Re: Last Call: <draft-os-ietf-sshfp-ecdsa-sha2-04.txt> (Use of SHA-256 Algorithm with RSA, DSA and ECDSA in SSHFP Resource Records) to Proposed Standard
Scott Schmit <i.grok@comcast.net> Wed, 07 December 2011 06:07 UTC
Return-Path: <i.grok@comcast.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B75AA11E809F for <ietf@ietfa.amsl.com>; Tue, 6 Dec 2011 22:07:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.901
X-Spam-Level:
X-Spam-Status: No, score=-101.901 tagged_above=-999 required=5 tests=[AWL=-0.698, BAYES_00=-2.599, USER_IN_WHITELIST=-100, WEIRD_QUOTING=1.396]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 706jjmntzcJ7 for <ietf@ietfa.amsl.com>; Tue, 6 Dec 2011 22:07:25 -0800 (PST)
Received: from qmta13.emeryville.ca.mail.comcast.net (qmta13.emeryville.ca.mail.comcast.net [76.96.27.243]) by ietfa.amsl.com (Postfix) with ESMTP id C7E9011E808B for <ietf@ietf.org>; Tue, 6 Dec 2011 22:07:25 -0800 (PST)
Received: from omta16.emeryville.ca.mail.comcast.net ([76.96.30.72]) by qmta13.emeryville.ca.mail.comcast.net with comcast id 666D1i0021ZMdJ4AD67K1m; Wed, 07 Dec 2011 06:07:19 +0000
Received: from odin.ulthar.us ([68.33.77.0]) by omta16.emeryville.ca.mail.comcast.net with comcast id 65wW1i00k00PQ6U8c5wXSL; Wed, 07 Dec 2011 05:56:32 +0000
Received: from odin.ulthar.us (localhost [127.0.0.1]) by odin.ulthar.us (8.14.5/8.14.3) with ESMTP id pB767N2w028500 for <ietf@ietf.org>; Wed, 7 Dec 2011 01:07:23 -0500
Received: (from draco@localhost) by odin.ulthar.us (8.14.5/8.14.5/Submit) id pB767NxN028498 for ietf@ietf.org; Wed, 7 Dec 2011 01:07:23 -0500
Date: Wed, 07 Dec 2011 01:07:23 -0500
From: Scott Schmit <i.grok@comcast.net>
To: ietf@ietf.org
Subject: Re: Last Call: <draft-os-ietf-sshfp-ecdsa-sha2-04.txt> (Use of SHA-256 Algorithm with RSA, DSA and ECDSA in SSHFP Resource Records) to Proposed Standard
Message-ID: <20111207060723.GC2104@odin.ulthar.us>
Mail-Followup-To: ietf@ietf.org
References: <20111206145241.12918.3376.idtracker@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha1"; boundary="/Uq4LBwYP4y1W6pO"
Content-Disposition: inline
In-Reply-To: <20111206145241.12918.3376.idtracker@ietfa.amsl.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Dec 2011 06:07:26 -0000
On Tue, Dec 06, 2011 at 06:52:41AM -0800, the IESG wrote:
> The IESG has received a request from an individual submitter to consider
> the following document:
> - 'Use of SHA-256 Algorithm with RSA, DSA and ECDSA in SSHFP Resource
> Records'
> <draft-os-ietf-sshfp-ecdsa-sha2-04.txt> as a Proposed Standard
In section 5, the TOC is as follows:
5. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
5.1. RSA public key . . . . . . . . . . . . . . . . . . . . . . 5
5.1.1. RSA public key with SHA1 fingerprint . . . . . . . . . 5
5.1.2. RSA public key with SHA256 fingerprint . . . . . . . . 5
5.2. DSA public key . . . . . . . . . . . . . . . . . . . . . . 6
5.2.1. DSA public key with SHA1 fingerprint . . . . . . . . . 6
5.2.2. DSA public key with SHA256 fingerprint . . . . . . . . 6
5.3. ECDSA public key . . . . . . . . . . . . . . . . . . . . . 6
5.3.1. ECDSA public key with SHA256 fingerprint . . . . . . . 7
However, the key provided for each is actually the private key.
Anyone who understands RFC 4255 or even just the basics of public key
cryptography is going to know that they should be hashing the public
key, but using the private keys in the examples is just asking for
confusion.
That said, converting the example private keys to public keys and
running it against a script I wrote a while back to generate SSHFP
records (with appropriate changes to add support for SHA-256 and ECDSA),
I was able to get matching SSHFP records with no changes to the
underlying algorithm.
Nits:
There's a typo in the IACR 2007/474 reference ("Di!erential") and some
of your reference titles have double-double-quotes (""blah"").
--
Scott Schmit
- Re: Last Call: <draft-os-ietf-sshfp-ecdsa-sha2-04… Scott Schmit