RE: SSH key algorithm updates

[Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>]

Max Horn <postbox%quendi.de@localhost> writes:

>That's what I've been doing for multiple entries in my list already; but it
>has limitation, e.g. if the binaries are wrapped in an installer, which
>contains only a compressed version of the actual executable. 

There are a bunch of universal extractors that will bypass the need to
install, google "windows installer unpacker", so you don't need to install
random binaries on your system.

>It also can lead to inaccurate results, and does not reveal which methods are
>enabled/disabled by default, etc.

Yeah, that's a good point.  OTOH you then need to do test runs on the app to
try and probe what's present and what isn't.  It depends on how much time you
want to sink into it :-).

>Yes, I was (and am) having precisely the same concern. But now I am wondering
>whether I should just omit the "none" entry completely. After all, it either
>leaves an incorrect bad impression (if people read it as meaning that a
>server supports "non-as-auth" by default), and otherwise is useless, as it
>doesn't tell you whether it actually means it works as "none-as-query".

That sounds like a good idea.  You more or less have to support none-as-query
in order to be able to communicate with some clients, so in theory every
implementation would have to have support for "none".  OTOH I would imagine
few implementations allow you in without authentication, so few would suport
the other "none".

Oh, and you'll need to add columns for the SHA-2 forms of signatures soon :-).

Peter.