RE: Feedback on draft-ssh-ext-info-00

To: denis bider <ietf-ssh3%denisbider.com@localhost>, Markus Friedl <mfriedl%gmail.com@localhost>, Damien Miller <djm%mindrot.org@localhost>
Subject: RE: Feedback on draft-ssh-ext-info-00
From: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Date: Fri, 4 Dec 2015 03:24:31 +0000

denis bider <ietf-ssh3%denisbider.com@localhost> writes:

>Presence of "rsa-sha2-256" as a host key signature algorithm cannot reliably
>serve as an indicator for user authentication, because it requires the server
>to actually have an RSA host key.

Ah, OK, I'd missed that.  Maybe the -sha2 draft could point this out, I saw
section 3 but didn't connect it with the issues of identifying algorithms,
since my code does all of them so will just accept something like an ECDSA
server sig combined with an RSA client sig.

>The server might only have an ECDSA host key; but may still accept and prefer
>"rsa-sha2-256" signatures for client authentication.

Hmm, which leads to a follow-on question, is this actually going to be an
issue?  Are there going to be implementations out there that support signature
algorithm A in one case but only signature algorithm B in another?

Peter.

References:
- Re: Feedback on draft-ssh-ext-info-00
  - From: denis bider

Prev by Date: Re: Feedback on draft-ssh-ext-info-00
Next by Date: Re: SSH v3?
Previous by Thread: Re: Feedback on draft-ssh-ext-info-00
Next by Thread: Re: Feedback on draft-ssh-ext-info-00
Indexes:

Home | Main Index | Thread Index | Old Index