Re: OpenSSH certified keys

[William Ahern <william%25thandClement.com@localhost>]

On Tue, Mar 16, 2010 at 03:42:53PM -0400, Jeffrey Hutzelman wrote:
> --On Wednesday, March 17, 2010 04:19:28 AM +1100 Damien Miller 
> <djm%mindrot.org@localhost> wrote:
> 
> >OpenSSH 5.4p1 introduced a novel, lightweight certificate format for
> >user and host keys. These were designed to reuse SSH wire-encoding and
> >signature primitives to minimise the additional attack surface exposed
> >pre-auth. In particular, we are not comfortable with the complexity
> >(syntactically or sematically) of X.509.
> 
> That's unfortunate, because it's what the rest of the world already has as 
> its infrastructure.  By not supporting it, you force people to choose 
> between supporting your odd, proprietary, unproven certificate format or 
> not getting to use certificates at all.  Guess which one anyone with more 
> than 5 machines is going to choose?
> 
> OpenSSH would be a lot more useful if it supported the same authentication 
> mechanisms as the rest of the world.

IMO the complexity of ASN.1 is overstated. But the fact of the matter is
that there aren't any decent--simple and small--ASN.1 C libraries (or Perl
or any other language for that matter).

There's one very good free compiler, asn1c: http://lionet.info/asn1c/

I've used it extensively for internal cluster messaging. asn1c supports
asynchronous I/O as the parsers it generates are restartable. But it's also
perhaps too heavy weight. A more useful ASN.1 compiler, IMO, would support
member arrays rather than only pointers, and generate much less code for
common types.

That said, OpenSSH already had time-tested building blocks; specifically the
SSH protocol and implemention. "[T]he serialised wire encoding of [the]
certificates is also used for storing them on disk." Of course ASN.1 would
be "too complex" for OpenSSH when minimal code needs to be written when
re-using the existing string parsers and other infrastructure.

ASN.1 will continue to sit on the sidelines in the FOSS world as long as
there's no appealing library and/or compiler to make it the easy choice for
people. Indeed, using ASN.1 in a new proprietary product or protocol is a
very good way to keep FOSS competition at bay.