IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Nits in current drafts
In article <E1D3YL4-0001C5-00%medusa01.cs.auckland.ac.nz@localhost> you write:
>Ben Harris <bjh21%bjh21.me.uk@localhost> writes:
>
>>I think this is a bad idea for the following reasons:
>
>None of those seem valid. At the moment, the only signature mechanism is ssh-
>xyz (the others are all ambiguous, so in effect they're xyz%vendorname.com@localhost
>mechanisms). Therefore if a weakness is found in the hash or signature
>algorithm, all implementations will need to be fixed anyway.
That, along with Niels Moller's reply, suggests that your interpretation of
the meaning of your suggested amendment differs from mine. Could you thus
clarify:
Does your proposed amendment allow an ssh-rsa signature to use any scheme
other than RSASSA-PKCS1-v1_5/SHA-1?
Does your proposed amendment apply to any key format other than those
defined by [SSH-TRANS] (currently ssh-rsa and pgp-sign-rsa)?
If your answers to those questions are other than "no" and "yes"
respectively, my objections are void (though I think your proposal needs to
be clearer).
--
Ben Harris
Home |
Main Index |
Thread Index |
Old Index