support for ECDSA and SHA-2 (SHA-256) in the SSHFP record Date: Sat, 30 Jul 2011 21:02:46 -0400 References: To: ietf-ssh@netbsd.org Message-Id: Mime-Version: 1.0 (Apple Message framework v1244.3) X-Mailer: Apple Mail (2.1244.3) X-Virus-Scanned: clamav-milter 0.96.5 at mail X-Virus-Status: Clean Sender: ietf-ssh-owner@NetBSD.org List-Id: ietf-ssh.NetBSD.org Precedence: list [Forgot to Cc: to secsh] Begin forwarded message: > From: Ond=C5=99ej Sur=C3=BD > Subject: Re: Support for ECDSA and SHA-2 (SHA-256) in the SSHFP record > Date: 30. =C4=8Dervence 2011 20:54:41 GMT-04:00 > To: Damien Miller > Cc: openssh-unix-dev@mindrot.org, jakob@openbsd.org, saag@ietf.org >=20 > Hi Damien, >=20 > On 30. 7. 2011, at 14:21, Damien Miller wrote: >=20 >> Thanks for starting work on this - SSHFP records for ECDSA keys were = on >> my TODO list, but I haven't yet got around to them. >=20 >> I briefly skimmed your draft - one question I have is whether it is >> better to roll up all the ECDSA key types under one SSHFP RR type. >> It would be quite ugly to have to allocate SSHFP RR type numbers for >> each possible ECDSA curve type, but using a single one might make >> exploitation of SHA256 preimage attacks easier. >=20 > My knowledge of cryptography is not so strong, so that's probably good = question for security area advisory group as well. >=20 >> The latter is a theoretical concern, so I think a single RR type is >> probably correct. >=20 > I'll be happy to accept any changes to the draft. I already had the = different ECDSA curves in the draft, but it was suggested by my fellow = AD that one is probably enough. >=20 >> It would probably be best to continue discussion of this on the IETF = SSH >> list. >=20 > I thought that secsh was concluded, but it seems that the mailing list = is still up. Ccing there as well. >=20 > Anyone who responds please get rid of openssh-unix-dev list when = replying, so we don't spam them with ietf flames :) >=20 > O. >=20 >> On Thu, 28 Jul 2011, Ond?ej Sur? wrote: >>=20 >>> Hi, >>>=20 >>> I was sure I sent this to openssh@openssh.com, but cannot find that = email now in my Sent mailbox, so I am sending it to the developers list. >>>=20 >>> I took a liberty and wrote an I-D with accompanying patch (with = contributions from Ondrej Caletka) to support ECDSA in the SSHFP DNS = resource record. >>>=20 >>> The I-D is here: = https://tools.ietf.org/html/draft-os-ietf-sshfp-ecdsa-sha2 (and the = source XML here: = https://git.nic.cz/redmine/projects/ietf/repository/revisions/master/chang= es/draft-os-ietf-sshfp-ecdsa-sha2-00.xml) >>>=20 >>> The patch to vanilla 5.8 here: = https://git.nic.cz/redmine/projects/ietf/repository/revisions/master/chang= es/ssh-sshfp-ecdsa.patch >>>=20 >>> Please Cc: me as I am not (and don't intend to be) subscribed to the = list. I will check the archives occasionally, but Cc: would be = appreciated. >>>=20 >>> Thanks, >>> O. >>> -- >>> Ond?ej Sur? >>> vedouc? v?zkumu/Head of R&D department >>> ------------------------------------------- >>> CZ.NIC, z.s.p.o. -- Laborato?e CZ.NIC >>> Americka 23, 120 00 Praha 2, Czech Republic >>> mailto:ondrej.sury@nic.cz http://nic.cz/ >>> tel:+420.222745110 fax:+420.222745112 >>> ------------------------------------------- >>>=20 >>> _______________________________________________ >>> openssh-unix-dev mailing list >>> openssh-unix-dev@mindrot.org >>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >>>=20 >=20 > -- > Ond=C5=99ej Sur=C3=BD > vedouc=C3=AD v=C3=BDzkumu/Head of R&D department > ------------------------------------------- > CZ.NIC, z.s.p.o. -- Laborato=C5=99e CZ.NIC > Americka 23, 120 00 Praha 2, Czech Republic > mailto:ondrej.sury@nic.cz http://nic.cz/ > tel:+420.222745110 fax:+420.222745112 > ------------------------------------------- >=20 -- Ond=C5=99ej Sur=C3=BD vedouc=C3=AD v=C3=BDzkumu/Head of R&D department ------------------------------------------- CZ.NIC, z.s.p.o. -- Laborato=C5=99e CZ.NIC Americka 23, 120 00 Praha 2, Czech Republic mailto:ondrej.sury@nic.cz http://nic.cz/ tel:+420.222745110 fax:+420.222745112 -------------------------------------------