Re: Feedback from uri list

To: "denis bider (Bitvise)" <ietf-ssh2%denisbider.com@localhost>, ietf-ssh%NetBSD.org@localhost
Subject: Re: Feedback from uri list
From: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>
Date: Thu, 15 Oct 2009 09:24:03 -0400

--On Thursday, October 15, 2009 04:31:04 AM -0400 "denis bider (Bitvise)"<ietf-ssh2%denisbider.com@localhost> wrote:

Everything after "fp-" and before the second dash is the hash algorithm.


This presupposes that hash algorithm names contain no dashes.

This allows more freedom for the host key algorithm than the hash. I
expect it's more likely that important use cases will require unusual
host key algorithms (e.g. certificates, eliptic curves) than that they
will require unexpected hashes.

It's not about "unusual" or "unexpected". An algorithm name is not"unusual" because it contains dashes; in fact, every cryptographicalgorithm name defined in RFC5052 includes at least one dash, except the"none" algorithms.

I suppose you need the "ssh-dss" or "ssh-rsa" part so that you can pick
the right algorithm(s) for host key negotiation.

No, you don't. SSH has algorithm negotiation; a client doesn't need to betold up front what algorithms to use. However, you might want it to aid inmatching the offered host key to one of several fingerprints on hand.


-- Jeffrey T. Hutzelman (N3NHS) <jhutz+%cmu.edu@localhost>
  Carnegie Mellon University - Pittsburgh, PA

Follow-Ups:
- Re: Feedback from uri list
  - From: denis bider (Bitvise)

References:
- Feedback from uri list
  - From: Steve Suehring
- Re: Feedback from uri list
  - From: Jacob Nevins
- Re: Feedback from uri list
  - From: Niels Möller
- Re: Feedback from uri list
  - From: denis bider (Bitvise)

Prev by Date: Re: Feedback from uri list
Next by Date: Re: Feedback from uri list
Previous by Thread: Re: Feedback from uri list
Next by Thread: Re: Feedback from uri list
Indexes:

Home | Main Index | Thread Index | Old Index