Re: rsa-sha2-256/512: handling of incorrect signature encoding

To: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Subject: Re: rsa-sha2-256/512: handling of incorrect signature encoding
From: Matt Johnston <matt%ucc.asn.au@localhost>
Date: Thu, 4 Aug 2016 18:51:04 +0800

On Thu, Aug 04, 2016 at 04:04:16AM +0000, Peter Gutmann wrote:
> I was thinking of it in an opportunistic-upgrade sense, for example for PGP
> and S/MIME the mandatory algorithm is SHA-1 but if you receive a message
> signed with SHA-2 you can switch to that because the client will be able to
> process it.  So if you see ecdsa-sha2... or rsa-sha2... in the keyex then you

The pubkey signature could have come from a ssh-agent (only
supporting rsa-sha1) that's elsewhere to the SSH client.

Cheers,
Matt

References:
- rsa-sha2-256/512: handling of incorrect signature encoding
  - From: denis bider (Bitvise)
- RE: rsa-sha2-256/512: handling of incorrect signature encoding
  - From: Peter Gutmann
- Re: rsa-sha2-256/512: handling of incorrect signature encoding
  - From: denis bider (Bitvise)
- RE: rsa-sha2-256/512: handling of incorrect signature encoding
  - From: Peter Gutmann
- Re: rsa-sha2-256/512: handling of incorrect signature encoding
  - From: denis bider (Bitvise)
- RE: rsa-sha2-256/512: handling of incorrect signature encoding
  - From: Peter Gutmann
- Re: rsa-sha2-256/512: handling of incorrect signature encoding
  - From: denis bider (Bitvise)
- RE: rsa-sha2-256/512: handling of incorrect signature encoding
  - From: Peter Gutmann

Prev by Date: RE: rsa-sha2-256/512: handling of incorrect signature encoding
Next by Date: Questions about draft-ietf-curdle-ssh-ext-info-00.txt
Previous by Thread: RE: rsa-sha2-256/512: handling of incorrect signature encoding
Next by Thread: Re: rsa-sha2-256/512: handling of incorrect signature encoding
Indexes:

Home | Main Index | Thread Index | Old Index