Few comments about the draft.
Frank Cusack writes:
> 1. Introduction
...
> The method name for this authentication method is "password-plus".
Is this really a password-plus? I really think the name should be
something else, like "keyboard-query-response".
> 3.1 Initial Exchange
>
> The authentication starts with the client sending the following
> packet:
>
> byte SSH_MSG_USERAUTH_REQUEST
> string username
> string service
> string "password-plus"
> int num-supported-input-types
> int input-type[0]
> ...
> int input-type[n]
I don't think we need another selector here for input-type. I think we
can just have more authnetication methods, like
"keyboard-query-response", "biometric-device" etc. There is no use to
complicate things by adding just one more way to select authentication
method, especially when they have very little common. So I would just
leave it like:
byte SSH_MSG_USERAUTH_REQUEST
string username
string service
string "keyboard-query-response"
> 3.2 Information Requests / User Interface
...
> The SSH_MSG_USERAUTH_INFO_REQUEST message is divided into a "common
> part" and an "input-type-specific part". The "common part" is
> defined as follows:
I think we can leave that input-type-specific part away, and say that
this is common part for authentication method named
"keyboard-query-response".
> byte SSH_MSG_USERAUTH_INFO_REQUEST
> int input-type
This should be
string "keyboard-query-response"
i.e the authentication method to which this is info request.
> boolean name-present
> string name (if name-present is TRUE) (ISO-10646 UTF-8)
> boolean banner-present
> string banner (if banner-present is TRUE) (ISO-10646 UTF-8)
Do we really need those boolean fields there? Why cannot we just say
that
string name (empty if not present) (ISO-10646 UTF-8)
string banner (empty if not present) (ISO-10646 UTF-8)
So that they will be empty strings (strings with length of 0), if we
do not want them.
Then the rest of the packet is just like SSH_USERAUTH_INPUT_KEYBOARD:
> int num-prompts
> string prompt[0] (ISO-10646 UTF-8)
> boolean echo[0]
> ...
> string prompt[n] (ISO-10646 UTF-8)
> boolean echo[n]
> string language tag (as defined in [RFC-1766])
...
> 3.2.2 SSH_USERAUTH_INPUT_PCSC
> Protocol details will be provided in a later version of this
> specification.
> 3.2.3 SSH_USERAUTH_INPUT_BIO
> Protocol details will be provided in a later version of this
> specification.
I dont really see any use for having this kind of sections here if
they really don't define anything. When someone describes how to use
them then they can write new draft with different authentication
method name, and define how to use them. I really dont see any point
to include them here.
For example most of the case the smartcard are using the normal public
key authentication (RSA). If there are some other kinds smartcards
that use some other authentication methods, then it is better to
separate them based on the authentication method (public key, one time
password) not based on the technology (smartcard).
> 3.3.1 SSH_USERAUTH_INPUT_KEYBOARD
> When the input type is SSH_USERAUTH_INPUT_KEYBOARD, the format of the
> SSH_MSG_USERAUTH_INFO_RESPONSE message is as follows:
> byte SSH_MSG_USERAUTH_INFO_RESPONSE
> int num responses
I think this again should be the authentication method name, not
number:
string "keyboard-query-response"
> string response[0] (ISO-10646 UTF-8)
> ...
> string response[n] (ISO-10646 UTF-8)
...
> 4. Authentication Example
>
> Here is an example exchange between a client and server:
>
> C: byte SSH_MSG_USERAUTH_REQUEST
> C: string "foo"
> C: string "ssh-connection"
> C: string "password-plus"
> C: int 1
> C: int SSH_USERAUTH_INPUT_KEYBOARD
>
> S: byte SSH_MSG_USERAUTH_INFO_REQUEST
> S: int SSH_USERAUTH_INPUT_KEYBOARD
> S: boolean TRUE
> S: string "Password Authentication"
> S: boolean TRUE
> S: string "Enter password for foo"
> S: int 1
> S: string "Password: "
> S: boolean FALSE
> S: string "en-US"
>
> [Client prompts user for password]
>
> C: byte SSH_MSG_USERAUTH_INFO_RESPONSE
> C: int 1
> C: string "bar"
>
> S: byte SSH_MSG_USERAUTH_INFO_REQUEST
> S: int SSH_USERAUTH_INPUT_KEYBOARD
> S: boolean TRUE
> S: string "Password Expired"
> S: boolean TRUE
> S: string "Your password has expired."
> S: int 2
> S: string "Enter new password: "
> S: boolean FALSE
> S: string "Enter it again: "
> S: boolean FALSE
> S: string "en-US"
>
> [Client prompts user for new password]
>
> C: byte SSH_MSG_USERAUTH_INFO_RESPONSE
> C: int 2
> C: string "baz"
> C: string "baz"
>
> S: byte SSH_MSG_USERAUTH_SUCCESS
I think this example is bad, because it can already be performed using
the basic userauth draft, it contains banners, it contains password
queries, it contains password change-request, and it even contains
advantage compared to this method, it can use users native language
when printing out most of the prompts.
--
[EMAIL PROTECTED] Work : +358-9-4354 3218
SSH Communications Security http://www.ssh.fi/
SSH IPSEC Toolkit http://www.ssh.fi/ipsec/
