Re: X.509

To: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Subject: Re: X.509
From: Roumen Petrov <openssh%roumenpetrov.info@localhost>
Date: Wed, 28 Mar 2007 00:51:25 +0300

Peter Gutmann wrote:

Oskari Saarenmaa <oskari%saarenmaa.fi@localhost> writes:

I recently submitted a new individual draft for ssh x509 which backs down

>from what we specified in the latest WG draft, and just specifies how we use

certificates in our implementations.  It's available at
http://tools.ietf.org/wg/secsh/draft-saarenmaa-ssh-x509-00.txt

Any thoughts?


Further to my previous comments, the text in the Implementation Considerations
section seems a bit misplaced.  Firstly, it's already subsumed by the "refer
to PKI standards" requirement in the Security Considerations, so it's
redundant.  Secondly, I would both hope that any implementation that doesn't
implement a verification algorithm would fail to verify the certificate that
uses it, and can't really see why this would be singled out for special
attention when there are lots of other things that also need to be checked.


It is possible simple implementation to compare public key extracted from

certificate sent with keys from its configuration and if they match toacceptconnection. As example without this self-issued(self-signed) X.509certificates

cannot be used in authentication.

Finally, to be nit-picky, you need to verify up to a trust anchor, which isn't
necessarily "all the certificates in the chain".

Yes verification should be described in RFC3280. Only the direction isopposite -

valid path (chain) start from trust anchor .

For all of the above, the appropriate solution seems to be to remove this
section, since it's already more than covered by the requirement in section 7.

Is anyone running a test SSH server that implements this authentication
mechanism?  I'd like to have something to test against...

Peter.


You can test my implementation based on openssh and diff files
on http://roumenpetrov.info/openssh/download.html .

Check the options X509KeyAlgorithm and may be KeyAllowSelfIssued.

The configuration like this:
 X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1,ssh-rsa
 X509KeyAlgorithm x509v3-sign-dss,dss-raw,ssh-dss
, should be in conformance with draft.

The configuration:
 X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1
 X509KeyAlgorithm x509v3-sign-dss,dss-raw
, should be used with ssh.com, f-secure.com (etc. ?) .

I think that ssh.com and f-secure.com will accept md5 hash (rsa basedcert.),

but not in default configuration.


The default is compatible with openssh, vandyke.com (etc. ?) .


Roumen

Follow-Ups:
- Re: X.509
  - From: Peter Gutmann

References:
- Re: X.509
  - From: Peter Gutmann

Prev by Date: Re: X.509
Next by Date: Re: X.509
Previous by Thread: Re: X.509
Next by Thread: Re: X.509
Indexes:

Home | Main Index | Thread Index | Old Index