From owner-ietf-ssh@clinet.fi  Sun Dec 14 01:41:59 1997
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from ssh.fi (muuri.ssh.fi [192.168.2.254])
	by pilari.ssh.fi (8.8.8/8.8.8/EPIPE-1.10) with ESMTP id BAA21505;
	Sun, 14 Dec 1997 01:41:57 +0200 (EET)
Received: from lohi.clinet.fi (majordom@lohi.clinet.fi [194.100.0.7])
	by ssh.fi (8.8.8/8.8.8/EPIPE-1.13) with ESMTP id BAA18414;
	Sun, 14 Dec 1997 01:41:55 +0200 (EET)
Received: (from majordom@localhost)
	by lohi.clinet.fi (8.8.8/8.8.6) id BAA22250
	for ietf-ssh-outgoing; Sun, 14 Dec 1997 01:33:59 +0200 (EET)
Received: from jekyll.piermont.com (jekyll.piermont.com [206.1.51.15])
	by lohi.clinet.fi (8.8.8/8.8.6) with ESMTP id BAA22245
	for <ietf-ssh@clinet.fi>; Sun, 14 Dec 1997 01:33:54 +0200 (EET)
Received: from localhost (localhost [[UNIX: localhost]]) by jekyll.piermont.com (8.8.8/8.6.12) with SMTP id SAA18084 for <ietf-ssh@clinet.fi>; Sat, 13 Dec 1997 18:29:49 -0500 (EST)
Message-Id: <199712132329.SAA18084@jekyll.piermont.com>
X-Authentication-Warning: jekyll.piermont.com: localhost [[UNIX: localhost]] didn't use HELO protocol
To: ietf-ssh@clinet.fi
Subject: Last call....
Date: Sat, 13 Dec 1997 18:29:47 -0500
From: "Perry E. Metzger" <perry@piermont.com>
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 473
Lines: 14


Given that the number of comments have settled down and the documents
appear to be near final, it appears to be appropriate to move them
forward. I'm therefore initiating a two week working group last call
ending Monday, December 29, 1997 for the following documents:

  draft-ietf-secsh-architecture-01.txt
  draft-ietf-secsh-transport-03.txt
  draft-ietf-secsh-userauth-03.txt
  draft-ietf-secsh-connect-03.txt

Speak up now if you have issues with the contents.

Perry
From owner-ietf-ssh@clinet.fi  Tue Dec 16 00:46:47 1997
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from ssh.fi (muuri.ssh.fi [192.168.2.254])
	by pilari.ssh.fi (8.8.8/8.8.8/EPIPE-1.10) with ESMTP id AAA12087;
	Tue, 16 Dec 1997 00:46:44 +0200 (EET)
Received: from lohi.clinet.fi (majordom@lohi.clinet.fi [194.100.0.7])
	by ssh.fi (8.8.8/8.8.8/EPIPE-1.13) with ESMTP id AAA25088;
	Tue, 16 Dec 1997 00:46:42 +0200 (EET)
Received: (from majordom@localhost)
	by lohi.clinet.fi (8.8.8/8.8.6) id AAA00928
	for ietf-ssh-outgoing; Tue, 16 Dec 1997 00:44:03 +0200 (EET)
X-Authentication-Warning: lohi.clinet.fi: majordom set sender to owner-ietf-ssh@clinet.fi using -f
Received: from THOR.INNOSOFT.COM (SYSTEM@THOR.INNOSOFT.COM [192.160.253.66])
	by lohi.clinet.fi (8.8.8/8.8.6) with ESMTP id AAA00916
	for <ietf-ssh@clinet.fi>; Tue, 16 Dec 1997 00:43:48 +0200 (EET)
Received: from eleanor.innosoft.com ("port 56587"@ELEANOR.INNOSOFT.COM)
 by INNOSOFT.COM (PMDF V5.1-10 #8694)
 with SMTP id <01IR7FVPMDXG9TD5CT@INNOSOFT.COM> for ietf-ssh@clinet.fi; Mon,
 15 Dec 1997 14:38:52 PST
Date: Mon, 15 Dec 1997 14:41:13 -0800 (PST)
From: Chris Newman <Chris.Newman@INNOSOFT.COM>
Subject: Re: Last call....
In-reply-to: <199712132329.SAA18084@jekyll.piermont.com>
To: IETF Secure Shell list <ietf-ssh@clinet.fi>
Message-id: <Pine.SOL.3.95.971215135349.1617C-100000@eleanor.innosoft.com>
MIME-version: 1.0
Content-type: TEXT/PLAIN; charset=US-ASCII
Originator-Info: login-id=chris; server=thor.innosoft.com
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 2050
Lines: 45

I will summarize the major comments I've previously made on the list which
I don't believe were addressed on the list (I tried double checking and
couldn't find the list archive):

On Sat, 13 Dec 1997, Perry E. Metzger wrote:
>   draft-ietf-secsh-architecture-01.txt

The model for authentication agents needs to be described here or in the
connect protocol spec, or they should be removed from the connect spec and
deferred as a future extension.

>   draft-ietf-secsh-transport-03.txt

Looks great.  I hope you don't mind if I copy parts of this design in some
other protocols with similar requirements.

>   draft-ietf-secsh-userauth-03.txt

This is largely duplicating the services provided by SASL (RFC 2222) 
although it includes some new mechanisms (public key, host based).  I
would rather this was restructured as a SASL profile and mechanisms (which
only requires some minor protocol changes and no functional changes) and
I'd be willing to help do this over the holidays. The advantage to this is
that SSH could leverage new authentication mechanisms designed for other
protocols and vice versa.  I'm really tired of every protocol having its
own custom authentication framework, so every mechanism has to be designed
for every protocol.  If there are "n" TCP-based protocols needing client
connection authentication and "m" mechanisms, this results in an n*m
problem space, whereas using SASL would result in an n+m problem space.

I understand some people in the IETF security community doesn't like SASL,
although nobody has ever given me a satisfactory explaination as to why. 
I still think an n+m specification complexity is superior to an n*m
specification complexity.  I'm quite willing to listen to arguments as to
why I'm wrong.

>   draft-ietf-secsh-connect-03.txt

I do not believe this is designed as a general purpose connection
protocol, but rather as a Unix/Posix connection protocol.  It should
either be generalized (in ways I've previously proposed) or properly
labelled as a Unix/Posix connection protocol.

		- Chris

