SSH v3 specs?
maf at appgate.com
maf at appgate.com
Tue Jan 7 02:25:15 EST 2003
On 5 Jan, sshdev at rednu.com wrote:
> Has any thought toward a v3 protocol spec been discussed
> elsewhere, and if so what enhancements are being looked
> at. Is it too early to consider such things, or should we
> open the door to the new features a protocol update would
> bring?
I am not aware of any such discussion and I do not see any need for it
either. The ssh protocol is quite flexible and new authentication
methods can be defined without moving to a new protocol version (IMHO a
very good thing:-).
> More specifically I have been investigating working toward
> a more enterprise-friendly hierichical authentication
> scheme, but I have quickly realized the magnitude of such
> a change. I have worked with LDAP/PAM, but there are
> parts of ssh that are not very interoperable with LDAP,
> such as pub/priv keypairs. These can be stored in a
> directory, but it is quite a kludge to do so at this
> point.
I agree that the normal pub/priv keyparts do not operate very well with
LDAP but why should they? You can always use certificates instead of the
current pub/priv keypairs, and that can work well with LDAP.
Our product, AppGate, which uses ssh also supports certificate
authentication and that without any protocol modifications whatsoever.
/MaF
--
Martin Forssen <maf at appgate.com> Development Manager
Phone: +46 31 7744361 AppGate Network Security AB
More information about the openssh-unix-dev
mailing list