IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: x509
nisse%lysator.liu.se@localhost (Niels Möller) writes:
> > string "ssh-rsa-x509v3"
> > mpint e
> > mpint n
> > string der_encoded_certificate
> >
> > This scales nicely to the other certificate (SPKI, OpenPGP) methods.
>
> This has one big advantage: The ssh(d) program can verify the
> signature, and delegate processing of the certificates to an external
> program or library, which doesn't need to know the SSH protocol data
> that was signed.
But on second thought, this beautiful separation of SSH things from
x.509 things doesn't quite work. Somebody *has* to check that the e
and n above equals the key that is somewhere inside the ASN.1
certificate chain, otherwise, the certificate checking has a hole you
can drive a 20 ton truck right through.
So now I think it's best to *not* duplicate crucial security
information like this. If we do, I'm sure some implementation will
forget to check that the information is consistent.
Regards,
/Niels
Home |
Main Index |
Thread Index |
Old Index