Re: [OPSAWG] I-D Action: draft-vishwakarma-opsawg-ssh-cert-radius-02.txt
On Dec 31, 2021, at 11:34 AM, tom petch wrote: > > With one Normative Reference for RADIUS, one Normative Reference for TLS, one > Normative Reference for EAP and two for SSH, I wonder which WG is best > equipped to review this; curdle? Previous discussion from November 2020: https://www.mail-archive.com/search?q=ssh-cert=opsawg%40ietf.org On a quick scan, it looks like many of the issues raised for the -00 version aren't addressed in the -02 version. This proposal is really "EAP over SSH", and is not strictly tied to certificates. We also have an existing spec, and code, to do pretty much this: https://datatracker.ietf.org/doc/html/rfc7055 and https://moonshot-wiki.atlassian.net/wiki/spaces/HOME/overview?mode=global Alan DeKok. ___ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
[OPSAWG] Fw: I-D Action: draft-vishwakarma-opsawg-ssh-cert-radius-02.txt
From: I-D-Announce on behalf of internet-dra...@ietf.org Sent: 28 December 2021 19:20 With one Normative Reference for RADIUS, one Normative Reference for TLS, one Normative Reference for EAP and two for SSH, I wonder which WG is best equipped to review this; curdle? Tom Petch A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : RADIUS Extension for Certificate-based SSH Authentication Authors : Devendra Vishwakarma Prakash Suthar Vivek Agarwal Anil Jangam Filename: draft-vishwakarma-opsawg-ssh-cert-radius-02.txt Pages : 16 Date: 2021-12-28 Abstract: A scalable and centralized mechanism is required for a certificate- based administrative access to multitude of virtualized and physical network functions. While there are mechanisms that exist today to provide secure administrative command-line and API-based access, there are certain management and maintenance overheads as well as certain scalability challenges related to it. In this draft we discuss these challenges and propose a standardized, centralized server-based mechanism to authenticate a user over an SSH session using its client certificate. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-vishwakarma-opsawg-ssh-cert-radius/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-vishwakarma-opsawg-ssh-cert-radius-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-vishwakarma-opsawg-ssh-cert-radius-02 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ I-D-Announce mailing list i-d-annou...@ietf.org https://www.ietf.org/mailman/listinfo/i-d-announce Internet-Draft directories: http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt ___ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg