Re: Feedback on draft-ssh-ext-info-00

To: Markus Friedl <mfriedl%gmail.com@localhost>
Subject: Re: Feedback on draft-ssh-ext-info-00
From: nisse%lysator.liu.se@localhost (Niels Möller)
Date: Thu, 03 Dec 2015 13:51:19 +0100

Markus Friedl <mfriedl%gmail.com@localhost> writes:

> Here is what I've implemented for OpenSSH:

Looks nice and simple to me.

The trick of adding foo-s and foo-c symbols to the kex_algorithms list
could perhaps be reused in case we need to negotiate support for aead, to
enable different rules for algorithm negotiation (including the rules
for first_kex_packet_follows).

>   This extension is sent with the following extension name and value:
>
>     string      "server-sig-algs"
>     name-list   signature-algorithms-accepted

I still question the utility of this extension. I would expect the common
case will be a large list of algorithms, and the the client needs to
send a PK_OK request for each key it has anyway.

But I don't object to it if others find it useful.

Maybe "userauth-sig-algs" or "publickey-algs" is a better name, to make
it clearer that it is related to publickey userauth.

Regards,
/Niels

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.

References:
- Re: Feedback on draft-ssh-ext-info-00
  - From: denis bider
- Re: Feedback on draft-ssh-ext-info-00
  - From: Markus Friedl
- Re: Feedback on draft-ssh-ext-info-00
  - From: Markus Friedl

Prev by Date: Re: Feedback on draft-ssh-ext-info-00
Next by Date: RE: Feedback on draft-ssh-ext-info-00
Previous by Thread: Re: Feedback on draft-ssh-ext-info-00
Next by Thread: Re: Feedback on draft-ssh-ext-info-00
Indexes:

Home | Main Index | Thread Index | Old Index