Re: Nits in current drafts

[pgut001%cs.auckland.ac.nz@localhost (Peter Gutmann)]

Ben Harris <bjh21%bjh21.me.uk@localhost> writes:

>I've mentioned some of these before, but all of them still apply to the set
>of drafts released on Friday.

Same here: The OpenPGP portions of section 6.6 still don't provide sufficient
information to create an interoperable implementation.  "OpenPGP compatible
binary format" for the signature could be almost anything, since OpenPGP has a
whole pile of signature components, attributes, and so on.

The easiest way to resolve this I think is to require that signatures *only*
be in "ssh-xyz format", regardless of the certificate format used (i.e. don't
tie the signature format to the key format).  I can't see any good reason for
requiring the use of complex non-SSH signature formats just because the key is
communicated using a different format, and this would also resolve the problem
with the ambiguity of the (now-deleted) X.509 format as well, since the X.509
cert format is well-defined, it's only the signature format which is
ambiguous.

So I'd propose changing the current text to:

  The signature for any DSS key (regardless of the key/certificate format
  used) is encoded as follows:

     string    "ssh-dss"
     string    dss_signature_blob

  [...]

  The signature for any RSA key (regardless of the key/certificate format
  used) is encoded as follows:

     string    "ssh-rsa"
     string    rsa_signature_blob

This finally resolves the ongoing signature format ambiguity problem, as well
as greatly reducing the complexity and implementation effort required for
parsing a pile of non-SSH signature types.

Peter.