Re: x509

[Markus Friedl <markus%openbsd.org@localhost>]

On Wed, Jan 30, 2002 at 04:59:51PM -0700, Joseph Galbraith wrote:
> If they don't do the hashing operation, and we don't think
> we need to provide that kind of flexibility, we can probably
> get away without PKCS 7, and do something like what Markus is
> proposing in this email:
> 
> > i don't see why we cannot use the current "ssh-rsa" encoding:
> > transfer a x509 certificate in addition to "ssh-rsa" encoded
> > signature?

In the initial keyexchange both parties agree on the used host-key
encoding and on supported signature encodings.  So If both parties
agree on "x509v3-sign-rsa" for the public key encoding, you cannot
assume that the peer can decode a "ssh-rsa" type signature.  So the
"name" from the public key and the "name" of the signature encoding
must always match.  This means you cannot mix a  "x509v3-sign-rsa" host
key cert and a "ssh-rsa" signature.

But there still seems to be an open issue:

   The "x509v3-sign-rsa" method indicates that the certificates, the
   public key, and the resulting signature are in X.509v3 compatible
   DER-encoded format.  The formats used in X.509v3 is described in
   [RFC2459].  This method indicates that the key (or one of the keys in
   the certificate) is an RSA-key.

Does this mean the signature will look like a

     string    "ssh-rsa"
     string    rsa_signature_blob

but with a different name tag instead?

     string    "x509v3-sign-rsa"
     string    rsa_signature_blob

Do they differ otherwise?

-m