IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: DISCUSS comments on publickeyfile-09



   The examples in section 3.6 do not seem to match the key blob
   description in [I-D.ietf-secsh-transport], section 6.6, which says:
   >
   > The key type MUST always be explicitly known (from algorithm
   > negotiation or some other source).  It is not normally included in
   > the key blob.

Argh....

This statement in the transport draft is wrong!
(Unless I'm somehow not understanding what
it means.)

"ssh-dss" and "ssh-rsa" keys (the only keys actually
specified by the transport, both specify the key
type in the key blob.

As in (from 6.6 in transport)

  The "ssh-dss" key format has the following specific encoding:

      string    "ssh-dss"
      mpint     p
      mpint     q
      mpint     g
      mpint     y

Or (again 6.6):

   The "ssh-rsa" key format has the following specific encoding:

      string    "ssh-rsa"
      mpint     e
      mpint     n


   But in this context, it is needed.  This document should make this
   clear with a MUST statement.  Note that it is included in each of
   the examples.  I base64 decoded them and checked.

It is only there because the transport draft
specifies that ssh-dss and ssh-rsa key blobs have it.

The x.509 draft also specifies that it should be there
for x.509 keys.

The agent%openssh.com@localhost agent protocol requires it to be
there in order to operate correctly (though the expired
agent draft from the working group does not.)

If it is not too late, I think that paragraph should
be removed from the transport draft.  But it is probably
too late.

Thanks,

Joseph



Home | Main Index | Thread Index | Old Index