IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: I-D ACTION:draft-ietf-secsh-publickeyfile-08.txt



In article <200504041952.PAA19908%ietf.org@localhost> you write:
>	Title		: SSH Public Key File Format
>	Author(s)	: J. Galbraith, R. Thayer
>	Filename	: draft-ietf-secsh-publickeyfile-08.txt
>	Pages		: 14
>	Date		: 2005-4-4

One semantic problem:  Both sections 3.4 and 4 refer to a "public key blob". 
This term isn't clearly defined by [SSH-TRANS], and in particular it's
hinted there that it doesn't include the name of the key type:

   The key type MUST always be explicitly known (from algorithm
   negotiation or some other source).  It is not normally included in
   the key blob.

It would appear from the first example given that publickeyfile expects the
"public key blob" to include the key type name, though, since it begins with
the string "ssh-rsa".  I'd suggest removing the word "blob" wherever it
occurs, since it appears that "public key" in [SSH-TRANS] includes the key
type string.

I echo der Mouse's suggestion that an example of a key and its corresponding
fingerprint would be useful.  I'd suggest putting the examples in a section
of their own after the definition of fingerprints, and including the
fingerprint of each key.

It might be polite to acknowledge Markus Friedl, who wrote the previous
fingerprint drafts.

Simple nits, presented as a diff as usual:

--- draft-ietf-secsh-publickeyfile-08.txt       Mon Apr  4 17:47:10 2005
+++ draft-ietf-secsh-publickeyfile-bjh.txt      Tue Apr  5 14:23:53 2005
@@ -283 +283 @@
-   first line of the base 64 encoded body (See Section 3.4.)
+   first line of the base64-encoded body (See Section 3.4.)
@@ -308 +308 @@
-   existing implementations fail if these quotation marks are omitted
+   existing implementations fail if these quotation marks are omitted.
@@ -327,2 +327,2 @@
-   described in [I-D.ietf-secsh-transport], section 4.6, "Public Key
-   Algorithms", encoded in base 64 as specified in [RFC2045], section
+   described in [I-D.ietf-secsh-transport], section 6.6, "Public Key
+   Algorithms", encoded in base64 as specified in [RFC2045], section
@@ -357 +357 @@
-   (note that the examples all wrap before 72 lines to meet ietf
+   (note that the examples all wrap before 72 columns to meet IETF
@@ -454 +454,2 @@
-   difficult for a human to verify an entire host key.  Even with a PKI
+   difficult for a human to verify an entire host key.  Even with a
+   public key infrastructure
@@ -566 +567 @@
-   stored in such files.  Given the potential of an adversarial
+   stored in such files.  Given the potential for an adversary's
@@ -571 +572 @@
-   trusted channel.
+   secure channel.
@@ -585 +586 @@
-   solely one it's 2nd-preimage resistance, not on it's
+   solely on its 2nd-preimage resistance, not on its

-- 
Ben Harris



Home | Main Index | Thread Index | Old Index