merge 5.4p1

1 files changed, 22 insertions, 15 deletions

diff --git a/PROTOCOL b/PROTOCOL
index 5aada630d..5fc31eade 100644
--- a/PROTOCOL
+++ b/PROTOCOL
@@ -6,8 +6,8 @@ filexfer protocol described in:
 
 http://www.openssh.com/txt/draft-ietf-secsh-filexfer-02.txt
 
-Features from newer versions of the draft are not supported, unless
-explicitly implemented as extensions described below.
+Newer versions of the draft will not be supported, though some features
+are individually implemented as extensions described below.
 
 The protocol used by OpenSSH's ssh-agent is described in the file
 PROTOCOL.agent
@@ -31,7 +31,14 @@ The method is documented in:
 
 http://www.openssh.com/txt/draft-miller-secsh-compression-delayed-00.txt
 
-3. connection: Channel write close extension "eow@openssh.com"
+3. transport: New public key algorithms "ssh-rsa-cert-v00@openssh.com" and
+   "ssh-dsa-cert-v00@openssh.com"
+
+OpenSSH introduces two new public key algorithms to support certificate
+authentication for users and hostkeys. These methods are documented in
+the file PROTOCOL.certkeys
+
+4. connection: Channel write close extension "eow@openssh.com"
 
 The SSH connection protocol (rfc4254) provides the SSH_MSG_CHANNEL_EOF
 message to allow an endpoint to signal its peer that it will send no
@@ -70,7 +77,7 @@ message is only sent to OpenSSH peers (identified by banner).
 Other SSH implementations may be whitelisted to receive this message
 upon request.
 
-4. connection: disallow additional sessions extension
+5. connection: disallow additional sessions extension
    "no-more-sessions@openssh.com"
 
 Most SSH connections will only ever request a single session, but a
@@ -98,7 +105,7 @@ of this message, the no-more-sessions request is only sent to OpenSSH
 servers (identified by banner). Other SSH implementations may be
 whitelisted to receive this message upon request.
 
-5. connection: Tunnel forward extension "tun@openssh.com"
+6. connection: Tunnel forward extension "tun@openssh.com"
 
 OpenSSH supports layer 2 and layer 3 tunnelling via the "tun@openssh.com"
 channel type. This channel type supports forwarding of network packets
@@ -121,10 +128,10 @@ layer 2 frames or layer 3 packets. It may take one of the following values:
         SSH_TUNMODE_ETHERNET     2              /* layer 2 frames */
 
 The "tunnel unit number" specifies the remote interface number, or may
-be zero to allow the server to automatically chose an interface. A server
-that is not willing to open a client-specified unit should refuse the
-request with a SSH_MSG_CHANNEL_OPEN_FAILURE error. On successful open,
-the server should reply with SSH_MSG_CHANNEL_OPEN_SUCCESS.
+be 0x7fffffff to allow the server to automatically chose an interface. A
+server that is not willing to open a client-specified unit should refuse
+the request with a SSH_MSG_CHANNEL_OPEN_FAILURE error. On successful
+open, the server should reply with SSH_MSG_CHANNEL_OPEN_SUCCESS.
 
 Once established the client and server may exchange packet or frames
 over the tunnel channel by encapsulating them in SSH protocol strings
@@ -151,7 +158,7 @@ It may be one of:
 The "packet data" field consists of the IPv4/IPv6 datagram itself
 without any link layer header.
 
-The contents of the "data" field for layer 3 packets is:
+The contents of the "data" field for layer 2 packets is:
 
         uint32                  packet length
         byte[packet length]     frame
@@ -159,7 +166,7 @@ The contents of the "data" field for layer 3 packets is:
 The "frame" field contains an IEEE 802.3 Ethernet frame, including
 header.
 
-6. sftp: Reversal of arguments to SSH_FXP_SYMLINK
+7. sftp: Reversal of arguments to SSH_FXP_SYMLINK
 
 When OpenSSH's sftp-server was implemented, the order of the arguments
 to the SSH_FXP_SYMLINK method was inadvertently reversed. Unfortunately,
@@ -172,7 +179,7 @@ SSH_FXP_SYMLINK as follows:
         string          targetpath
         string          linkpath
 
-7. sftp: Server extension announcement in SSH_FXP_VERSION
+8. sftp: Server extension announcement in SSH_FXP_VERSION
 
 OpenSSH's sftp-server lists the extensions it supports using the
 standard extension announcement mechanism in the SSH_FXP_VERSION server
@@ -193,7 +200,7 @@ ever changed in an incompatible way. The server MAY advertise the same
 extension with multiple versions (though this is unlikely). Clients MUST
 check the version number before attempting to use the extension.
 
-8. sftp: Extension request "posix-rename@openssh.com"
+9. sftp: Extension request "posix-rename@openssh.com"
 
 This operation provides a rename operation with POSIX semantics, which
 are different to those provided by the standard SSH_FXP_RENAME in
@@ -210,7 +217,7 @@ rename(oldpath, newpath) and will respond with a SSH_FXP_STATUS message.
 This extension is advertised in the SSH_FXP_VERSION hello with version
 "1".
 
-9. sftp: Extension requests "statvfs@openssh.com" and
+10. sftp: Extension requests "statvfs@openssh.com" and
          "fstatvfs@openssh.com"
 
 These requests correspond to the statvfs and fstatvfs POSIX system
@@ -251,4 +258,4 @@ The values of the f_flag bitmask are as follows:
 Both the "statvfs@openssh.com" and "fstatvfs@openssh.com" extensions are
 advertised in the SSH_FXP_VERSION hello with version "2".
 
-$OpenBSD: PROTOCOL,v 1.12 2009/02/14 06:35:49 djm Exp $
+$OpenBSD: PROTOCOL,v 1.15 2010/02/26 20:29:54 djm Exp $