IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: WG Last Call (third time's the charm?) for SSH core drafts



On Mon, 4 Feb 2002, Joseph Galbraith wrote:
> I would say create a new working group document for x.509 and remove
> it from the transport draft.

I'm in favour of this too (if needed I can help editing it). In there we
can iron out the ambiguities with the format of the signature including
explicit referral to rfc2459/pkcs1 (see my earlier post on this).

However, I think that at least the generic format of signatures should be
explicitly stated in the current transport-draft(rfc) the same as the
generic format for keys/certs are.

Also, the paragraph which starts with the ("buggy") sentence: "The
certificate part may have be a zero length string,..." should be clarified
to say something like:

...
  byte[n]  key/certificate data

	The key/certificate data here is a format specific encoding of the 
        public key or certificate.
...

Apart from the sentence not beeing correct english (not that I'm the
person to write perfect english... :-) it also hints something about a
"zero length string" which is not otherwise defined (as Markus has stated
previously). Also, why public key AND certificate? A certificate is a
public key which has been signed, in which situation would it be useful to
have both? (see earlier discussion on possible implementation pitfalls
with public key AND certificate, though that might not be an issue).

Since the format of signatures has been discussed it's clearly something
not obvious from the spec. The ambiguity comes from the explicitly stated
format for public keys/certs along with the fact that the signatures for
ssh-dss/ssh-rsa are explicitly given and are "hinting" on a similar
encoding of signatures too:

On the subject of keys/certs it now says:

...
   Certificates and public keys are encoded as follows:

     string   certificate or public key format identifier
     byte[n]  key/certificate data
...

But it doesn't say anything explicitly about signatures, IMHO we should
EITHER add:

...
   Signatures are encoded as follows:

     string   signature format identifier (same as public key/cert format)
     byte[n]  signature blob in format specific encoding
...

OR explicitly write something like:

...
   Signatures are encoded in an algorithm specific format not
   necessarily including the format identifier such as:

   byte[n]  signature in format specific encoding.
...

Just to avoid the speculations about how signatures should be encoded
(apart from the discussion about the specific case of x509 on how it
should be encoded).

Cheers,

/Mats







Home | Main Index | Thread Index | Old Index