Re: SSH keys - draft-ietf-netmod-system-mgmt

To: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>
Subject: Re: SSH keys - draft-ietf-netmod-system-mgmt
From: Juergen Schoenwaelder <j.schoenwaelder%jacobs-university.de@localhost>
Date: Wed, 30 Apr 2014 19:50:31 +0200

On Wed, Apr 30, 2014 at 12:32:50PM -0400, Jeffrey Hutzelman wrote:
> On Wed, 2014-04-30 at 08:49 +0200, Niels Möller wrote:
> > >     However, if we also keep the leaf algorithm, we need to specify
> > >     what happens if the leaf algorithm has a value that is different
> > >     from the value embedded in the key blob.
> > 
> > Right, eliminating this redundancy makes things simpler.
> 
> It would, except you can't eliminate it.  The second copy of the
> algorithm name is part of the key data format for _certain public key
> algorithms_, but not necessarily for all of them.
> 

Hm. Are you saying RFC 4716 is broken or only applicable to certain
subset of public key algorithms? In which case would the public key
not follow [RFC4253], Section 6.6:

         string    certificate or public key format identifier
         byte[n]   key/certificate data

I am just trying to understand this.

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>

Follow-Ups:
- Re: SSH keys - draft-ietf-netmod-system-mgmt
  - From: Jeffrey Hutzelman

References:
- SSH keys - draft-ietf-netmod-system-mgmt
  - From: Martin Bjorklund
- Re: SSH keys - draft-ietf-netmod-system-mgmt
  - From: Niels Möller
- Re: SSH keys - draft-ietf-netmod-system-mgmt
  - From: Jeffrey Hutzelman

Prev by Date: Re: SSH keys - draft-ietf-netmod-system-mgmt
Next by Date: Re: SSH keys - draft-ietf-netmod-system-mgmt
Previous by Thread: Re: SSH keys - draft-ietf-netmod-system-mgmt
Next by Thread: Re: SSH keys - draft-ietf-netmod-system-mgmt
Indexes:

Home | Main Index | Thread Index | Old Index