IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Feedback from uri list
--On Thursday, October 15, 2009 04:31:04 AM -0400 "denis bider (Bitvise)"
<ietf-ssh2%denisbider.com@localhost> wrote:
Everything after "fp-" and before the second dash is the hash algorithm.
This presupposes that hash algorithm names contain no dashes.
This allows more freedom for the host key algorithm than the hash. I
expect it's more likely that important use cases will require unusual
host key algorithms (e.g. certificates, eliptic curves) than that they
will require unexpected hashes.
It's not about "unusual" or "unexpected". An algorithm name is not
"unusual" because it contains dashes; in fact, every cryptographic
algorithm name defined in RFC5052 includes at least one dash, except the
"none" algorithms.
I suppose you need the "ssh-dss" or "ssh-rsa" part so that you can pick
the right algorithm(s) for host key negotiation.
No, you don't. SSH has algorithm negotiation; a client doesn't need to be
told up front what algorithms to use. However, you might want it to aid in
matching the offered host key to one of several fingerprints on hand.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+%cmu.edu@localhost>
Carnegie Mellon University - Pittsburgh, PA
Home |
Main Index |
Thread Index |
Old Index