IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Nits in current drafts



pgut001%cs.auckland.ac.nz@localhost (Peter Gutmann) writes:

> The only possible ambiguity I can see with the use of X.509/OpenPGP/SPKI keys
> is whether you include a single key/cert or throw in an entire WoT/cert
> chain/whatever bundle, so the text would have to be explicit in saying that
> only a single key/cert is present, not an arbitrary collection of
> stuff.

At least for spki, that doesn't make much sense. The model is that the
server uses only a flat acl list (analogous to "root cert list" for
x.509), and it's the client's responsibility to provide whatever
certificates are needed to prove that it is authorized. And the
colection shouldn't be arbitrary either, it should provide precisely
the information needed, and in the right order, for the spki machinery
to derive the authorization for the given key.

Back to signature formats, I think one reason it makes sense to use an
ssh-specific format for all signatures, is that certificate standards
tend to focus on the certificates, and about the only signatures that
are specified in detail are signatures on certificate. How a certified
key is to be used by applications is left open, since all applications
but signing other certificates are irrelevant to interoperability in
the creation and verification of the certificates.

By using ssh-rsa and ssh-dss signature formats (and also spelling out
precisely which data should be signed), we say how certified keys are
to be used in our application, ssh.

/Niels



Home | Main Index | Thread Index | Old Index