Re: x509

To: "Andersson, Mats" <mats.andersson%appgate.com@localhost>
Subject: Re: x509
From: Markus Friedl <markus%openbsd.org@localhost>
Date: Thu, 31 Jan 2002 14:58:40 +0100

On Thu, Jan 31, 2002 at 02:39:54PM +0100, Andersson, Mats wrote:
> The transport draft refers rfc2459 which states the format for both RSA
> and DSA so what is it that is not clear in all this except for the detail
> that it doesn't say explicitly something like:
> 
>      string    "ssh-rsa"
s/rsa/dss/

>      string    dss_signature_value
> 
> dss_signature_value is the DER encoded value of the Dss-Sig-Value as
> defined in rfc2459.

the exact format for a "x509v3-sign-rsa" type signature
is not specified, i.e.:

is it
	string	"x509v3-sign-rsa"
	string	"DER-encoded format à la RFC2459"
or
	string	"x509v3-sign-rsa"
	byte[n]	"DER-encoded format à la RFC2459"

because the definition for the "x509v3-sign-rsa" type cert is:
	string	"x509v3-sign-rsa"
	byte[n]	"DER-encoded cert"
instead of a
	string	"x509v3-sign-rsa"
	string	"DER-encoded cert"

moreover, implementations supporting x509 (e.g. ssh.com)
currently send
	string	"DER-encoded cert"
without even sending the key type.

additionally, the draft says:

   The key type MUST always be explicitly known (from algorithm
   negotiation or some other source).  It is not normally included in
   the key blob.

but:
   Certificates and public keys are encoded as follows:

     string   certificate or public key format identifier
     byte[n]  key/certificate data

so, i'm confused by the draft and the implementations.

-m

Follow-Ups:
- Re: x509
  - From: Andersson, Mats

References:
- Re: x509
  - From: Markus Friedl
- Re: x509
  - From: Andersson, Mats

Prev by Date: Re: x509
Next by Date: Re: x509
Previous by Thread: Re: x509
Next by Thread: Re: x509
Indexes:

Home | Main Index | Thread Index | Old Index