Re: I-D ACTION:draft-weber-secsh-pkalg-none-00.txt

["Joel N. Weber II" <ietf-secsh%joelweber.com@localhost>]

So, I think I've been a bit confused about the subtlies of this.
Having read the documents more carefully, my current understanding is
this:

SSH_MSG_KEXGSS_HOSTKEY has this format:

           byte      SSH_MSG_KEXGSS_HOSTKEY
           string    server public host key and certificates (K_S)

K_S has this format:

   Certificates and public keys are encoded as follows:
     
     string   certificate or public key format identifier
     byte[n]  key/certificate data

The format identifier is something like ``ssh-rsa'', which means that
a host can send a public host key in a SSH_MSG_KEXGSS_HOSTKEY and the
client will be able to figure out which host key format it got.

I do think that if SSH_MSG_KEXGSS_HOSTKEY is to be prefered over a
public key algorithm of none, it should probably be defined to also be
usable when using non-GSS key exchange with certificates that can
expire.