draft-ietf-secsh-publickey-subsystem-00.txt   draft-ietf-secsh-publickey-subsystem-01.txt 
Secure Shell Working Group J. Galbraith Secure Shell Working Group J. Galbraith
Internet-Draft J. Van Dyke Internet-Draft J. Van Dyke
Expires: March 15, 2004 B. McClure Expires: October 1, 2004 B. McClure
VanDyke Software VanDyke Software
J. Bright J. Bright
Silicon Circus Silicon Circus
September 15, 2003 April 2, 2004
Secure Shell Public-Key Subsystem Secure Shell Public-Key Subsystem
draft-ietf-secsh-publickey-subsystem-00.txt draft-ietf-secsh-publickey-subsystem-01.txt
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other Task Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts. groups may also distribute working documents as Internet-Drafts.
skipping to change at page 1, line 34 skipping to change at page 1, line 34
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at http:// The list of current Internet-Drafts can be accessed at http://
www.ietf.org/ietf/1id-abstracts.txt. www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on March 15, 2004. This Internet-Draft will expire on October 1, 2004.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved. Copyright (C) The Internet Society (2004). All Rights Reserved.
Abstract Abstract
SECSH defines an authentication mechanism that is based on public SECSH defines an authentication mechanism that is based on public
keys, but does not define any mechanism for key distribution. No keys, but does not define any mechanism for key distribution. No
common key management solution exists in current implementations. common key management solution exists in current implementations.
This document describes a protocol that can be used to configure This document describes a protocol that can be used to configure
public keys in an implementation-independent fashion, allowing client public keys in an implementation-independent fashion, allowing client
software to take on the burden of this configuration. software to take on the burden of this configuration.
skipping to change at page 11, line 18 skipping to change at page 11, line 18
string "attribute" string "attribute"
string attribute name string attribute name
boolean compulsory boolean compulsory
The "compulsory" field indicates whether this attribute will be The "compulsory" field indicates whether this attribute will be
compulsorily applied to any added keys (irrespective of whether the compulsorily applied to any added keys (irrespective of whether the
attribute has been specified by the client) due to administrative attribute has been specified by the client) due to administrative
settings on the server. If the server does not support settings on the server. If the server does not support
administrative settings of this nature, it MUST return false in the administrative settings of this nature, it MUST return false in the
compulsory field. compulsory field. An example of use of the "compulsory" attribute
would be a server with a configuration file specifying that the user
is not permitted shell access. Given this, the server would return
the "shell" attribute, with "compulsory" marked true. Whatever
attributes the user subsequently asked the server to apply to their
key, the server would also apply the "shell" attribute, rendering it
impossible for the user to use a shell.
Following the last "attribute" response, a status packet MUST be Following the last "attribute" response, a status packet MUST be
sent. sent.
An implementation MAY choose not to support this request. An implementation MAY choose not to support this request.
4. Security Considerations 4. Security Considerations
This protocol assumes that it is run over a secure channel and that This protocol assumes that it is run over a secure channel and that
the endpoints of the channel have been authenticated. Thus, this the endpoints of the channel have been authenticated. Thus, this
skipping to change at page 15, line 29 skipping to change at page 15, line 29
be obtained from the IETF Secretariat. be obtained from the IETF Secretariat.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary copyrights, patents or patent applications, or other proprietary
rights which may cover technology that may be required to practice rights which may cover technology that may be required to practice
this standard. Please address the information to the IETF Executive this standard. Please address the information to the IETF Executive
Director. Director.
Full Copyright Statement Full Copyright Statement
Copyright (C) The Internet Society (2003). All Rights Reserved. Copyright (C) The Internet Society (2004). All Rights Reserved.
This document and translations of it may be copied and furnished to This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of Internet organizations, except as needed for the purpose of
skipping to change at page 16, line 7 skipping to change at page 16, line 7
The limited permissions granted above are perpetual and will not be The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assignees. revoked by the Internet Society or its successors or assignees.
This document and the information contained herein is provided on an This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement Acknowledgment
Funding for the RFC Editor function is currently provided by the Funding for the RFC Editor function is currently provided by the
Internet Society. Internet Society.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/