Re: Updated RSA SHA-2 draft / New draft: SSH Extension Negotiation

[denis bider <ietf-ssh3%denisbider.com@localhost>]

Oh; thanks for the clarification. We never implemented SSHv1, so I haven't been exposed to that.

The public key format used by the "rsa-sha2-XXXX" signature algorithms remains "ssh-rsa", so I think that distinction will remain, to the extent it is needed.

Jeffrey Hutzelman <jhutz%cmu.edu@localhost> , 11/8/2015 3:09 AM:

On Sun, 2015-11-08 at 02:30 +0000, denis bider wrote:
> The "ecdsa-sha2-..." algorithm names (RFC 5656) do not use the "ssh-" prefix.
>
> Neither do the new formats in RFC 6187, i.e. "x509v3-rsa2048-sha256" and "x509v3-ecdsa-sha2-...".
>
> In my opinion, the "ssh-" prefix is superfluous. The context of SSH is
> implied by where the names are used.

It's superfluous except for "ssh-rsa" and "ssh-dsa", where it serves in
various out-of-protocol contexts to distinguish between these and the
corresponding SSHv1 key types.



> The prefix would make sense if it were needed to disambiguate from
> something. However, I am not aware of any proposal for SSH to do a
> wholesale import of algorithm names from some other, SSH-unaware spec.
> Moreover, if such names were imported, then THOSE names would be
> prefixed with something, not the SSH native algorithm names.

Right, agreed.