upstream: emphasise that the hostkey rotation may send key types

that the client may not support, and that the client should simply disregard such keys (this is what ssh does already). OpenBSD-Commit-ID: 65f8ffbc32ac8d12be8f913d7c0ea55bef8622bf
author: djm@openbsd.org <djm@openbsd.org> 2018-02-19 00:55:02 +0000
committer: Damien Miller <djm@mindrot.org> 2018-02-23 13:37:32 +1100
commit: fcdb9d777839a3fa034b3bc3067ba8c1f6886679 (patch)
tree: 367b76a401822a7d60f92a4d3973803978b11d33 /PROTOCOL
parent: ce066f688dc166506c082dac41ca686066e3de5f (diff)
1 files changed, 9 insertions, 5 deletions
diff --git a/PROTOCOL b/PROTOCOL
index 4e9e87575..b1fc00691 100644
--- a/PROTOCOL
+++ b/PROTOCOL
@@ -295,10 +295,14 @@ has completed.
        string[]        hostkeys
 Upon receiving this message, a client should check which of the
-supplied host keys are present in known_hosts. For keys that are
+supplied host keys are present in known_hosts.
-not present, it should send a "hostkeys-prove@openssh.com" message
-to request the server prove ownership of the private half of the
+Note that the server may send key types that the client does not
-key.
+support. The client should disgregard such keys if they are received.
+If the client identifies any keys that are not present for the host,
+it should send a "hostkeys-prove@openssh.com" message to request the
+server prove ownership of the private half of the key.
        byte            SSH_MSG_GLOBAL_REQUEST
        string          "hostkeys-prove-00@openssh.com"
@@ -454,4 +458,4 @@ respond with a SSH_FXP_STATUS message.
 This extension is advertised in the SSH_FXP_VERSION hello with version
 "1".
-$OpenBSD: PROTOCOL,v 1.31 2017/05/26 01:40:07 djm Exp $
+$OpenBSD: PROTOCOL,v 1.32 2018/02/19 00:55:02 djm Exp $
author	djm@openbsd.org <djm@openbsd.org>	2018-02-19 00:55:02 +0000
committer	Damien Miller <djm@mindrot.org>	2018-02-23 13:37:32 +1100
commit	fcdb9d777839a3fa034b3bc3067ba8c1f6886679 (patch)
tree	367b76a401822a7d60f92a4d3973803978b11d33 /PROTOCOL
parent	ce066f688dc166506c082dac41ca686066e3de5f (diff)

diff --git a/PROTOCOL b/PROTOCOL index 4e9e87575..b1fc00691 100644 --- a/PROTOCOL +++ b/PROTOCOL
@@ -295,10 +295,14 @@ has completed.
295	string[] hostkeys	295	string[] hostkeys
296		296
297	Upon receiving this message, a client should check which of the	297	Upon receiving this message, a client should check which of the
298	supplied host keys are present in known_hosts. For keys that are	298	supplied host keys are present in known_hosts.
299	not present, it should send a "hostkeys-prove@openssh.com" message	299
300	to request the server prove ownership of the private half of the	300	Note that the server may send key types that the client does not
301	key.	301	support. The client should disgregard such keys if they are received.
		302
		303	If the client identifies any keys that are not present for the host,
		304	it should send a "hostkeys-prove@openssh.com" message to request the
		305	server prove ownership of the private half of the key.
302		306
303	byte SSH_MSG_GLOBAL_REQUEST	307	byte SSH_MSG_GLOBAL_REQUEST
304	string "hostkeys-prove-00@openssh.com"	308	string "hostkeys-prove-00@openssh.com"
@@ -454,4 +458,4 @@ respond with a SSH_FXP_STATUS message.
454	This extension is advertised in the SSH_FXP_VERSION hello with version	458	This extension is advertised in the SSH_FXP_VERSION hello with version
455	"1".	459	"1".
456		460
457	$OpenBSD: PROTOCOL,v 1.31 2017/05/26 01:40:07 djm Exp $	461	$OpenBSD: PROTOCOL,v 1.32 2018/02/19 00:55:02 djm Exp $