Re: Feedback from uri list

["denis bider \(Bitvise\)" <ietf-ssh2%denisbider.com@localhost>]

> which, syntactically, is providing conflicting values to a
> single parameter.  That's whence the attempt to move the
> to the left side of the equal sign in some way.

Yes, exactly.


> It's ugly, but you could base64-encode both:

A form of base64-encoding is an option if the goal is to fully preserve 
SSH algorithm names at the expense of human readability and 
manageability.

Something like base64-encoding would also permit any kind of private 
algorithm name to be expressed.

The major drawback is that human readability and manageability of SSH 
URIs would be drastically reduced this way.

But in the vast majority of cases, the algorithms used would be 
completely standard and predictable ones which could have very practical 
names.

How about this approach:

(1) The fingerprint parameter name is of the form 
fp-<hashAlg>-<hostKeyAlg>.

(2) A few shorthand parameter names are defined for commonly used 
algorithms, so the following commonly used combinations (and possibly 
more) can be easily expressed: fp-md5-rsa, fp-md5-dss, fp-sha1-rsa, 
fp-sha1-dss.

(2) If either <hashAlg> or <hostKeyAlg> is something that doesn't have 
one of these common names, it is prefixed with '+' instead of '-', and 
represented in a version of base64 that doesn't pick any unwelcome 
characters as the extra two in the alphabet.

Examples:

 fp+bWQ1-rsa
 fp-sha1+c3NoLXJzYQ
 fp+bWQ1+c3NoLXJzYQ