Re: SSH_MSG_KEXGSS_HOSTKEY (was: Re: I-D ACTION:draft-weber-secsh-pkalg-none-00.txt)

[Nicolas Williams <Nicolas.Williams%sun.com@localhost>]

On Thu, Jul 17, 2003 at 04:10:56PM +0200, Jeffrey Hutzelman wrote:
> Of course, this only helps when you are transporting a single host key of
> the type selected during algorithm negotiation.  Fortunately, that is all
> that gsskeyex currently does.  However, it doesn't help if what you want
> to do is transport multiple host keys, or use keyex with one algorithm to
> transport a key belonging to a second algorithm.
> 
> To address those issues, I would like to propose a protocol extension in
> the form of a new host key algorithm, which could be called something like
> 'multi'.  The key format for this algorithm would consist of a list of one
> or more { algorithm, key-data } tuples, and the format and semantics of
> signatures would be identical to those for the first tuple in the list.
> I haven't yet worked out all the details of how the algorithm negotiation
> would work, but I think it's doable.

How about a global request that a client send (after kex) to the server
to list the server's public host keys?

Nico
--