Re: Feedback from uri list

[nisse%lysator.liu.se@localhost (Niels Möller)]

Jacob Nevins <jacobn+secsh%chiark.greenend.org.uk@localhost> writes:

> Convenient characters other than hyphen for delimiting/separation appear
> to be the other "unreserved" URI characters -- "." / "_" / "~". (All of
> these are valid in host key algorithm names.)

Hmm. The draft says

      fingerprint format is
      [RFC4716].  For use in a URI, the fingerprint shall use a single 
      dash "-" as a separator instead of the colon ":" as described in
      [RFC4716].

If we can't use the separator specified in RFC4716, maybe its simpler
to just drop the separator rather than replace it? I.e.,

  ssh://user;fingerprint=ssh-dss-c1b13029d7b8de6c977710d746416387%host.example.com@localhost

or

  ssh://user%host.example.com@localhost?fingerprint=ssh-dss-c1b13029d7b8de6c977710d746416387

That would eliminate the syntactic ambiguity: whatever comes after the
last dash is the actual fingerprint, and whatever comes before is the
host key algorithm. Maybe not so human-friendly, though. But it should
work fine with . as fingerprint separator too.

One could also do it like

  ssh://user%host.example.com@localhost?hostkey-alg=ssh-dss&fingerprint=c1-b1-30-29-d7-b8-de-6c-97-77-10-d7-46-41-63-87

but to support multiple fingerprints would would need to make the
ordering of parameters significant. I think it makes sense to reuse
the URI-way of separating different items, although I haven't thought
deeply about the issues.

Regardss,
/Niels