Re: SSH in ECC Internet Draft

To: ietf-ssh%NetBSD.org@localhost
Subject: Re: SSH in ECC Internet Draft
From: Jon Green <jgreen%certicom.com@localhost>
Date: Tue, 10 Oct 2006 13:52:03 -0400

On Tue, 2006-10-10 at 12:06 -0500, Nicolas Williams wrote:
> > The first problem with putting OIDs in name-lists is that the one of the
> > octets in the OID octet string may be 0x2C (ascii comma) which delimits
> > the list, so the OIDs will have to be encoded somehow before being put
> > into a standard namelist, or there has to be a new type of list
> > defined. 
> 
> You mistunderstand SSHv2 list/array encoding.

I'm sorry if I misunderstand, could you please elaborate on your plans
to encode OIDs within SSHv2 namelists? I am more then happy to throw out
the 'curves' construct if its redundant and a name-list can be used.

I feel as if ASN.1 has to have some part in this design, but if there is
a SSH specific way of sending lists that can be used, then i fully
support using that in order reduce the amount of ASN.1 that has to be
used.

I just re-read RFC4251 and I don't see how OIDs that can contain 0x2C
can be allowed to be put into a name-list.

>From RFC4251:
>    name-list
> 
>       A string containing a comma-separated list of names.  A name-list
>       is represented as a uint32 containing its length (number of bytes
>       that follow) followed by a comma-separated list of zero or more
>       names.  A name MUST have a non-zero length, and it MUST NOT
>       contain a comma (",").  As this is a list of names, all of the
>       elements contained are names and MUST be in US-ASCII.  Context may
>       impose additional restrictions on the names.  For example, the
>       names in a name-list may have to be a list of valid algorithm
>       identifiers (see Section 6 below), or a list of [RFC 3066] language
>       tags.  The order of the names in a name-list may or may not be
>       significant.  Again, this depends on the context in which the list
>       is used.  Terminating null characters MUST NOT be used, neither
>       for the individual names, nor for the list as a whole.
> 
>        Examples:
> 
>        value                      representation (hex)
>        -----                      --------------------
>        (), the empty name-list    00 00 00 00
>        ("zlib")                   00 00 00 04 7a 6c 69 62
>        ("zlib,none")              00 00 00 09 7a 6c 69 62 2c 6e 6f 6e 65
> 

The definition of a namelist itself states that an entity in the
namelist cannot contain 0x2C or 0x00. All of the SEC curve OIDs do
contain a 0x00, and it is possible other OIDs contain 0x2C. 

Cheers,
Jon Green

References:
- SSH in ECC Internet Draft
  - From: Jon Green
- Re: SSH in ECC Internet Draft
  - From: Markus Friedl
- Re: SSH in ECC Internet Draft
  - From: Sam Hartman
- Re: SSH in ECC Internet Draft
  - From: Damien Miller
- Re: SSH in ECC Internet Draft
  - From: Nicolas Williams
- Re: SSH in ECC Internet Draft
  - From: Jon Green
- Re: SSH in ECC Internet Draft
  - From: Nicolas Williams

Prev by Date: Re: SSH in ECC Internet Draft
Next by Date: Re: SSH in ECC Internet Draft
Previous by Thread: Re: SSH in ECC Internet Draft
Next by Thread: Re: SSH in ECC Internet Draft
Indexes:

Home | Main Index | Thread Index | Old Index