Re: Feedback from uri list

To: <ietf-ssh%netbsd.org@localhost>
Subject: Re: Feedback from uri list
From: "denis bider \(Bitvise\)" <ietf-ssh2%denisbider.com@localhost>
Date: Thu, 15 Oct 2009 04:31:04 -0400

Niels suggested:

> ssh://user%host.example.com@localhost?fingerprint=ssh-dss-c1b13029d7b8de6c977710d746416387

I like that proposal because I think the separator characters in the 
fingerprint (such as '-' or ':') are superfluous, unnecessary, 
redundant. :)

I suggest the following variation - wrapped for clarity:

ssh://user%host.example.com@localhost
  ?fp-md5-ssh-dss=c1b13029d7b8de6c977710d746416387
  &fp-sha1-ssh-rsa=0c112b31435062798d7b8de6c977710d746416387

Nice, short, and to the point.

Everything after "fp-" and before the second dash is the hash algorithm. 
Everything after the second dash is the host key algorithm.

This allows more freedom for the host key algorithm than the hash. I 
expect it's more likely that important use cases will require unusual 
host key algorithms (e.g. certificates, eliptic curves) than that they 
will require unexpected hashes.

I suppose you need the "ssh-dss" or "ssh-rsa" part so that you can pick 
the right algorithm(s) for host key negotiation.

denis

Follow-Ups:
- Re: Feedback from uri list
  - From: Jeffrey Hutzelman

References:
- Feedback from uri list
  - From: Steve Suehring
- Re: Feedback from uri list
  - From: Jacob Nevins
- Re: Feedback from uri list
  - From: Niels Möller

Prev by Date: Re: Feedback from uri list
Next by Date: Re: Feedback from uri list
Previous by Thread: Re: Feedback from uri list
Next by Thread: Re: Feedback from uri list
Indexes:

Home | Main Index | Thread Index | Old Index