Re: Updated RSA SHA-2 draft / New draft: SSH Extension Negotiation

[denis bider <ietf-ssh3%denisbider.com@localhost>]

The "ecdsa-sha2-..." algorithm names (RFC 5656) do not use the "ssh-" prefix.

Neither do the new formats in RFC 6187, i.e. "x509v3-rsa2048-sha256" and "x509v3-ecdsa-sha2-...".

In my opinion, the "ssh-" prefix is superfluous. The context of SSH is implied by where the names are used.

The prefix would make sense if it were needed to disambiguate from something. However, I am not aware of any proposal for SSH to do a wholesale import of algorithm names from some other, SSH-unaware spec. Moreover, if such names were imported, then THOSE names would be prefixed with something, not the SSH native algorithm names.

I think the use of "ssh-" prefixes for all kinds of names was a (small) mistake in the original design. I think we can safely migrate away from it.

Therefore, I have specified no "ssh-" prefix for these algorithms.

Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost> , 11/8/2015 2:23 AM:

denis bider <ietf-ssh3%denisbider.com@localhost> writes:

>(1) I have uploaded a new version of the RSA SHA-2 draft:
>
>https://tools.ietf.org/html/draft-rsa-dsa-sha2-256-02

Has anyone else implemented this?  I've dropped in some quick partial support
for it, and I can't see why it wouldn't work transparently to replace the
existing form, but being able to test against someone else would be good.

Hmm, just saw an issue, I used "ssh-rsa-sha2..." instead of rsa-..., should
the new names also have the "ssh-" prefix to match existing usage?  As I see
it the name has to identify the format used, "ssh-", and the signature
algorithm, "rsa-sha...", having just the latter makes it difficult to specify
other signature formats.

Peter.