diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2016-05-03 10:27:59 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2016-05-03 20:29:14 +1000 |
| commit | fa58208c6502dcce3e0daac0ca991ee657daf1f5 (patch) | |
| tree | 66b51d6b3cf78e0baffda5a820e68adb1f1eac8a /PROTOCOL.certkeys | |
| parent | b466f956c32cbaff4200bfcd5db6739fe4bc7d04 (diff) | |
upstream commit
correct some typos and remove a long-stale XXX note.
add specification for ed25519 certificates
mention no host certificate options/extensions are currently defined
pointed out by Simon Tatham
Upstream-ID: 7b535ab7dba3340b7d8210ede6791fdaefdf839a
Diffstat (limited to 'PROTOCOL.certkeys')
| -rw-r--r-- | PROTOCOL.certkeys | 42 |
1 files changed, 32 insertions, 10 deletions
diff --git a/PROTOCOL.certkeys b/PROTOCOL.certkeys index c98591093..aa6f5ae4c 100644 --- a/PROTOCOL.certkeys +++ b/PROTOCOL.certkeys | |||
| @@ -100,9 +100,9 @@ DSA certificate | |||
| 100 | 100 | ||
| 101 | ECDSA certificate | 101 | ECDSA certificate |
| 102 | 102 | ||
| 103 | string "ecdsa-sha2-nistp256@openssh.com" | | 103 | string "ecdsa-sha2-nistp256-v01@openssh.com" | |
| 104 | "ecdsa-sha2-nistp384@openssh.com" | | 104 | "ecdsa-sha2-nistp384-v01@openssh.com" | |
| 105 | "ecdsa-sha2-nistp521@openssh.com" | 105 | "ecdsa-sha2-nistp521-v01@openssh.com" |
| 106 | string nonce | 106 | string nonce |
| 107 | string curve | 107 | string curve |
| 108 | string public_key | 108 | string public_key |
| @@ -118,6 +118,23 @@ ECDSA certificate | |||
| 118 | string signature key | 118 | string signature key |
| 119 | string signature | 119 | string signature |
| 120 | 120 | ||
| 121 | ED25519 certificate | ||
| 122 | |||
| 123 | string "ssh-ed25519-cert-v01@openssh.com" | ||
| 124 | string nonce | ||
| 125 | string pk | ||
| 126 | uint64 serial | ||
| 127 | uint32 type | ||
| 128 | string key id | ||
| 129 | string valid principals | ||
| 130 | uint64 valid after | ||
| 131 | uint64 valid before | ||
| 132 | string critical options | ||
| 133 | string extensions | ||
| 134 | string reserved | ||
| 135 | string signature key | ||
| 136 | string signature | ||
| 137 | |||
| 121 | The nonce field is a CA-provided random bitstring of arbitrary length | 138 | The nonce field is a CA-provided random bitstring of arbitrary length |
| 122 | (but typically 16 or 32 bytes) included to make attacks that depend on | 139 | (but typically 16 or 32 bytes) included to make attacks that depend on |
| 123 | inducing collisions in the signature hash infeasible. | 140 | inducing collisions in the signature hash infeasible. |
| @@ -129,6 +146,9 @@ p, q, g, y are the DSA parameters as described in FIPS-186-2. | |||
| 129 | curve and public key are respectively the ECDSA "[identifier]" and "Q" | 146 | curve and public key are respectively the ECDSA "[identifier]" and "Q" |
| 130 | defined in section 3.1 of RFC5656. | 147 | defined in section 3.1 of RFC5656. |
| 131 | 148 | ||
| 149 | pk is the encoded Ed25519 public key as defined by | ||
| 150 | draft-josefsson-eddsa-ed25519-03. | ||
| 151 | |||
| 132 | serial is an optional certificate serial number set by the CA to | 152 | serial is an optional certificate serial number set by the CA to |
| 133 | provide an abbreviated way to refer to certificates from that CA. | 153 | provide an abbreviated way to refer to certificates from that CA. |
| 134 | If a CA does not wish to number its certificates it must set this | 154 | If a CA does not wish to number its certificates it must set this |
| @@ -146,7 +166,7 @@ strings packed inside it. These principals list the names for which this | |||
| 146 | certificate is valid; hostnames for SSH_CERT_TYPE_HOST certificates and | 166 | certificate is valid; hostnames for SSH_CERT_TYPE_HOST certificates and |
| 147 | usernames for SSH_CERT_TYPE_USER certificates. As a special case, a | 167 | usernames for SSH_CERT_TYPE_USER certificates. As a special case, a |
| 148 | zero-length "valid principals" field means the certificate is valid for | 168 | zero-length "valid principals" field means the certificate is valid for |
| 149 | any principal of the specified type. XXX DNS wildcards? | 169 | any principal of the specified type. |
| 150 | 170 | ||
| 151 | "valid after" and "valid before" specify a validity period for the | 171 | "valid after" and "valid before" specify a validity period for the |
| 152 | certificate. Each represents a time in seconds since 1970-01-01 | 172 | certificate. Each represents a time in seconds since 1970-01-01 |
| @@ -183,7 +203,7 @@ signature is computed over all preceding fields from the initial string | |||
| 183 | up to, and including the signature key. Signatures are computed and | 203 | up to, and including the signature key. Signatures are computed and |
| 184 | encoded according to the rules defined for the CA's public key algorithm | 204 | encoded according to the rules defined for the CA's public key algorithm |
| 185 | (RFC4253 section 6.6 for ssh-rsa and ssh-dss, RFC5656 for the ECDSA | 205 | (RFC4253 section 6.6 for ssh-rsa and ssh-dss, RFC5656 for the ECDSA |
| 186 | types). | 206 | types), and draft-josefsson-eddsa-ed25519-03 for Ed25519. |
| 187 | 207 | ||
| 188 | Critical options | 208 | Critical options |
| 189 | ---------------- | 209 | ---------------- |
| @@ -203,8 +223,9 @@ option-specific information (see below). All options are | |||
| 203 | "critical", if an implementation does not recognise a option | 223 | "critical", if an implementation does not recognise a option |
| 204 | then the validating party should refuse to accept the certificate. | 224 | then the validating party should refuse to accept the certificate. |
| 205 | 225 | ||
| 206 | The supported options and the contents and structure of their | 226 | No critical options are defined for host certificates at present. The |
| 207 | data fields are: | 227 | supported user certificate options and the contents and structure of |
| 228 | their data fields are: | ||
| 208 | 229 | ||
| 209 | Name Format Description | 230 | Name Format Description |
| 210 | ----------------------------------------------------------------------------- | 231 | ----------------------------------------------------------------------------- |
| @@ -233,8 +254,9 @@ as is the requirement that each name appear only once. | |||
| 233 | If an implementation does not recognise an extension, then it should | 254 | If an implementation does not recognise an extension, then it should |
| 234 | ignore it. | 255 | ignore it. |
| 235 | 256 | ||
| 236 | The supported extensions and the contents and structure of their data | 257 | No extensions are defined for host certificates at present. The |
| 237 | fields are: | 258 | supported user certificate extensions and the contents and structure of |
| 259 | their data fields are: | ||
| 238 | 260 | ||
| 239 | Name Format Description | 261 | Name Format Description |
| 240 | ----------------------------------------------------------------------------- | 262 | ----------------------------------------------------------------------------- |
| @@ -262,4 +284,4 @@ permit-user-rc empty Flag indicating that execution of | |||
| 262 | of this script will not be permitted if | 284 | of this script will not be permitted if |
| 263 | this option is not present. | 285 | this option is not present. |
| 264 | 286 | ||
| 265 | $OpenBSD: PROTOCOL.certkeys,v 1.9 2012/03/28 07:23:22 djm Exp $ | 287 | $OpenBSD: PROTOCOL.certkeys,v 1.10 2016/05/03 10:27:59 djm Exp $ |