IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: SSH keys - draft-ietf-netmod-system-mgmt
Jeffrey Hutzelman <jhutz%cmu.edu@localhost> writes:
> On Wed, 2014-04-30 at 08:49 +0200, Niels Möller wrote:
>> > However, if we also keep the leaf algorithm, we need to specify
>> > what happens if the leaf algorithm has a value that is different
>> > from the value embedded in the key blob.
>>
>> Right, eliminating this redundancy makes things simpler.
>
> It would, except you can't eliminate it.
Hmm. I think you're right. So then then the "algorithm" leaf would be
the name being used in algorithm negotiation and the like, and the "key"
leaf would be the key blob. The key blob typically starts with a string
containing the algorithm identifier, but nothing but the ssh
implementation is expected to care about that detail.
So then the right choice is 1),
: 1) Clarify that the leaf "key-data" contains:
:
: string certificate or public key format identifier
: byte[n] key/certificate data
:
: This allows for simple copy-and-paste from normal open ssh and
: rfc4716 files.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.
Home |
Main Index |
Thread Index |
Old Index