Re: x.509 signature clarification?

[Markus Friedl <markus.friedl%informatik.uni-erlangen.de@localhost>]

On Thu, Jul 05, 2001 at 01:09:39PM -0600, Joseph Galbraith wrote:
> For x.509 certificates using rsa keys, SSH Communications 3.0
> appears to be using PKCS #1 with MD5.  I'm not sure what they
> are doing for DSS signatures.
> 
> There appears to be two areas where the draft needs clarification:
> 
> 1. Which digest algorithm should be used?  (Given that we use
>    SHA1 for ssh-rsa keys, this would seem the natural choice.)

yes, i think there is no reason to switch back to MD5,
so this is probably an implementation bug.  Older
software from F-secure uses MD5 for "ssh-rsa", too.

> 2. What should the format of the signature be?
> 
> I'm tempted to suggest that the signature is in PKCS #7
> format, though this seems to be a bit of an overkill...

i don't see why we cannot use the current "ssh-rsa" encoding:
transfer a x509 certificate in addition to "ssh-rsa" encoded
signature?

since "x509v3-sign-rsa" is not specified in detail, it should be
dropped from the draft and replaced by something like
	"x509v5-ssh-rsa"
meaning:
	public key is transfered in "x509v3" format and
	the current "ssh-rsa" is used for encoding for signatures.

i think all the confusion is due to the fact that a single
identifier is used for specifying to encoding of
	keys, certificates and signatures.

i don't see why the current signature formats cannot
be used together with x509 certificates.

-markus