Re: I-D ACTION:draft-ietf-secsh-transport-18.txt

To: Scott Rankin <scottra%wrq.com@localhost>
Subject: Re: I-D ACTION:draft-ietf-secsh-transport-18.txt
From: Roumen Petrov <openssh%roumenpetrov.info@localhost>
Date: Wed, 16 Jun 2004 12:14:09 +0300

Hi Scott,

Following lines mysterious disappear afterdraft-ietf-secsh-transport-12.txt (I guess).

================================================
....
The "x509v3-sign-rsa" method indicates that the certificates, the public
key, and the resulting signature are in X.509v3 compatible DER-encoded
format. The formats used in X.509v3 is described in [RFC-2459]. This
method indicates that the key (or one of the keys in the certificate) is
an RSA-key.

The "x509v3-sign-dss". As above, but indicates that the key (or one of
the keys in the certificate) is a DSS-key.
================================================

Might ssh.com don't like other to implement X.509 certificates support ?

To write new draft for 5 lines as some people suggest (see list archive)is waste of time.

Note that their secsh implementation don't support X.509 certificates.



Scott Rankin wrote:

Sorry if this is already known. I couldn't look in the bug tracking system
as it required a username and password.

Just a couple questions.

In section 6.6 Public Key Algorithms.

x509v3-sign-rsa and x509v3-sign-dss are listed as "defined" formats. That
said, I have been unable to find where these are defined (and there is no

citation of this definition in this section).

Perhaps this is why RFC2459 (and soon to be RFC3280 per earlier mails) was

listed in the References at the end of the document?

Is it RFC3280 or RFC3279 which defines x509v3-sign-rsa and x509v3-sign-dss?

All the other public key algorithms have at least an additional sentence
below the table of formats as well. Maybe that is all the document needs.

I have scoured through the mailing list archives and the ietf pkix working
group and secsh internet drafts and rfcs and have come up dry. Any thoughts?


This sentence,
"The key type MUST always be explicitly known (from algorithm
  negotiation or some other source)" sounds awkward to me. I think it is
the combination of MUST and always. It seems redundant.


cheers,
scott rankin

Follow-Ups:
- Re: I-D ACTION:draft-ietf-secsh-transport-18.txt
  - From: Peter Gutmann

References:
- RE: I-D ACTION:draft-ietf-secsh-transport-18.txt
  - From: Scott Rankin

Prev by Date: Re: I-D ACTION:draft-ietf-secsh-transport-18.txt
Next by Date: Re: [psg.com #460] IESG - Transport - Oakley
Previous by Thread: Re: I-D ACTION:draft-ietf-secsh-transport-18.txt
Next by Thread: Re: I-D ACTION:draft-ietf-secsh-transport-18.txt
Indexes:

Home | Main Index | Thread Index | Old Index