[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last Call: Using DNS to securely publish SSH key fingerprints to Proposed Standard

To: iesg@ietf.org
Subject: Re: Last Call: Using DNS to securely publish SSH key fingerprints to Proposed Standard
From: Simon Josefsson <jas@extundo.com>
Date: Mon, 12 May 2003 22:01:55 +0200
Cc: ietf-ssh@netbsd.org
In-reply-to: <200305052209.SAA18159@ietf.org> (The IESG's message of "Mon,05 May 2003 18:09:07 -0400")
References: <200305052209.SAA18159@ietf.org>
User-agent: Gnus/5.1002 (Gnus v5.10.2) Emacs/21.3.50 (gnu/linux)

Was it considered to allow for other security mechanisms to
authenticate the SSHFP data, besides DNSSEC?  The document says:

   2.4 Authentication

   A public key verified using this method MUST only be trusted if the
   SSHFP resource record (RR) used for verification was authenticated by
   a trusted SIG RR.

   Clients that do not validate the DNSSEC signatures themselves MUST
   use a secure transport, e.g. TSIG [8], SIG(0) [9] or IPsec [7],
   between themselves and the entity performing the signature
   validation.

This seem to require that DNSSEC is used by at least some entity.

I believe this is an unnecessary restriction, and that SSHFP would be
more useful if it the wording was changed to allow for any secure
mechanism.  The document may mention that it was designed for DNSSEC
and that DNSSEC is the recommended way to authenticate data, but I
believe it should not explicitly preclude other (secure) ways of
authenticating the SSHFP data.

Some scenarios that are precluded by the current text:

* TSIG/IPSEC-protected query to authoritative server with SSHFP.

* TSIG/IPSEC-protected query to trusted server with SSHFP.  (The
  server may have received the data using a secure channel from the
  authoritative server.)

* Using data from zone files received securely out of band.  (E.g.,
  via SSH, or by mail protected by CMS or OpenPGP, from the
  authoritative domain.)

Thanks.

(I searched the SSH mailing list but could not find anything related
to this.  I'd appreciate a pointer if this has discussed before.)

The IESG <iesg-secretary@ietf.org> writes:

> The IESG has received a request from the Secure Shell Working Group to 
> consider Using DNS to securely publish SSH key fingerprints 
> <draft-ietf-secsh-dns-04.txt> as a Proposed Standard.  
>
> The IESG plans to make a decision in the next few weeks, and solicits
> final comments on this action.  Please send any comments to the 
> iesg@ietf.org or ietf@ietf.org mailing lists by 2003-5-19.
>
> Files can be obtained via http://www.ietf.org/internet-drafts/draft-ietf-secsh-dns-04.txt

Follow-Ups:
- Re: Last Call: Using DNS to securely publish SSH key fingerprints to Proposed Standard
  - From: Jakob Schlyter <jakob@crt.se>

Prev by Date: RE: Internal WG Review: Recharter of LDAP Duplication/Replication/Update Protocols (ldup)
Next by Date: UPDATED: Draft IESG Telechat Agenda and Package for May 15, 2003
Previous by thread: FW: General Request for Assignments
Next by thread: Re: Last Call: Using DNS to securely publish SSH key fingerprints to Proposed Standard
Index(es):
- Date
- Thread