IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Updated RSA SHA-2 draft / New draft: SSH Extension Negotiation
The "ecdsa-sha2-..." algorithm names (RFC 5656) do not use the "ssh-" prefix.
Neither do the new formats in RFC 6187, i.e. "x509v3-rsa2048-sha256" and "x509v3-ecdsa-sha2-...".
In my opinion, the "ssh-" prefix is superfluous. The context of SSH is implied by where the names are used.
The prefix would make sense if it were needed to disambiguate from something. However, I am not aware of any proposal for SSH to do a wholesale import of algorithm names from some other, SSH-unaware spec. Moreover, if such names were imported, then THOSE names would be prefixed with something, not the SSH native algorithm names.
I think the use of "ssh-" prefixes for all kinds of names was a (small) mistake in the original design. I think we can safely migrate away from it.
Therefore, I have specified no "ssh-" prefix for these algorithms.
Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost> , 11/8/2015 2:23 AM:
denis bider <ietf-ssh3%denisbider.com@localhost> writes:
>(1) I have uploaded a new version of the RSA SHA-2 draft:
>
>https://tools.ietf.org/html/draft-rsa-dsa-sha2-256-02
Has anyone else implemented this? I've dropped in some quick partial support
for it, and I can't see why it wouldn't work transparently to replace the
existing form, but being able to test against someone else would be good.
Hmm, just saw an issue, I used "ssh-rsa-sha2..." instead of rsa-..., should
the new names also have the "ssh-" prefix to match existing usage? As I see
it the name has to identify the format used, "ssh-", and the signature
algorithm, "rsa-sha...", having just the latter makes it difficult to specify
other signature formats.
Peter.
Home |
Main Index |
Thread Index |
Old Index