Re: Nits in current drafts

[Ben Harris <bjh21%bjh21.me.uk@localhost>]

In article <E1D3s7u-00034y-00%medusa01.cs.auckland.ac.nz@localhost> you write:
>Ben Harris <bjh21%bjh21.me.uk@localhost> writes:
>>Does your proposed amendment allow an ssh-rsa signature to use any scheme
>>other than RSASSA-PKCS1-v1_5/SHA-1?
>
>Mu :-).  Currently the only scheme defined for ssh-rsa is RSASSA-PKCS1-
>v1_5/SHA-1, so it's "Whatever the spec says for ssh-rsa".  If ssh-rsa is at
>some point extended to allow (say) .../SHA-256 as well then it'd be
>automatically accomodated.

That's a "no" for my purposes.

>>Does your proposed amendment apply to any key format other than those defined
>>by [SSH-TRANS] (currently ssh-rsa and pgp-sign-rsa)?
>
>Well, because it no longer ties the signature format to the key/cert format,
>it allows any key format you want, but with a common (and most importantly
>well-defined and universally implemented) signature format ssh-rsa (or dsa).

That doesn't answer my question.  I'll try rephrasing:

Imagine I've got an RSA-based authentication system, with its own
certificate format, so I define a wibble-rsa%bjh21.me.uk@localhost public-key format. 
It happens that my authentication system uses its keys with RSASSA-PSS
internally.

1: Am I required to use the "ssh-rsa" signature format?
2: Am I required to use RSASSA-PKCS1-v1_5/SHA-1?

>  ssh-rsa          ssh-rsa
>  pgp-sign-rsa     pgp-sign-rsa
>  x509-sign-rsa    x509-sign-rsa
>  spki-sign-rsa    spki-sign-rsa
>  wibble-sign-rsa  wibble-sign-rsa
>
>where everything in the "Sig" column except ssh-rsa is
>underspecified/ambiguous

Why is it obviously the case that all future RSA signature formats (which I
assume to be represented by "wibble-sign-rsa") are going to be
underspecified or ambiguous?

-- 
Ben Harris