Re: Feedback from uri list

To: "Joseph Salowey (jsalowey)" <jsalowey%cisco.com@localhost>
Subject: Re: Feedback from uri list
From: nisse%lysator.liu.se@localhost (Niels Möller)
Date: Tue, 13 Oct 2009 15:26:39 +0200

"Joseph Salowey (jsalowey)" <jsalowey%cisco.com@localhost> writes:

> In addition to the one you raised its not
> clear that we could move to a hash other than MD5.  This is hard coded
> in RFC 4716.  While this probably isn't a problem know it could be a
> weakness in the future.  I'm pretty sure I've run into SSH
> implementations that display SHA-1 fingerprints as well.   I suppose we
> could have an encoding that was something like
> host-key-alg-hash-alg-fingerprint.

To upgrade from md5, I think the simplest way is to use a new
parameter name, like

  ssh://user%host.example.com@localhost?fingerprint-sha1=ssh-dss-xxxx...xx

or

  ssh://user%host.example.com@localhost?fingerprint-hash-of-the-day=ssh-dss-xxxx...xx

whenever there's a proper spec for non-md5 fingerprints.

/Niels

Follow-Ups:
- Re: Feedback from uri list
  - From: Steve Suehring

References:
- Feedback from uri list
  - From: Steve Suehring
- Re: Feedback from uri list
  - From: Jacob Nevins
- RE: Feedback from uri list
  - From: Joseph Salowey (jsalowey)

Prev by Date: Re: Feedback from uri list
Next by Date: Re: Feedback from uri list
Previous by Thread: RE: Feedback from uri list
Next by Thread: Re: Feedback from uri list
Indexes:

Home | Main Index | Thread Index | Old Index