Oskari Saarenmaa wrote:
Some comments on the new x509 draft based on off-list emails and discussions at IETF-64 and Connectathon: [SNIP] The signature format for "x509v3-sign" needs to be specified in more detail, specifically the OID is an US-ASCII text representation of the identifier, and the signature is encoded as specified in RFC 3279.
May be the signature format should be part of public key algorithm name.
The client shouldn't guess which signature format is supported by server
and shouldn't send blindly signed authentication request.
Other possibility is to extend 'public key authentication method' with new message[s].
May be a new response SSH_MSG_USERAUTH_X509_OK:
byte SSH_MSG_USERAUTH_X509_OK
string public key algorithm name from the request, i.e. "x509v3-sign"
string public key blob from the request
name-list signature algorithms supported by server.
In first case we should define many names without to change protocol,
but the client should send a certificate with diferent algorithm names
until server accept one or reject all. Then client can begin with next
certificate and so on and so forth.
In second case is with just one name, but require protocol changes.
:-\
May be SHA1 algorithm is sufficient. The problem with hash algorithms
exist for rsa/dss keys too.
Regards,
Roumen Petrov