Re: Last call comments for draft-ietf-secsh-publickey-subsystem-07

[Nicolas Williams <Nicolas.Williams%sun.com@localhost>]

On Wed, Sep 27, 2006 at 09:44:49PM +0200, Jon Bright wrote:
> Nicolas Williams wrote:
> >>>
> >>>(Although in fact I'd rather we avoided the term "blob" entirely, as
> >>>in publickeyfile, due to the conflict with 4253.)
> >
> >What conflict?  I see no conflict.  RFC4253 *is* the [2] reference.
> 
> Yes.  I believe Jacob's pointing out that RFC4253 is a bit vague here. 

Absolutely not.  This text in RFC4253, section 6.6 is quite clear to me:

"
   o  Key format: how is the key encoded and how are certificates
      represented.  The key blobs in this protocol MAY contain
      certificates in addition to keys.

...

   The key type MUST always be explicitly known (from algorithm
   negotiation or some other source).  It is not normally included in
   the key blob.
"

> It's not entirely clear about whether "blob" is *just* the 
> key/certificate data, or the type string as a header and then 
> key/certificate data (which for ssh-dss and ssh-rsa then includes the 
> type again, hence appearing twice on the wire).

The text quoted above is perfectly clear: the blob is just the
key/certificate data -- no type string there.

I think any change here would be detrimental to clarity.

> >If there's consensus for such a change and we're talking about something
> >not very substantive then your AD may instruct you to make it during
> >AUTH48.
> 
> Thanks for the information.  If there's a guide somewhere for first-time 
> editors, I've not yet spotted it...

http://edu.ietf.org/