[ssh_x509] Clarification on alignment with RFC6187

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Mon Nov 28 22:46:33 EET 2016


x509v3-sign-rsa and x509v3-sign-dss are historical algorithms, implemented
by several vendors including VanDyke Software and (I think) SSH
I don't know if these algorithms were ever formally described. There are
between those two algorithms and x509v3-ssh-dss and x509v-ssh-rsa beyond
naming convention.  I believe the signature packets are composed slightly
and x509v3-sign-rsa and x509v3-sign-dss do not include the certificate
chain while
x509v3-ssh-dss and x509v-ssh-rsa do.  There are likely other differences as

Hope that helps.


On Mon, Nov 28, 2016 at 7:10 AM, <ssh_x509 at roumenpetrov.info> wrote:

> Hi,
> I'm trying to understand how the public key algorithms stated in the
> features list: x509v3-sign-rsa and x509v3-sign-dss, match up with the
> algorithms x509v3-ssh-dss and x509v-ssh-rsa, defined in section 3.1 and 3.2
> of RFC6187. Is it just a difference in naming convention with the RFC or is
> there something else?
> Thank you,
> Peter
> _______________________________________________
> ssh_x509 mailing list
> ssh_x509 at roumenpetrov.info
> http://roumenpetrov.info/mailman/listinfo/ssh_x509_roumenpetrov.info

More information about the ssh_x509 mailing list