IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Updated RSA SHA-2 draft / New draft: SSH Extension Negotiation
denis bider <ietf-ssh3%denisbider.com@localhost> writes:
> The "ecdsa-sha2-..." algorithm names (RFC 5656) do not use the "ssh-" prefix.
>
> Neither do the new formats in RFC 6187, i.e. "x509v3-rsa2048-sha256"
> and "x509v3-ecdsa-sha2-...".
>
> In my opinion, the "ssh-" prefix is superfluous. The context of SSH is
> implied by where the names are used.
The "ssh-" prefix specifies the encoding to use for keys and signatures.
My understanding is that for ecdsa- and x509v3-, the encoding is
specified by appropiate other standards. While for ssh-rsa and ssh-dss,
the encoding is ssh-specific: It is specified in the ssh transport
protocol (RFC 4253), and include strings like "ssh-rsa" as part of the
encoding.
I belive the new rsa-sha2-256 algorithm name ought to also have an
"ssh-" prefix, because the format is equally ssh specific.
> I think the use of "ssh-" prefixes for all kinds of names was a
> (small) mistake in the original design.
I disagree. And even if it were a small mistake, we should strive to
keep naming consistent.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.
Home |
Main Index |
Thread Index |
Old Index