[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Sam Hartman <hartmans@mekinok.com>] Handling ssh

>>>>> "Matthew" == Matthew Vernon <matthew@sel.cam.ac.uk> writes:

    Matthew> Are they talking to openssh upstream, DYK? Experience
    Matthew> suggests this is a non-trivial thing to do
    Matthew> successfully...

Yes.  Your experience mirrors ours; that's the main reason I propose
to have a package rather than wait.  

We do have the slight advantage that we can corner real people at
IETF, and will probably do that in March if we haven't moved any on
this.


The main concern seems to be complexity .  It seems likely that the
SSH community will fix the bugs in the existing krb5 support.  The
question is whether they will add draft-ietf-secsh-gss-keyex.  We'll
hopefully be in a better position to ask for that after the draft is
last called.
Reply to: