Re: SSH keys - draft-ietf-netmod-system-mgmt

To: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>
Subject: Re: SSH keys - draft-ietf-netmod-system-mgmt
From: nisse%lysator.liu.se@localhost (Niels Möller)
Date: Wed, 30 Apr 2014 22:06:06 +0200

Jeffrey Hutzelman <jhutz%cmu.edu@localhost> writes:

> On Wed, 2014-04-30 at 08:49 +0200, Niels Möller wrote:
>> >     However, if we also keep the leaf algorithm, we need to specify
>> >     what happens if the leaf algorithm has a value that is different
>> >     from the value embedded in the key blob.
>> 
>> Right, eliminating this redundancy makes things simpler.
>
> It would, except you can't eliminate it.

Hmm. I think you're right. So then then the "algorithm" leaf would be
the name being used in algorithm negotiation and the like, and the "key"
leaf would be the key blob. The key blob typically starts with a string
containing the algorithm identifier, but nothing but the ssh
implementation is expected to care about that detail.

So then the right choice is 1),

: 1)  Clarify that the leaf "key-data" contains:
: 
:          string    certificate or public key format identifier
:          byte[n]   key/certificate data
: 
:     This allows for simple copy-and-paste from normal open ssh and
:     rfc4716 files.

Regards,
/Niels

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.

Follow-Ups:
- Re: SSH keys - draft-ietf-netmod-system-mgmt
  - From: Martin Bjorklund

References:
- SSH keys - draft-ietf-netmod-system-mgmt
  - From: Martin Bjorklund
- Re: SSH keys - draft-ietf-netmod-system-mgmt
  - From: Niels Möller
- Re: SSH keys - draft-ietf-netmod-system-mgmt
  - From: Jeffrey Hutzelman

Prev by Date: Re: SSH keys - draft-ietf-netmod-system-mgmt
Next by Date: Re: further pushing ed25519 sshfp
Previous by Thread: Re: SSH keys - draft-ietf-netmod-system-mgmt
Next by Thread: Re: SSH keys - draft-ietf-netmod-system-mgmt
Indexes:

Home | Main Index | Thread Index | Old Index