IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: x509



> > > i don't see why we cannot use the current "ssh-rsa" encoding:
> > > transfer a x509 certificate in addition to "ssh-rsa" encoded
> > > signature?
> > >
> > > since "x509v3-sign-rsa" is not specified in detail, it should be
> > > dropped from the draft and replaced by something like
> > > "x509v5-ssh-rsa"
> > > meaning:
> > > public key is transfered in "x509v3" format and
> > > the current "ssh-rsa" is used for encoding for signatures.
> 
> I like the idea of removing the underspecified Public Key Algorithms and
> replacing them with equivalents based on the current ssh-rsa and ssh-dss
> methods.
> 
> e.g.
> 
> string "ssh-rsa-x509v3"
> mpint e
> mpint n
> string der_encoded_certificate

I don't like this at all.  Whereas before, I could
just pass the certificate data to some library
that did certificates, now I have to understand
x.509 enough to dig out the public key.

Also, as Niels pointed out, one must also
now enforce that e,n encoded via SSH match
e,n encoded in the certificate.

I have more work to do, and the specification
has more opportunity for an implementation
to have a bug that seriously impacts security.
I'd prefer we didn't do this.

- Joseph




Home | Main Index | Thread Index | Old Index