From owner-ietf-ssh@clinet.fi  Wed Mar  3 13:24:41 1999
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from ssh.fi (muuri.ssh.fi [192.168.2.254])
	by torni.ssh.fi (8.9.1/8.9.1/EPIPE-1.13) with ESMTP id NAA20014;
	Wed, 3 Mar 1999 13:24:41 +0200 (EET)
Received: from lohi.clinet.fi (majordom@lohi.clinet.fi [194.100.0.7])
	by ssh.fi (8.9.1/8.9.1/EPIPE-1.15) with ESMTP id NAA15001;
	Wed, 3 Mar 1999 13:24:41 +0200 (EET)
Received: (from majordom@localhost)
	by lohi.clinet.fi (8.9.1/8.9.0) id NAA18748
	for ietf-ssh-outgoing; Wed, 3 Mar 1999 13:24:03 +0200 (EET)
X-Authentication-Warning: lohi.clinet.fi: majordom set sender to owner-ietf-ssh@clinet.fi using -f
Received: from portofix.ida.liu.se (portofix.ida.liu.se [130.236.177.25])
	by lohi.clinet.fi (8.9.1/8.9.0) with ESMTP id TAA26180
	for <ietf-ssh@clinet.fi>; Tue, 2 Mar 1999 19:39:48 +0200 (EET)
Received: from mir3 (mir3.ida.liu.se [130.236.176.33])
	by portofix.ida.liu.se (8.8.8/8.8.8) with ESMTP id SAA22013
	for <ietf-ssh@clinet.fi>; Tue, 2 Mar 1999 18:35:53 +0100 (MET)
Received: by mir3 (8.8.8+Sun/ida.slave-V1.0b6d6S2)
	id SAA23108; Tue, 2 Mar 1999 18:35:53 +0100 (MET)
Date: Tue, 2 Mar 1999 18:35:53 +0100 (MET)
Message-Id: <199903021735.SAA23108@mir3>
To: ietf-ssh@clinet.fi
From: Nahid Shahmehri <nahsh@ida.liu.se>
Subject: 1999 WET-ICE Enterprise Security Workshop
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 6241
Lines: 217



Dear Colleague, 

This mail is to remind you of the upcomming deadline for submissions
the Fourth International Workshop on Enterprise Security, to be held
as a part of IEEE WET-ICE '99 on June 16-18, 1999 at Stanford
University, California, USA. Deadline for paper submissions is March
22, 1999.

Electronic submissions are accepted. Please see the workshop web
page http://www.ida.liu.se/conferences/WETICE/SECWK/ for more
details.

Please accept my apologies if you receive this message more than once.

Enclosed is the Call For Papers. Your help in distributing the 
CFP to interested parties would be greatly appreciated.


Sincerely,

Nahid Shahmehri
Program Co-Chair

Dept. of Computer and Information Science 
Linkping University 
SE-581 83 Linkping
Sweden 

-Cut here--------------------------------------------------------------

		     FINAL CALL FOR  PAPERS

	      Submission deadline: March 22, 1999

      Fourth International Workshop on Enterprise Security
		     a WET-ICE '99 workshop
			June 16-18, 1999
	      Stanford University, California, USA

    Sponsored by the IEEE Computer Society and CERC at West
 Virginia University. Hosted by the Center for Design Research,
		      Stanford University.


	    This document is also available in HTML,
		PostScript and PDF formats from

	http://www.ida.liu.se/conferences/WETICE/SECWK/




Enterprises are becoming increasingly dependent on their information
systems to support their business and workflow activities.  There is a
need for universal electronic connectivity to support interaction and
cooperation between multiple organizations. This makes enterprise
security and confidentiality more important but at the same time more
difficult to achieve, as the multiple organizations may have
differences in their security policies and may have to interact via an
insecure Internet.

These inter-organizational enterprise systems may be very large.
Efficient tools, techniques and methodologies are therefore needed to
support the specification, analysis and implementation of security.

This workshop will focus on the problems and challenges relating to
enterprise security in inter-organizational systems. We aim to bring
together principal players from both the internetwork and the
enterprise security community and will provide plenty of time for
discussion.

Topics to be discussed include:
-------------------------------
Internet security:
* Security protocols for the Internet
* The work and efforts of IETF security groups
* Global key infrastructures

Distribution:
* Distributed database security
* Secure transactions
* Inter- and intra-organizational security
* Security of collaborative applications

Secure infrastructures:
* Secure applications and environments
* Object-oriented and CORBA Security
* Secure enterprise infrastructures
* Security algorithms
* Public key infrastructures

Security management:
* Role-based access control
* Enterprise security policies
* Security in workflow processes

The program committee welcomes both papers and panel proposals
covering these topics.  


SUBMISSIONS
-----------

Authors should submit six copies of an original paper (not submitted
or published elsewhere) to one of the Program Co-Chairs. Electronic
submissions are also accepted via the World Wide Web. Instructions
and forms are available at http://mir7.ida.liu.se:8080/SECWK/ .

Submissions should include the title of the paper, the name and
affiliation of each author, a 150-word abstract, and no more than 8
keywords. Submissions should not exceed 3000 words in length.  The
name, position, address, telephone number, and if possible, fax number
and e-mail address of the author responsible for correspondence must
be included.

A representative selection of accepted papers will published in the
workshop post-proceedings. Papers accepted for publication in the
proceedings are limited to six pages (about 2000-2500 words) in IEEE
format (two columns, single spaced, 10pt Times). Authors are strongly
encouraged to adhere to this format also when submitting
papers. Detailed information on the IEEE format (together with some
templates) is available at http://www.computer.org/cspress/instruct.htm 


PANEL PROPOSALS
---------------

Send six copies of panel proposals to the General Chair. Include a
title, a 150-word scope statement, proposed session chair and
panelists and their affiliations, the organizer's affiliation,
address, telephone and fax number, and e-mail address.


GENERAL CHAIR
-------------

Yahya Al-Salqan
Sun Microsystems
901 San Antonio Rd
Palo Alto, CA 94303
USA
E-mail: alsalqan@eng.sun.com


PROGRAM CO-CHAIRS
-----------------

Nahid Shahmehri
Dept. of Computer Science
Linkping University
S-581 83 Linkping
SWEDEN
E-mail: nahsh@ida.liu.se

Mourad Debbabi
Computer Science Department
Laval University
Ste-Foy, Quebec, G1K 7P4
CANADA
E-mail: debabi@ift.ulaval.ca




WORKSHOP PROGRAM COMMITTEE
--------------------------

Dominique Bolignano, INRIA, France
Germano Caronni, ETH-Zentrum, Switzerland
Michael Geva, Java Security Group, USA
Jean Goubault, Gie Dyade, France
Dima Hamad, Birzeit University, West Bank
Douglas Maughan, National Security Agency, USA
Steve Lloyd, Entrust, Canada
Gary McGraw, Reliable Software Technologies Inc., USA
Aravindan Ranganathan, Sun Microsystems, USA
Sumitra Reddy, CERC, West Virginia University, USA
Vipin Samar, Oracle, USA
Bill Soley, Sun Microsystems, USA
Robert Thomys, BSI, Germany
Mark Vandenwauver, K.U. Leuven, Belgium
Wu Wen, NASA Ames Research Center, USA
Tatu Ylnen, SSH Communications Security, Finland
Nick Zhang, Trans Enterprise Technologies Inc., USA
Qun Zhong, HP Extend Enterprise Lab, USA



IMPORTANT DATES
---------------

Papers and panel proposals due  March 22, 1999
Authors notified of acceptance  April 26, 1999
Workshop                        June 16-18, 1999
Camera ready manuscripts due    June 30, 1999



INQUIRIES
---------  

For further information, please contact one of the Chairs, 
or visit the workshop web pages: 
  http://www.ida.liu.se/conferences/WETICE/SECWK/

For inquires regarding WET ICE in general, contact 
wetice@cerc.wvu.edu or call (U.S.) +1-304-293-7226, or
visit 
  http://www.ida.liu.se/conferences/WETICE/






From owner-ietf-ssh@clinet.fi  Thu Mar  4 13:03:01 1999
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from ssh.fi (muuri.ssh.fi [192.168.2.254])
	by torni.ssh.fi (8.9.1/8.9.1/EPIPE-1.13) with ESMTP id NAA05545;
	Thu, 4 Mar 1999 13:02:59 +0200 (EET)
Received: from lohi.clinet.fi (majordom@lohi.clinet.fi [194.100.0.7])
	by ssh.fi (8.9.1/8.9.1/EPIPE-1.15) with ESMTP id NAA25862;
	Thu, 4 Mar 1999 13:02:59 +0200 (EET)
Received: (from majordom@localhost)
	by lohi.clinet.fi (8.9.1/8.9.0) id NAA12997
	for ietf-ssh-outgoing; Thu, 4 Mar 1999 13:02:22 +0200 (EET)
X-Authentication-Warning: lohi.clinet.fi: majordom set sender to owner-ietf-ssh@clinet.fi using -f
Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1])
	by lohi.clinet.fi (8.9.1/8.9.0) with SMTP id RAA28479
	for <ietf-ssh@clinet.fi>; Wed, 3 Mar 1999 17:19:24 +0200 (EET)
Received: from Eng.Sun.COM (engmail4 [129.144.134.6]) by mercury.Sun.COM (SMI-8.6/mail.byaddr) with SMTP id HAB19668; Wed, 3 Mar 1999 07:14:20 -0800
Received: from basilisk.Eng.Sun.COM (basilisk.Eng.Sun.COM [129.144.153.121])
	by Eng.Sun.COM (8.8.8+Sun/SMI-5.3) with SMTP id HAA13412;
	Wed, 3 Mar 1999 07:14:18 -0800 (PST)
Received: from JaffaGate by basilisk.Eng.Sun.COM (SMI-8.6/SMI-SVR4)
	id HAA03755; Wed, 3 Mar 1999 07:14:06 -0800
Message-ID: <003301be6589$67bb36c0$e83c9c81@JaffaGate>
Reply-To: "Yahya Al-Salqan" <alsalqan@Eng.Sun.COM>
From: "Yahya Al-Salqan" <alsalqan@Eng.Sun.COM>
To: <ietf-pkix@imc.org>, <ietf-smime@imc.org>, <ietf-ssh@clinet.fi>,
        <spki@c2.net>
Cc: <www-security@ns2.Rutgers.EDU>
Subject: Fw: 1999 WET-ICE Enterprise Security Workshop
Date: Wed, 3 Mar 1999 07:20:34 -0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.0518.4
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.0518.4
X-MIME-Autoconverted: from 8bit to quoted-printable by Eng.Sun.COM id HAA13412
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by lohi.clinet.fi id RAA28481
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 6213
Lines: 219



Dear Colleague,

This mail is to remind you of the upcomming deadline for submissions
the Fourth International Workshop on Enterprise Security, to be held
as a part of IEEE WET-ICE '99 on June 16-18, 1999 at Stanford
University, California, USA. Deadline for paper submissions is March
22, 1999.

Electronic submissions are accepted. Please see the workshop web
page http://www.ida.liu.se/conferences/WETICE/SECWK/ for more
details.

Please accept my apologies if you receive this message more than once.

Enclosed is the Call For Papers. Your help in distributing the
CFP to interested parties would be greatly appreciated.


Sincerely,

Nahid Shahmehri
Program Co-Chair

Dept. of Computer and Information Science
Linkping University
SE-581 83 Linkping
Sweden

-Cut here--------------------------------------------------------------

     FINAL CALL FOR  PAPERS

      Submission deadline: March 22, 1999

      Fourth International Workshop on Enterprise Security
     a WET-ICE '99 workshop
June 16-18, 1999
      Stanford University, California, USA

    Sponsored by the IEEE Computer Society and CERC at West
Virginia University. Hosted by the Center for Design Research,
      Stanford University.


    This document is also available in HTML,
PostScript and PDF formats from

http://www.ida.liu.se/conferences/WETICE/SECWK/




Enterprises are becoming increasingly dependent on their information
systems to support their business and workflow activities.  There is a
need for universal electronic connectivity to support interaction and
cooperation between multiple organizations. This makes enterprise
security and confidentiality more important but at the same time more
difficult to achieve, as the multiple organizations may have
differences in their security policies and may have to interact via an
insecure Internet.

These inter-organizational enterprise systems may be very large.
Efficient tools, techniques and methodologies are therefore needed to
support the specification, analysis and implementation of security.

This workshop will focus on the problems and challenges relating to
enterprise security in inter-organizational systems. We aim to bring
together principal players from both the internetwork and the
enterprise security community and will provide plenty of time for
discussion.

Topics to be discussed include:
-------------------------------
Internet security:
* Security protocols for the Internet
* The work and efforts of IETF security groups
* Global key infrastructures

Distribution:
* Distributed database security
* Secure transactions
* Inter- and intra-organizational security
* Security of collaborative applications

Secure infrastructures:
* Secure applications and environments
* Object-oriented and CORBA Security
* Secure enterprise infrastructures
* Security algorithms
* Public key infrastructures

Security management:
* Role-based access control
* Enterprise security policies
* Security in workflow processes

The program committee welcomes both papers and panel proposals
covering these topics.


SUBMISSIONS
-----------

Authors should submit six copies of an original paper (not submitted
or published elsewhere) to one of the Program Co-Chairs. Electronic
submissions are also accepted via the World Wide Web. Instructions
and forms are available at http://mir7.ida.liu.se:8080/SECWK/ .

Submissions should include the title of the paper, the name and
affiliation of each author, a 150-word abstract, and no more than 8
keywords. Submissions should not exceed 3000 words in length.  The
name, position, address, telephone number, and if possible, fax number
and e-mail address of the author responsible for correspondence must
be included.

A representative selection of accepted papers will published in the
workshop post-proceedings. Papers accepted for publication in the
proceedings are limited to six pages (about 2000-2500 words) in IEEE
format (two columns, single spaced, 10pt Times). Authors are strongly
encouraged to adhere to this format also when submitting
papers. Detailed information on the IEEE format (together with some
templates) is available at http://www.computer.org/cspress/instruct.htm


PANEL PROPOSALS
---------------

Send six copies of panel proposals to the General Chair. Include a
title, a 150-word scope statement, proposed session chair and
panelists and their affiliations, the organizer's affiliation,
address, telephone and fax number, and e-mail address.


GENERAL CHAIR
-------------

Yahya Al-Salqan
Sun Microsystems
901 San Antonio Rd
Palo Alto, CA 94303
USA
E-mail: alsalqan@eng.sun.com


PROGRAM CO-CHAIRS
-----------------

Nahid Shahmehri
Dept. of Computer Science
Linkping University
S-581 83 Linkping
SWEDEN
E-mail: nahsh@ida.liu.se

Mourad Debbabi
Computer Science Department
Laval University
Ste-Foy, Quebec, G1K 7P4
CANADA
E-mail: debabi@ift.ulaval.ca




WORKSHOP PROGRAM COMMITTEE
--------------------------

Dominique Bolignano, INRIA, France
Germano Caronni, ETH-Zentrum, Switzerland
Michael Geva, Java Security Group, USA
Jean Goubault, Gie Dyade, France
Dima Hamad, Birzeit University, West Bank
Douglas Maughan, National Security Agency, USA
Steve Lloyd, Entrust, Canada
Gary McGraw, Reliable Software Technologies Inc., USA
Aravindan Ranganathan, Sun Microsystems, USA
Sumitra Reddy, CERC, West Virginia University, USA
Vipin Samar, Oracle, USA
Bill Soley, Sun Microsystems, USA
Robert Thomys, BSI, Germany
Mark Vandenwauver, K.U. Leuven, Belgium
Wu Wen, NASA Ames Research Center, USA
Tatu Ylnen, SSH Communications Security, Finland
Nick Zhang, Trans Enterprise Technologies Inc., USA
Qun Zhong, HP Extend Enterprise Lab, USA



IMPORTANT DATES
---------------

Papers and panel proposals due  March 22, 1999
Authors notified of acceptance  April 26, 1999
Workshop                        June 16-18, 1999
Camera ready manuscripts due    June 30, 1999



INQUIRIES
---------

For further information, please contact one of the Chairs,
or visit the workshop web pages:
  http://www.ida.liu.se/conferences/WETICE/SECWK/

For inquires regarding WET ICE in general, contact
wetice@cerc.wvu.edu or call (U.S.) +1-304-293-7226, or
visit
  http://www.ida.liu.se/conferences/WETICE/








From owner-ietf-ssh@clinet.fi  Thu Mar  4 15:09:37 1999
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from ssh.fi (muuri.ssh.fi [192.168.2.254])
	by torni.ssh.fi (8.9.1/8.9.1/EPIPE-1.13) with ESMTP id PAA05027;
	Thu, 4 Mar 1999 15:09:33 +0200 (EET)
Received: from lohi.clinet.fi (majordom@lohi.clinet.fi [194.100.0.7])
	by ssh.fi (8.9.1/8.9.1/EPIPE-1.15) with ESMTP id PAA27025;
	Thu, 4 Mar 1999 15:09:32 +0200 (EET)
Received: (from majordom@localhost)
	by lohi.clinet.fi (8.9.1/8.9.0) id PAA03904
	for ietf-ssh-outgoing; Thu, 4 Mar 1999 15:10:18 +0200 (EET)
X-Authentication-Warning: lohi.clinet.fi: majordom set sender to owner-ietf-ssh@clinet.fi using -f
Received: from nic.carlstedt.se (nic.carlstedt.se [193.12.107.10])
	by lohi.clinet.fi (8.9.1/8.9.0) with ESMTP id PAA03866
	for <ietf-ssh@clinet.fi>; Thu, 4 Mar 1999 15:10:12 +0200 (EET)
Received: from giraf.carlstedt.se (root@giraf.carlstedt.se [172.16.1.10])
	by nic.carlstedt.se (8.9.3/8.9.3) with ESMTP id OAA09487
	for <ietf-ssh@clinet.fi>; Thu, 4 Mar 1999 14:05:18 +0100 (MET)
Received: from carlstedt.se (maf@aston.carlstedt.se [172.16.1.90])
	by giraf.carlstedt.se (8.9.3/8.9.3) with ESMTP id OAA29658
	for <ietf-ssh@clinet.fi>; Thu, 4 Mar 1999 14:05:14 +0100 (MET)
Message-Id: <199903041305.OAA29658@giraf.carlstedt.se>
Date: Thu, 4 Mar 1999 14:05:11 +0100 (MET)
From: Martin Forssen <maf@crt.se>
Subject: Potential problem in the secsh-userauth draft
To: ietf-ssh@clinet.fi
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 942
Lines: 26

I think I have found a can of worms in the userauth draft. Which we
can either close the lid on quickly by adding restrictions to the
draft or we can open it and do the better, but not backwards-compatible,
solution.

The problem lies in this statement: "The client MAY send several
authentication requests without waiting for responses from previous
requests." (draft-ietf-secsh-userauth-05.txt section 2.2). If the
client initiates multiple authentication requests in parallell then
it has no way of knowing which answer goes with which request.

I see three possible solutions to this problem:

1. Remove the text which allows the client to sent multiple request
   without waiting for an answer.

2. Add text which states that the server MUST respond to the requests
   in the same order which they arrived.

3. Fix the protocol so that the replies can be tied to the specific
   requests.

Personally I would prefer solution #2.

	/MaF

From owner-ietf-ssh@clinet.fi  Fri Mar  5 00:53:12 1999
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from ssh.fi (muuri.ssh.fi [192.168.2.254])
	by torni.ssh.fi (8.9.1/8.9.1/EPIPE-1.13) with ESMTP id AAA10296;
	Fri, 5 Mar 1999 00:53:11 +0200 (EET)
Received: from lohi.clinet.fi (majordom@lohi.clinet.fi [194.100.0.7])
	by ssh.fi (8.9.1/8.9.1/EPIPE-1.15) with ESMTP id AAA01060;
	Fri, 5 Mar 1999 00:53:10 +0200 (EET)
Received: (from majordom@localhost)
	by lohi.clinet.fi (8.9.1/8.9.0) id AAA12449
	for ietf-ssh-outgoing; Fri, 5 Mar 1999 00:51:42 +0200 (EET)
X-Authentication-Warning: lohi.clinet.fi: majordom set sender to owner-ietf-ssh@clinet.fi using -f
Received: from ratbert.iconnet.net (ratbert.iconnet.net [209.3.247.87])
	by lohi.clinet.fi (8.9.1/8.9.0) with ESMTP id AAA12445
	for <ietf-ssh@clinet.fi>; Fri, 5 Mar 1999 00:51:40 +0200 (EET)
Received: from iconnet.net (localhost [127.0.0.1])
	by ratbert.iconnet.net (8.9.2/8.9.1) with ESMTP id RAA17450
	for <ietf-ssh@clinet.fi>; Thu, 4 Mar 1999 17:49:44 -0500 (EST)
Message-Id: <199903042249.RAA17450@ratbert.iconnet.net>
X-Mailer: exmh version 2.0.2 2/24/98
To: ietf-ssh@clinet.fi
Subject: problem with secsh-userauth-05
Date: Thu, 04 Mar 1999 17:49:44 -0500
From: Frank Cusack <fcusack@iconnet.net>
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 680
Lines: 18

Martin Forssen <maf@crt.se> and myself have discovered a problem
with the userauth draft:

Par 2.1 states:

  An authentication request MAY result in a further exchange of messages.
  All such messages depend on the authentication method used, and the
  client MAY at any time continue with a new SSH_MSG_USERAUTH_REQUEST
  message, in which case the server MUST abandon the previous
  authentication attempt and continue with the new one.

But 2 of the example authentications (par 4 & 5) use the
SSH_MSG_USERAUTH_REQUEST message to *continue* the authentication
process. According to 2.1, this is not allowed. It would be
better to define new messages for continuance.

~frank

From owner-ietf-ssh@clinet.fi  Fri Mar  5 03:48:46 1999
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from ssh.fi (muuri.ssh.fi [192.168.2.254])
	by torni.ssh.fi (8.9.1/8.9.1/EPIPE-1.13) with ESMTP id DAA10839;
	Fri, 5 Mar 1999 03:48:46 +0200 (EET)
Received: from lohi.clinet.fi (majordom@lohi.clinet.fi [194.100.0.7])
	by ssh.fi (8.9.1/8.9.1/EPIPE-1.15) with ESMTP id DAA02820;
	Fri, 5 Mar 1999 03:48:46 +0200 (EET)
Received: (from majordom@localhost)
	by lohi.clinet.fi (8.9.1/8.9.0) id DAA23642
	for ietf-ssh-outgoing; Fri, 5 Mar 1999 03:46:15 +0200 (EET)
X-Authentication-Warning: lohi.clinet.fi: majordom set sender to owner-ietf-ssh@clinet.fi using -f
Received: from ietf.org (odin.ietf.org [132.151.1.176])
	by lohi.clinet.fi (8.9.1/8.9.0) with ESMTP id DAA23638
	for <ietf-ssh@clinet.fi>; Fri, 5 Mar 1999 03:46:12 +0200 (EET)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA20947;
	Thu, 4 Mar 1999 20:41:22 -0500 (EST)
Message-Id: <199903050141.UAA20947@ietf.org>
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce: ;
Cc: ietf-ssh@clinet.fi
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-secsh-auth-kbdinteract-00.txt
Date: Thu, 04 Mar 1999 20:41:21 -0500
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 2776
Lines: 84

--NextPart

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Secure Shell Working Group of the IETF.

	Title		: Generic Message Exchange Authentication For SSH
	Author(s)	: F. Cusack, M. Forssen
	Filename	: draft-ietf-secsh-auth-kbdinteract-00.txt
	Pages		: 8
	Date		: 03-Mar-99
	
   SSH is a protocol for secure remote login and other secure network
   services over an insecure network.  This document describes a general
   purpose authentication method for the SSH protocol, suitable for
   interactive authentications where the authentication data should be
   entered via a keyboard.  The major goal of this method is to allow
   the SSH client to have little or no knowledge of the underlying
   authentication mechanism(s) used by the SSH server.


A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-secsh-auth-kbdinteract-00.txt

Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
	"get draft-ietf-secsh-auth-kbdinteract-00.txt".

A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html 
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt


Internet-Drafts can also be obtained by e-mail.

Send a message to:
	mailserv@ietf.org.
In the body type:
	"FILE /internet-drafts/draft-ietf-secsh-auth-kbdinteract-00.txt".
	
NOTE:	The mail server at ietf.org can return the document in
	MIME-encoded form by using the "mpack" utility.  To use this
	feature, insert the command "ENCODING mime" before the "FILE"
	command.  To decode the response(s), you will need "munpack" or
	a MIME-compliant mail reader.  Different MIME-compliant mail readers
	exhibit different behavior, especially when dealing with
	"multipart" MIME messages (i.e. documents which have been split
	up into multiple messages), so check your local documentation on
	how to manipulate these messages.
		
		
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.

--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"

--OtherAccess
Content-Type: Message/External-body;
	access-type="mail-server";
	server="mailserv@ietf.org"

Content-Type: text/plain
Content-ID:	<19990303151102.I-D@ietf.org>

ENCODING mime
FILE /internet-drafts/draft-ietf-secsh-auth-kbdinteract-00.txt

--OtherAccess
Content-Type: Message/External-body;
	name="draft-ietf-secsh-auth-kbdinteract-00.txt";
	site="ftp.ietf.org";
	access-type="anon-ftp";
	directory="internet-drafts"

Content-Type: text/plain
Content-ID:	<19990303151102.I-D@ietf.org>

--OtherAccess--

--NextPart--


From owner-ietf-ssh@clinet.fi  Mon Mar  8 13:03:18 1999
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from ssh.fi (muuri.ssh.fi [192.168.2.254])
	by torni.ssh.fi (8.9.1/8.9.1/EPIPE-1.13) with ESMTP id NAA08080;
	Mon, 8 Mar 1999 13:03:18 +0200 (EET)
Received: from lohi.clinet.fi (majordom@lohi.clinet.fi [194.100.0.7])
	by ssh.fi (8.9.1/8.9.1/EPIPE-1.15) with ESMTP id NAA27997;
	Mon, 8 Mar 1999 13:03:18 +0200 (EET)
Received: (from majordom@localhost)
	by lohi.clinet.fi (8.9.1/8.9.0) id MAA03656
	for ietf-ssh-outgoing; Mon, 8 Mar 1999 12:59:25 +0200 (EET)
X-Authentication-Warning: lohi.clinet.fi: majordom set sender to owner-ietf-ssh@clinet.fi using -f
Received: from stax05.cubis.de (wks1.cubis.de [194.112.101.50])
	by lohi.clinet.fi (8.9.1/8.9.0) with ESMTP id JAA25539;
	Mon, 8 Mar 1999 09:25:48 +0200 (EET)
Received: from secunet.de (huehnlein.cubis.de [10.0.129.33]) by stax05.cubis.de (8.7.5/8.7.3) with ESMTP id IAA25676; Mon, 8 Mar 1999 08:13:00 +0100 (MET)
Message-ID: <36E385DD.7BF06F31@secunet.de>
Date: Mon, 08 Mar 1999 08:10:05 +0000
From: "Detlef =?iso-8859-1?Q?H=FChnlein?=" <huehnlein@secunet.de>
Organization: Secunet GmbH - The Trust Company
X-Mailer: Mozilla 4.03 [en] (WinNT; I)
MIME-Version: 1.0
To: "cqre@secunet.de" <cqre@secunet.de>
Subject: Call for Papers: CQRE
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by lohi.clinet.fi id JAA25540
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 5701
Lines: 152

(As some of you have problems with the html-version of the CFP
you will find the full version below. Sorry for this inconvenience.)


***************************************************************
                     Call for Papers
            CQRE [Secure] Congress & Exhibition
       Duesseldorf, Germany, Nov. 30 - Dec. 2 1999
---------------------------------------------------------------
provides a new international forum covering most aspects of
information security with a special focus to the role of
information security in the context of rapidly evolving economic
processes.
---------------------------------------------------------------
 Deadline for submission of extended abstracts: May 14, 1999
website: http://www.secunet.de/forum/cqre.html
mailing-list: send mailto:cqre@secunet.de 
(where the subject is "subscribe" without paranthesis)
***************************************************************

The "CQRE - secure networking" provides a new international
forum giving a close-up view on information security in the context
of rapidly evolving economic processes. The unprecedented
reliance on computer technology transformed the previous technical
side- issue "information security'' to a management problem
requiring decisions of strategic importance. Hence, the targeted
audience represents decision makers from government, industry,
commercial, and academic communities. If you are developing
solutions to problems relating to the protection of your countrys
information infrastructure or a commercial enterprise, consider
submitting a paper to the "CQRE - secure networking" conference.

We are looking for papers and panel discussions covering:
. electronic commerce
 - new business processes
 - secure business transactions
 - online merchandising
 - electronic payment / banking
 - innovative applications

. network security
 - virtual private networks
 - security aspects in internet utilization
 - security aspects in multimedia-
   applications
- intrusion detection systems

. legal aspects
 - digital signatures acts
 - privacy and anonymity
 - crypto regulation
 - liability

. corporate security
 - access control
 - secure teleworking
 - enterprise key management
 - IT-audit
 - risk / disaster management
 - security awareness and training
 - implementation, accreditation, and
   operation of secure systems in a
   government, business, or industry
   environment

. security technology
 - cryptography
 - public key infrastructures
 - chip card technology
 - biometrics

. trust management
 - evaluation of products and systems
 - international harmonization of security
   evaluation criterias
. standardization
. future perspectives

Any other contribution addressing the involvement of IT security in
economic processes will be welcome. Authors are invited to submit
an extended abstract of their contribution to the program chair.
The submissions should be original research results, survey
articles or ``high quality'' case studies and position papers.
Product advertisements are welcome for presentation, but will not
be considered for the proceedings. Manuscripts must be in English,
and not more than 2.000 words. The extended abstracts should be in
a form suitable for anonymous review, with no author names,
affiliations, acknowledgements or obvious references. Contributions
must not be submitted in parallel to any conference or workshop
that has proceedings. Separately, an abstract of the paper with no
more than 200 words and with title, name and addresses (incl. an
E-mail address) of the authors shall be submitted. In the case of
multiple authors the contacting author must be clearly identified.
We strongly encourage electronic submission in Postscript format.
The submissions must be in 11pt format, use standard fonts or
include the necessary fonts. Proposals for panel discussions should
also be sent to the program chair. Panels of interest include those
that present alternative/controversial viewpoints or those that
encourage lively discussions of relevant issues. Panels that are
collections of unrefereed papers will not be considered. Panel
proposals should be a minimum of one page describing the subject
matter, the appropriateness of the panel for this conference and
should identify participants and their respective viewpoints.

mailing list/ web-site:
-----------------------
If you want to receive emails with subsequent Call for Papers and
registration information, please send a brief mail to
cqre@secunet.de. You will find this call for papers and further
information at http://www.secunet.de/forum/cqre.html .

important dates:
----------------
deadline for submission of extended abstracts May 14, 1999
deadline for submission of panel proposals    June 1, 1999
notification of acceptance                   June 25, 1999
deadline for submission of complete papers   July 30, 1999

program chair:
--------------
secunet - Security Networks GmbH
c/o Rainer Baumgart 
Weidenauer Str. 223 - 225
57076 Siegen
Germany
Tel.: +49-271-48950-15
Fax:  +49-271-48950-50
R.Baumgart@secunet.de


program committee:
------------------
Johannes Buchmann   (TU Darmstadt)
Dirk Fox            (Secorvo)
Walter Fumy         (Siemens)
Rdiger Grimm       (GMD)
Helena Handschuh    (ENST/Gemplus)
Thomas Hoeren       (Uni Muenster)
Pil Joong Lee       (POSTECH)
Alfred Menezes      (U.o.Waterloo/Certicom)
David Naccache      (Gemplus)
Clifford Neumann    (USC)
Mike Reiter         (Bell Labs)
Matt Robshaw        (RSA)
Richard Schlechter  (EU-comm.)
Bruce Schneier      (Counterpane)
Tsuyoshi Takagi     (NTT)
Yiannis Tsiounis    (GTE Labs)
Michael Waidner     (IBM)
Moti Yung           (CERTCO)
Robert Zuccherato   (Entrust)

From owner-ietf-ssh@clinet.fi  Wed Mar 10 12:45:38 1999
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from ssh.fi (muuri.ssh.fi [192.168.2.254])
	by torni.ssh.fi (8.9.1/8.9.1/EPIPE-1.13) with ESMTP id MAA06738;
	Wed, 10 Mar 1999 12:45:37 +0200 (EET)
Received: from lohi.clinet.fi (majordom@lohi.clinet.fi [194.100.0.7])
	by ssh.fi (8.9.1/8.9.1/EPIPE-1.15) with ESMTP id MAA22367;
	Wed, 10 Mar 1999 12:45:37 +0200 (EET)
Received: (from majordom@localhost)
	by lohi.clinet.fi (8.9.1/8.9.0) id MAA20622
	for ietf-ssh-outgoing; Wed, 10 Mar 1999 12:38:43 +0200 (EET)
X-Authentication-Warning: lohi.clinet.fi: majordom set sender to owner-ietf-ssh@clinet.fi using -f
Received: from hutcs.cs.hut.fi (kivinen@hutcs.cs.hut.fi [130.233.192.7])
	by lohi.clinet.fi (8.9.1/8.9.0) with ESMTP id OAA14580
	for <ietf-ssh@clinet.fi>; Mon, 8 Mar 1999 14:02:12 +0200 (EET)
Received: (from kivinen@localhost) by hutcs.cs.hut.fi (8.8.8/8.8.8) id OAA19737; Mon, 8 Mar 1999 14:01:52 +0200 (EET)
Date: Mon, 8 Mar 1999 14:01:52 +0200 (EET)
Message-Id: <199903081201.OAA19737@hutcs.cs.hut.fi>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
From: Tero Kivinen <kivinen@iki.fi>
To: Frank Cusack <fcusack@iconnet.net>
Cc: ietf-ssh@clinet.fi
Subject: problem with secsh-userauth-05
In-Reply-To: <199903042249.RAA17450@ratbert.iconnet.net>
References: <199903042249.RAA17450@ratbert.iconnet.net>
X-Mailer: VM 6.33 under Emacs 19.34.1
Organization: Helsinki University of Technology
X-Edit-Time: 6 min
X-Total-Time: 5 min
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 1904
Lines: 46

Frank Cusack writes:
> Martin Forssen <maf@crt.se> and myself have discovered a problem
> with the userauth draft:
> Par 2.1 states:
>   An authentication request MAY result in a further exchange of messages.
>   All such messages depend on the authentication method used, and the
>   client MAY at any time continue with a new SSH_MSG_USERAUTH_REQUEST
>   message, in which case the server MUST abandon the previous
>   authentication attempt and continue with the new one.
> But 2 of the example authentications (par 4 & 5) use the
> SSH_MSG_USERAUTH_REQUEST message to *continue* the authentication
> process.

If you refer to the public key authentication method, it does not use
SSH_MSG_USERAUTH_REQUEST to continue the authentication, it may use
several indipendant authentication mehtods request, the first ones are
used to try if that public key can be used to authenticate user, and
when it finds that one public key can be used then it uses that to do
the actual authentication.

Client is allowed to do following:

SSH_MSG_USERAUTH_REQUEST, kivinen, terminal, publickey, FALSE, pubkey-1
SSH_MSG_USERAUTH_REQUEST, kivinen, terminal, publickey, FALSE, pubkey-2
SSH_MSG_USERAUTH_REQUEST, kivinen, terminal, publickey, FALSE, pubkey-3
SSH_MSG_USERAUTH_REQUEST, kivinen, terminal, publickey, FALSE, pubkey-4

And the server can respond

SSH_MSG_USERAUTH_FAILURE
SSH_MSG_USERAUTH_FAILURE
SSH_MSG_USERAUTH_PK_OK
SSH_MSG_USERAUTH_FAILURE

and then client knows that pubkey-3 is valid for authentication and
send 

SSH_MSG_USERAUTH_REQUEST, kivinen, terminal, publickey, TRUE, pubkey-3, sig

> According to 2.1, this is not allowed. It would be
> better to define new messages for continuance.
-- 
kivinen@iki.fi                               Work : +358-9-4354 3218
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/

From owner-ietf-ssh@clinet.fi  Thu Mar 11 12:32:38 1999
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from ssh.fi (muuri.ssh.fi [192.168.2.254])
	by torni.ssh.fi (8.9.1/8.9.1/EPIPE-1.13) with ESMTP id MAA09789;
	Thu, 11 Mar 1999 12:32:38 +0200 (EET)
Received: from lohi.clinet.fi (majordom@lohi.clinet.fi [194.100.0.7])
	by ssh.fi (8.9.1/8.9.1/EPIPE-1.15) with ESMTP id MAA05653;
	Thu, 11 Mar 1999 12:32:37 +0200 (EET)
Received: (from majordom@localhost)
	by lohi.clinet.fi (8.9.1/8.9.0) id MAA23424
	for ietf-ssh-outgoing; Thu, 11 Mar 1999 12:27:38 +0200 (EET)
X-Authentication-Warning: lohi.clinet.fi: majordom set sender to owner-ietf-ssh@clinet.fi using -f
Received: from tnt.isi.edu (tnt.isi.edu [128.9.128.128])
	by lohi.clinet.fi (8.9.1/8.9.0) with ESMTP id GAA05212
	for <ietf-ssh@clinet.fi>; Thu, 11 Mar 1999 06:20:13 +0200 (EET)
Received: from cayman-islands.isi.edu (cayman-islands.isi.edu [128.9.160.140])
	by tnt.isi.edu (8.8.7/8.8.6) with ESMTP id UAA27909;
	Wed, 10 Mar 1999 20:18:56 -0800 (PST)
Received: (from bcn@localhost)
	by cayman-islands.isi.edu (8.8.7/8.8.6) id UAA15042;
	Wed, 10 Mar 1999 20:18:55 -0800 (PST)
Date: Wed, 10 Mar 1999 20:18:55 -0800 (PST)
Message-Id: <199903110418.UAA15042@cayman-islands.isi.edu>
From: Clifford Neuman <bcn@ISI.EDU>
To: the-computer-security-community@ISI.EDU
Subject: Workshop on Countering Cyber-Terrorism
Reply-to: bcn@ISI.EDU
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 2743
Lines: 57

		      Countering Cyber-Terrorism
			      June 22-23
		      Marina del Rey, California
      A workshop sponsored by the Information Sciences Institute
	       of the University of Southern California

			Call for Participation

Recent studies warn of Cyber-Terrorism and the vulnerability of our
computer systems and infrastructure to attack. These reports identify
damage that determined, knowledgeable, and well-financed adversaries
could inflict on commercial, government, and military systems.  Such
attacks would have severe consequences for the public, and in
particular the economy, which has become dependant on computers and
communications infrastructure.

The objective of this workshop is to identify things that should be
done to improve our ability to detect, protect against, contain,
neutralize, mitigate the effects of, and recover from cyber-terrorist
attacks.  Participants are sought from the computer security,
electronic commerce and banking, network infrastructure, military, and
counter-terrorism communities, as well as those with experience of
cyber-terrorist attacks.  Recommendations may suggest research and
development or operational measures that can be taken.  The workshop
is NOT a forum for presentation of the latest security systems,
protocols or algorithms.  The workshop will address the strategies,
framework, and infrastructure required to combine and incrementally
deploy such technologies to counter the cyber-terrorist threat.

Attendance will be limited to approximately 25 participants.
Participants will be selected on the basis of submitted position
papers that raise issues for the workshop to discuss, identify threats
or countermeasures, or propose strategies or infrastructure to counter
the threat of cyber-terrorism. Position papers should be four pages or
less in length.  Submissions should be sent in e-mail in Word or PDF
format, or as ASCII text to cyber-terrorism-ws@isi.edu.

Please check the web page http://www.isi.edu/cctws for more
information, including a position paper from the organizers which will
be available two weeks prior to the submission deadline.

Important Dates:

  Organizer's Paper Available              April  5, 1999
  Position Papers Due                      April 19, 1999
  Notification of Acceptance               May 1, 1999
  Revised Position Papers Due              May 28, 1999
  Position Papers Available on Web         June 9
  Workshop Dates                           June 22-23

Organizing Committee:

   Bob Balzer, Information Sciences Institute, Balzer@isi.edu
   Thomas Longstaff, CERT Coordination Center, tal@cert.org
   Don Faatz, the MITRE Corporation, dfaatz@mitre.org 
   Clifford Neuman, Information Sciences Institute, bcn@isi.edu

From owner-ietf-ssh@clinet.fi  Mon Mar 15 12:37:56 1999
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from ssh.fi (muuri.ssh.fi [192.168.2.254])
	by torni.ssh.fi (8.9.1/8.9.1/EPIPE-1.13) with ESMTP id MAA26470;
	Mon, 15 Mar 1999 12:37:40 +0200 (EET)
Received: from lohi.clinet.fi (majordom@lohi.clinet.fi [194.100.0.7])
	by ssh.fi (8.9.1/8.9.1/EPIPE-1.15) with ESMTP id MAA01516;
	Mon, 15 Mar 1999 12:36:18 +0200 (EET)
Received: (from majordom@localhost)
	by lohi.clinet.fi (8.9.1/8.9.0) id MAA29881
	for ietf-ssh-outgoing; Mon, 15 Mar 1999 12:30:34 +0200 (EET)
X-Authentication-Warning: lohi.clinet.fi: majordom set sender to owner-ietf-ssh@clinet.fi using -f
Received: from bren.aec.cz (IDENT:root@bren.aec.cz [194.212.151.66])
	by lohi.clinet.fi (8.9.1/8.9.0) with ESMTP id NAA25147
	for <ietf-ssh@clinet.fi>; Fri, 12 Mar 1999 13:13:00 +0200 (EET)
Received: from tomik (pokorny [192.168.1.15])
	by bren.aec.cz (8.8.7/8.8.7) with SMTP id MAA15935
	for <ietf-ssh@clinet.fi>; Fri, 12 Mar 1999 12:12:35 +0100
Message-ID: <000701be6c79$221fbae0$0f01a8c0@tomik.aec.cz>
From: "=?iso-8859-2?B?VG9t4bkgVm9icnViYQ==?=" <vobruba@aec.cz>
To: <ietf-ssh@clinet.fi>
Subject: one question :-)
Date: Fri, 12 Mar 1999 12:11:51 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0004_01BE6C81.83376820"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.3110.5
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 1678
Lines: 52

This is a multi-part message in MIME format.

------=_NextPart_000_0004_01BE6C81.83376820
Content-Type: text/plain;
	charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable

Hi,

I have one question to technical support about ssh client and ssh server =
...
Does ssh server and client 2.x work on OS HP-UX 10.20 and 10.10 and on =
Solaris 2.6 or higher ??

thanks a lot ...
                                Tomas Vobruba


------=_NextPart_000_0004_01BE6C81.83376820
Content-Type: text/html;
	charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">
<HTML>
<HEAD>

<META content=3Dtext/html;charset=3Diso-8859-2 =
http-equiv=3DContent-Type>
<META content=3D'"MSHTML 4.72.3110.7"' name=3DGENERATOR>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT color=3D#000000 size=3D2>Hi,</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT color=3D#000000 size=3D2>I have one question to technical =
support about=20
ssh client and ssh server ...</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2>Does ssh server and client 2.x work =
on OS HP-UX=20
10.20 and 10.10 and on Solaris 2.6 </FONT><FONT color=3D#000000 =
size=3D2>or higher=20
??<BR></FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2>thanks a lot ...</FONT></DIV>
<DIV><FONT color=3D#000000=20
size=3D2>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
Tomas Vobruba</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT>&nbsp;</DIV></BODY></HTML>

------=_NextPart_000_0004_01BE6C81.83376820--

From owner-ietf-ssh@clinet.fi  Wed Mar 17 13:13:48 1999
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from ssh.fi (muuri.ssh.fi [192.168.2.254])
	by torni.ssh.fi (8.9.1/8.9.1/EPIPE-1.13) with ESMTP id NAA07724;
	Wed, 17 Mar 1999 13:13:47 +0200 (EET)
Received: from lohi.clinet.fi (majordom@lohi.clinet.fi [194.100.0.7])
	by ssh.fi (8.9.1/8.9.1/EPIPE-1.15) with ESMTP id NAA24365;
	Wed, 17 Mar 1999 13:13:46 +0200 (EET)
Received: (from majordom@localhost)
	by lohi.clinet.fi (8.9.1/8.9.0) id NAA24284
	for ietf-ssh-outgoing; Wed, 17 Mar 1999 13:06:56 +0200 (EET)
X-Authentication-Warning: lohi.clinet.fi: majordom set sender to owner-ietf-ssh@clinet.fi using -f
Received: from barbar.esat.kuleuven.ac.be (root@barbar.esat.kuleuven.ac.be [134.58.56.153])
	by lohi.clinet.fi (8.9.1/8.9.0) with ESMTP id KAA28060
	for <ietf-ssh@clinet.fi>; Wed, 17 Mar 1999 10:44:01 +0200 (EET)
Received: from domus.esat.kuleuven.ac.be (domus.esat.kuleuven.ac.be [134.58.189.68]) by barbar (version 8.8.5)  with ESMTP
	id JAA17405; Wed, 17 Mar 1999 09:40:04 +0100 (MET)
Organization: ESAT, K.U.Leuven, Belgium
Date: Wed, 17 Mar 1999 09:40:04 +0100 (MET)
From: "CMS'99" <cms99@esat.kuleuven.ac.be>
To: cms99@esat.kuleuven.ac.be
Subject: Communications and Multimedia Security '99
Message-ID: <Pine.HPX.4.05.9903170933330.15612-100000@domus.esat.kuleuven.ac.be>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 192
Lines: 12


[Apologies if you receive this more than once]

NEW DEADLINE FOR THE CMS'99 CONFERENCE: 

April 2nd, 1999

The call for papers can be found at 
http://www.esat.kuleuven.ac.be/cosic/cms99/



From owner-ietf-ssh@clinet.fi  Wed Mar 24 12:52:36 1999
Return-Path: <owner-ietf-ssh@clinet.fi>
Received: from ssh.fi (muuri.ssh.fi [192.168.2.254])
	by torni.ssh.fi (8.9.1/8.9.1/EPIPE-1.13) with ESMTP id MAA07862;
	Wed, 24 Mar 1999 12:52:35 +0200 (EET)
Received: from lohi.clinet.fi (majordom@lohi.clinet.fi [194.100.0.7])
	by ssh.fi (8.9.1/8.9.1/EPIPE-1.15) with ESMTP id MAA02873;
	Wed, 24 Mar 1999 12:52:34 +0200 (EET)
Received: (from majordom@localhost)
	by lohi.clinet.fi (8.9.1/8.9.0) id MAA16770
	for ietf-ssh-outgoing; Wed, 24 Mar 1999 12:49:56 +0200 (EET)
X-Authentication-Warning: lohi.clinet.fi: majordom set sender to owner-ietf-ssh@clinet.fi using -f
Received: from relay.gw.tislabs.com (firewall-user@relay.hq.tis.com [192.94.214.100])
	by lohi.clinet.fi (8.9.1/8.9.0) with ESMTP id TAA14267
	for <ietf-ssh@clinet.fi>; Mon, 22 Mar 1999 19:10:48 +0200 (EET)
Received: by relay.gw.tislabs.com; id MAA15180; Mon, 22 Mar 1999 12:18:23 -0500 (EST)
Received: from clipper.hq.tis.com(10.33.1.2) by relay.gw.tislabs.com via smap (4.1)
	id xma015171; Mon, 22 Mar 99 12:18:03 -0500
Received: from balenson.hq.tis.com (balenson.hq.tis.com [10.33.80.11])
	by clipper.hq.tis.com (8.9.1/8.9.1) with SMTP id MAA19753;
	Mon, 22 Mar 1999 12:06:44 -0500 (EST)
Message-Id: <199903221706.MAA19753@clipper.hq.tis.com>
X-Sender: balenson@pop.hq.tis.com
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0
Date: Mon, 22 Mar 1999 12:07:02 -0500
To: ietf-ssh@clinet.fi
From: "David M. Balenson" <balenson@tislabs.com>
Subject: CFP: ISOC Year 2000 Network & Distr. System Security (NDSS
  2000)
Cc: balenson@tislabs.com
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ietf-ssh@clinet.fi
Precedence: bulk
Content-Length: 6839
Lines: 173


            C  A  L  L       F  O  R       P  A  P  E  R  S


                          The Internet Society
           Year 2000 Network and Distributed System Security 
                         Symposium (NDSS 2000)

             Catamaran Resort Hotel, San Diego, California
                           February 2-4, 2000


IMPORTANT DATES:

  Paper and panel submissions due: June 16, 1999
  Author notification: August 17, 1999
  Final versions of papers and panels due: October 15, 1999

GOAL: 

  This symposium aims to foster information exchange among researchers
  and practitioners of network and distributed system security
  services.  The intended audience includes those who are interested
  in practical aspects of network and distributed system security,
  with the focus on actual system design and implementation, rather
  than theory. A major goal of the symposium is to encourage and
  enable the Internet community to apply, deploy, and advance the
  state of available security technology.  The proceedings of the
  symposium will be published by the Internet Society.

  Submissions are solicited for, but are not limited to, the
  following topics:

  * Secure Electronic Commerce, e.g., payment, barter, EDI,
    notarization/timestamping, endorsement and licensing.
  * Intellectual Property Protection: protocols, schemas,
    implementations, metering, watermarking, other forms of rights
    management.
  * Implementation, deployment and management of network security
    policies.
  * Integrating Security in Internet protocols: routing, naming,
    TCP/IP, multicast, network management, and, of course, the Web.
  * Attack-resistant protocols and services.
  * Special problems and case studies: e.g. interplay and tradeoffs
    between security and efficiency, usability, reliability and cost.
  * Security for collaborative applications and services: tele- and
    video-conferencing, groupwork, etc.
  * Fundamental services: authentication, data integrity,
    confidentiality, authorization, non-repudiation, and availability.
  * Supporting mechanisms and APIs: key management and certification,
    revocation, audit trails and accountability.
  * Integrating security services with system and application security
    facilities and protocols, e.g., message handling, file
    transport/access, directories, time synchronization, data base
    management, boot services, mobile computing.
  * Security for emerging technologies -- sensor networks, specialized
    testbeds, wireless/mobile (and ad hoc) networks, personal
    communication systems, and large heterogeneous distributed systems.
  * Intrusion Avoidance, Detection, and Response: systems, experiences
    and architectures
  * Network Perimeter Controls: firewalls, packet filters, application
    gateways.

BEST PAPER AWARD:

  A best paper award will be introduced at NDSS 2000. This award will
  be presented at the symposium to the authors of the best paper to
  be selected by the program committee.

GENERAL CHAIR:
  Stephen Welke, Trusted Computer Solutions


PROGRAM CO-CHAIRS:
  Gene Tsudik, USC / Information Sciences Institute
  Avi Rubin, AT&T Labs - Research

TUTORIAL CHAIR:
  Doug Maughan, NSA / DARPA

PROGRAM COMMITTEE:
  Bill Cheswick, Lucent Bell Labs  
  Marc Dacier, IBM Research Zurich 
  Jim Ellis, CMU / CERT
  Carl Ellison, Intel   
  Ed Felten, Princeton  
  Virgil Gligor, UMD College Park 
  Thomas Hardjono, Bay Networks/Nortel
  Cynthia Irvine, Naval Postgraduate School
  Charlie Kaufman,  Iris Associates
  Dave Kormann, AT&T Labs - Research 
  Hugo Krawczyk, Technion and IBM
  Carl Landwehr, Naval Research Lab
  Doug Maughan, NSA / DARPA   
  Gary McGraw, Reliable Software Technologies  
  Sandra Murphy, TIS Labs at Network Associates   
  Clifford Neuman, USC / Information Sciences Institute
  Paul Van Oorschot, Entrust
  Sami Saydjari, DARPA ISO 
  David Wagner, UC Berkeley   
  Bennet Yee, UC San Diego

LOCAL ARRANGEMENTS CHAIR:
  Thomas Hutton, San Diego Supercomputer Center

PUBLICATIONS CHAIR:
  John Kochmar, SEI

PUBLICITY CHAIR:
  David Balenson, TIS Labs at Network Associates   

LOGISTICS CHAIR:
  Carla Rosenfeld, Internet Society

REGISTRATIONS CHAIR
  Beth Strait, Internet Society

SUBMISSIONS: 

  The committee invites both technical papers and panel proposals.
  Technical papers should be at most 20 pages long. Panel proposals
  should be at most two pages and should describe the topic, identify
  the panel chair, explain the format of the panel, and list three
  to four potential panelists.  Technical papers will appear in
  the proceedings. A description of each panel will appear in the
  proceedings, and may -- at the discretion of the panel chair --
  include written position statements from the panelists.

  Each submission must contain a separate title page with the type
  of submission (paper or panel), the title or topic, the names of
  the author(s), organizational affiliation(s), telephone and FAX
  numbers, postal addresses, e-mail addresses, and must specify
  the contact author in case of multi-author submissions. The names
  of authors, affiliations, and other identifying information should
  appear only on the separate title page.

  Submissions must be received by June 16, 1999, and must be made
  via electronic mail in either PostScript or ASCII format.  If
  the committee is unable to print a PostScript submission, a
  hardcopy will be requested. Therefore, PostScript submissions
  must arrive well before the deadline.

  All submissions and program related correspondence (only) should
  be directed to the program chair:

        Gene Tsudik     
        USC Information Sciences Institute      
        4676 Admiralty Way      
        Marina Del Rey, CA 90292        
        Email: ndss00@isi.edu
        TEL: +1 (310) 822-1511 ext 329
        FAX: +1 (310) 823-6714 

  Dates, final call for papers, advance program, and registration
  information will be available soon at the URL: httl//www.isoc.org/ndss2000.

  Each submission will be acknowledged by e-mail.  If acknowledgment
  is not received within seven days, please contact the program
  chair as indicated above.  Authors and panelists will be notified

  of acceptance by August 17, 1999.  Instructions for preparing
  camera-ready copy for the proceedings will be sent at that time.
  The camera-ready copy must be received by October 15, 1999.


----------------------------------------------------------------------
David M. Balenson, Cryptographic Technologies Group
TIS Labs at Network Associates, Inc.
3060 Washington Road, Suite 100, Glenwood, MD 21738  USA
balenson@tislabs.com; 443-259-2358; fax 301-854-4731
pgp fingerprints FD53 918E 097A 2579 C1A8  34F8 E05D E74F AC1D E184 (DSS/DH)
                 D43B 565B 2C0E 90F4  38BB D9EA 1454 3264 (RSA)

