Re: Evaluation: draft-ietf-secsh-architecture-14

[Harald Tveit Alvestrand <harald@alvestrand.no>]

no comments on most of your comments, but.....

--On 2. september 2003 21:04 -0400 Russ Housley <housley@vigilsec.com> 
wrote:

> 6.  Section 7, second paragraph on page 13.  This is technically
> incorrect. Names with at-signs are not allocated by zone administrators;
> they are allocated by mail system administrators, and they relate to
> names in the message store.  Please remove the whole paragraph.

I don't understand the comment.
Names of the form "user@host" are used in a number of places (email, login 
names in ftp://user@host/ URLs, NAIs for roaming, IM identifiers and more).

I *think* the purpose of the paragraph

     Names with the at-sign ('@') in them are allocated by the owner of
     DNS name after the at-sign (hierarchical allocation in [RFC-
     2343]), otherwise the same restrictions as above.

is to give local extensibility to protocol parameter identifiers; there are 
a number of variants that are commonly suggested for this, and DNS based 
naming is one of them. (It's not a particularly good one, though - DNS 
names change hands too often to be considered "completely stable", and we 
do tend to want stability in parameter naming..... it also gives all the 
problems of "X-" headers in enabling wide deployment of non-interoperable 
extensions; if this isn't currently in use, and we need to push back on the 
document for other reasons, it might be worth asking the authors whether 
losing this would cause them heartburn. But I would like to see SSH, too, 
out the door.)

                  Harald