[ssh_x509] Clarification on alignment with RFC6187

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Mon Nov 28 22:46:33 EET 2016


Peter,

x509v3-sign-rsa and x509v3-sign-dss are historical algorithms, implemented
by several vendors including VanDyke Software and (I think) SSH
Communications.
I don't know if these algorithms were ever formally described. There are
differences
between those two algorithms and x509v3-ssh-dss and x509v-ssh-rsa beyond
the
naming convention.  I believe the signature packets are composed slightly
differently,
and x509v3-sign-rsa and x509v3-sign-dss do not include the certificate
chain while
x509v3-ssh-dss and x509v-ssh-rsa do.  There are likely other differences as
well.

Hope that helps.

Daniel

On Mon, Nov 28, 2016 at 7:10 AM, <ssh_x509 at roumenpetrov.info> wrote:

> Hi,
>
> I'm trying to understand how the public key algorithms stated in the
> features list: x509v3-sign-rsa and x509v3-sign-dss, match up with the
> algorithms x509v3-ssh-dss and x509v-ssh-rsa, defined in section 3.1 and 3.2
> of RFC6187. Is it just a difference in naming convention with the RFC or is
> there something else?
>
> Thank you,
>
> Peter
> _______________________________________________
> ssh_x509 mailing list
> ssh_x509 at roumenpetrov.info
> http://roumenpetrov.info/mailman/listinfo/ssh_x509_roumenpetrov.info
>



More information about the ssh_x509 mailing list