Re: I-D ACTION:draft-weber-secsh-pkalg-none-00.txt

["Joel N. Weber II" <ietf-secsh%joelweber.com@localhost>]

Thinking about this some more, SSH_MSG_KEXGSS_HOSTKEY feels like the
wrong place to solve the problem that it solves if it is even a
problem worth solving at all.  X.509 certificates can expire, OpenPGP
signatures and subkeys can expire, and OpenPGP trust values can be
changed.  If ``none'' as a public key algorithm is not an acceptable
solution, we should find a solution that also works for X.509 and
OpenPGP.  In general, if you are not using ssh-rsa or ssh-dss as your
host key, you probably want a way to do rekeying using either an
ssh-rsa or ssh-dss key, or no host key.

I don't think I see any reason why we couldn't define a
SSH_MSG_KEX_HOSTKEY which would send a host key along with which
algorithm it uses.  In particular, the transport draft says:

   An implementation MUST respond to all unrecognized messages with an
   SSH_MSG_UNIMPLEMENTED message in the order in which the messages were
   received.  Such messages MUST be otherwise ignored.  Later protocol
   versions may define other meanings for these message types.

It also appears that we could define SSH_MSG_KEXINIT2 and assume that
SSH_MSG_UNIMPLEMENTED will be sent if the client or server on the
other end doesn't recognize that message.