Feedback on draft-igoe-secsh-x509v3-01

To: ietf-ssh%NetBSD.org@localhost
Subject: Feedback on draft-igoe-secsh-x509v3-01
From: Joseph Galbraith <galb-list%vandyke.com@localhost>
Date: Mon, 29 Mar 2010 11:21:29 -0600

I just did a quick read-thru on this document and
it looks pretty good.

However, this paragraph from Section 2 was confusing:

>  o  The individual certificates in the certificate chain MUST be
>       signed using only algorithms corresponding to public key
>       algorithms supported by the peer.  The choice of signature
>       algorithm used by any given certificate is independent of the
>       signature algorithms chosen by other certificates in the chain.
>       However, verifiers SHOULD be prepared to receive certificate
>       chains that do not comply with this (in other words, using any
>       signature algorithms), and MAY verify a non-compliant chain if
>       they are able to do so.

First off I think "MUST be signed using only algorithms" conflicts
with "verifiers SHOULD be prepared" (or at least is confusing.)

And secondly, as I noted before, we really don't have a good
indication of what algorithms the peer supports.  We know
what algorithms the server has a hostkey for and what algorithms
the client is willing to accept as a hostkey.  But we don't actually
know what algorithms either side supports for publickey authentication.

I would suggest this paragraph be rewritten as something similar to
this:

o The only algorithms that can be guaranteed to be supported
  by the peer are those that were listed in
  "server_host_key_algorithms" of key exchange (See RFC 4253,
  Section 7.1, "Algorithm Negotiation").  Where possible, the
  individual certificates in the certificate chain SHOULD be
  restricted to the algorithms listed in "server_host_key_algorithms";
  however, other algorithms are permitted.

  Verifiers MUST be prepared to receive certificate chains that use
  algorithms that were not listed in "server_host_key_algorithms",
  and indeed potentially algorithms that have no ssh equivalent.
  Such chains are more likely result in a failure than a chain
  which uses only the algorithms listed in "server_host_key_algorithms"

Thanks,

Joseph

Follow-Ups:
- RE: Feedback on draft-igoe-secsh-x509v3-01
  - From: Igoe, Kevin M.

Prev by Date: Re: OpenSSH certified keys
Next by Date: RE: Feedback on draft-igoe-secsh-x509v3-01
Previous by Thread: OpenSSH certified keys
Next by Thread: RE: Feedback on draft-igoe-secsh-x509v3-01
Indexes:

Home | Main Index | Thread Index | Old Index