1 files changed, 69 insertions, 37 deletions
diff --git a/PROTOCOL.certkeys b/PROTOCOL.certkeys
index 1ed9e2064..1d1be13da 100644
--- a/PROTOCOL.certkeys
+++ b/PROTOCOL.certkeys
@@ -16,7 +16,7 @@ These protocol extensions build on the simple public key authentication
 system already in SSH to allow certificate-based authentication.
 The certificates used are not traditional X.509 certificates, with
 numerous options and complex encoding rules, but something rather
-more minimal: a key, some identity information and usage constraints
+more minimal: a key, some identity information and usage options
 that have been signed with some other trusted key.
 A sshd server may be configured to allow authentication via certified
@@ -27,7 +27,7 @@ of acceptance of certified host keys, by adding a similar ability
 to specify CA keys in ~/.ssh/known_hosts.
 Certified keys are represented using two new key types:
-ssh-rsa-cert-v00@openssh.com and ssh-dss-cert-v00@openssh.com that
+ssh-rsa-cert-v01@openssh.com and ssh-dss-cert-v01@openssh.com that
 include certification information along with the public key that is used
 to sign challenges. ssh-keygen performs the CA signing operation.
@@ -47,7 +47,7 @@ in RFC4252 section 7.
 New public key formats
 ----------------------
-The ssh-rsa-cert-v00@openssh.com and ssh-dss-cert-v00@openssh.com key
+The ssh-rsa-cert-v01@openssh.com and ssh-dss-cert-v01@openssh.com key
 types take a similar high-level format (note: data types and
 encoding are as per RFC4251 section 5). The serialised wire encoding of
 these certificates is also used for storing them on disk.
@@ -57,42 +57,55 @@ these certificates is also used for storing them on disk.
 RSA certificate
-    string    "ssh-rsa-cert-v00@openssh.com"
+    string    "ssh-rsa-cert-v01@openssh.com"
+    string    nonce
    mpint     e
    mpint     n
+    uint64    serial
    uint32    type
    string    key id
    string    valid principals
    uint64    valid after
    uint64    valid before
-    string    constraints
+    string    critical options
-    string    nonce
+    string    extensions
    string    reserved
    string    signature key
    string    signature
 DSA certificate
-    string    "ssh-dss-cert-v00@openssh.com"
+    string    "ssh-dss-cert-v01@openssh.com"
+    string    nonce
    mpint     p
    mpint     q
    mpint     g
    mpint     y
+    uint64    serial
    uint32    type
    string    key id
    string    valid principals
    uint64    valid after
    uint64    valid before
-    string    constraints
+    string    critical options
-    string    nonce
+    string    extensions
    string    reserved
    string    signature key
    string    signature
+The nonce field is a CA-provided random bitstring of arbitrary length
+(but typically 16 or 32 bytes) included to make attacks that depend on
+inducing collisions in the signature hash infeasible.
 e and n are the RSA exponent and public modulus respectively.
 p, q, g, y are the DSA parameters as described in FIPS-186-2.
+serial is an optional certificate serial number set by the CA to
+provide an abbreviated way to refer to certificates from that CA.
+If a CA does not wish to number its certificates it must set this
+field to zero.
 type specifies whether this certificate is for identification of a user
 or a host using a SSH_CERT_TYPE_... value.
@@ -112,13 +125,15 @@ certificate. Each represents a time in seconds since 1970-01-01
 00:00:00. A certificate is considered valid if:
         valid after <= current time < valid before
-constraints is a set of zero or more key constraints encoded as below.
+criticial options is a set of zero or more key options encoded as
+below. All such options are "critical" in the sense that an implementation
+must refuse to authorise a key that has an unrecognised option.
-The nonce field is a CA-provided random bitstring of arbitrary length
+extensions is a set of zero or more optional extensions. These extensions
-(but typically 16 or 32 bytes) included to make attacks that depend on
+are not critical, and an implementation that encounters one that it does
-inducing collisions in the signature hash infeasible.
+not recognise may safely ignore it.
-The reserved field is current unused and is ignored in this version of
+The reserved field is currently unused and is ignored in this version of
 the protocol.
 signature key contains the CA key used to sign the certificate.
@@ -132,22 +147,25 @@ up to, and including the signature key. Signatures are computed and
 encoded according to the rules defined for the CA's public key algorithm
 (RFC4253 section 6.6 for ssh-rsa and ssh-dss).
-Constraints
+Critical options
-----------
+----------------
-The constraints section of the certificate specifies zero or more
+The critical options section of the certificate specifies zero or more
-constraints on the certificates validity. The format of this field
+options on the certificates validity. The format of this field
 is a sequence of zero or more tuples:
    string       name
    string       data
-The name field identifies the constraint and the data field encodes
+Options must be lexically ordered by "name" if they appear in the
-constraint-specific information (see below). All constraints are
+sequence.
-"critical", if an implementation does not recognise a constraint
+The name field identifies the option and the data field encodes
+option-specific information (see below). All options are
+"critical", if an implementation does not recognise a option
 then the validating party should refuse to accept the certificate.
-The supported constraints and the contents and structure of their
+The supported options and the contents and structure of their
 data fields are:
 Name                    Format        Description
@@ -157,37 +175,51 @@ force-command           string        Specifies a command that is executed
                                      ssh command-line) whenever this key is
                                      used for authentication.
+source-address          string        Comma-separated list of source addresses
+                                      from which this certificate is accepted
+                                      for authentication. Addresses are
+                                      specified in CIDR format (nn.nn.nn.nn/nn
+                                      or hhhh::hhhh/nn).
+                                      If this option is not present then
+                                      certificates may be presented from any
+                                      source address.
+Extensions
+----------
+The extensions section of the certificate specifies zero or more
+non-critical certificate extensions. The encoding and ordering of
+extensions in this field is identical to that of the critical options.
+If an implementation does not recognise an extension, then it should
+ignore it.
+The supported extensions and the contents and structure of their data
+fields are:
+Name                    Format        Description
+-----------------------------------------------------------------------------
 permit-X11-forwarding   empty         Flag indicating that X11 forwarding
                                      should be permitted. X11 forwarding will
-                                      be refused if this constraint is absent.
+                                      be refused if this option is absent.
 permit-agent-forwarding empty         Flag indicating that agent forwarding
                                      should be allowed. Agent forwarding
                                      must not be permitted unless this
-                                      constraint is present.
+                                      option is present.
 permit-port-forwarding  empty         Flag indicating that port-forwarding
-                                      should be allowed. If this constraint is
+                                      should be allowed. If this option is
                                      not present then no port forwarding will
                                      be allowed.
 permit-pty              empty         Flag indicating that PTY allocation
                                      should be permitted. In the absence of
-                                      this constraint PTY allocation will be
+                                      this option PTY allocation will be
                                      disabled.
 permit-user-rc          empty         Flag indicating that execution of
                                      ~/.ssh/rc should be permitted. Execution
                                      of this script will not be permitted if
-                                      this constraint is not present.
+                                      this option is not present.
-source-address          string        Comma-separated list of source addresses
-                                      from which this certificate is accepted
-                                      for authentication. Addresses are
-                                      specified in CIDR format (nn.nn.nn.nn/nn
-                                      or hhhh::hhhh/nn).
-                                      If this constraint is not present then
-                                      certificates may be presented from any
-                                      source address.
-$OpenBSD: PROTOCOL.certkeys,v 1.3 2010/03/03 22:50:40 djm Exp $
+$OpenBSD: PROTOCOL.certkeys,v 1.7 2010/08/04 05:40:39 djm Exp $

diff --git a/PROTOCOL.certkeys b/PROTOCOL.certkeys index 1ed9e2064..1d1be13da 100644 --- a/PROTOCOL.certkeys +++ b/PROTOCOL.certkeys
@@ -16,7 +16,7 @@ These protocol extensions build on the simple public key authentication
16	system already in SSH to allow certificate-based authentication.	16	system already in SSH to allow certificate-based authentication.
17	The certificates used are not traditional X.509 certificates, with	17	The certificates used are not traditional X.509 certificates, with
18	numerous options and complex encoding rules, but something rather	18	numerous options and complex encoding rules, but something rather
19	more minimal: a key, some identity information and usage constraints	19	more minimal: a key, some identity information and usage options
20	that have been signed with some other trusted key.	20	that have been signed with some other trusted key.
21		21
22	A sshd server may be configured to allow authentication via certified	22	A sshd server may be configured to allow authentication via certified
@@ -27,7 +27,7 @@ of acceptance of certified host keys, by adding a similar ability
27	to specify CA keys in ~/.ssh/known_hosts.	27	to specify CA keys in ~/.ssh/known_hosts.
28		28
29	Certified keys are represented using two new key types:	29	Certified keys are represented using two new key types:
30	ssh-rsa-cert-v00@openssh.com and ssh-dss-cert-v00@openssh.com that	30	ssh-rsa-cert-v01@openssh.com and ssh-dss-cert-v01@openssh.com that
31	include certification information along with the public key that is used	31	include certification information along with the public key that is used
32	to sign challenges. ssh-keygen performs the CA signing operation.	32	to sign challenges. ssh-keygen performs the CA signing operation.
33		33
@@ -47,7 +47,7 @@ in RFC4252 section 7.
47	New public key formats	47	New public key formats
48	----------------------	48	----------------------
49		49
50	The ssh-rsa-cert-v00@openssh.com and ssh-dss-cert-v00@openssh.com key	50	The ssh-rsa-cert-v01@openssh.com and ssh-dss-cert-v01@openssh.com key
51	types take a similar high-level format (note: data types and	51	types take a similar high-level format (note: data types and
52	encoding are as per RFC4251 section 5). The serialised wire encoding of	52	encoding are as per RFC4251 section 5). The serialised wire encoding of
53	these certificates is also used for storing them on disk.	53	these certificates is also used for storing them on disk.
@@ -57,42 +57,55 @@ these certificates is also used for storing them on disk.
57		57
58	RSA certificate	58	RSA certificate
59		59
60	string "ssh-rsa-cert-v00@openssh.com"	60	string "ssh-rsa-cert-v01@openssh.com"
		61	string nonce
61	mpint e	62	mpint e
62	mpint n	63	mpint n
		64	uint64 serial
63	uint32 type	65	uint32 type
64	string key id	66	string key id
65	string valid principals	67	string valid principals
66	uint64 valid after	68	uint64 valid after
67	uint64 valid before	69	uint64 valid before
68	string constraints	70	string critical options
69	string nonce	71	string extensions
70	string reserved	72	string reserved
71	string signature key	73	string signature key
72	string signature	74	string signature
73		75
74	DSA certificate	76	DSA certificate
75		77
76	string "ssh-dss-cert-v00@openssh.com"	78	string "ssh-dss-cert-v01@openssh.com"
		79	string nonce
77	mpint p	80	mpint p
78	mpint q	81	mpint q
79	mpint g	82	mpint g
80	mpint y	83	mpint y
		84	uint64 serial
81	uint32 type	85	uint32 type
82	string key id	86	string key id
83	string valid principals	87	string valid principals
84	uint64 valid after	88	uint64 valid after
85	uint64 valid before	89	uint64 valid before
86	string constraints	90	string critical options
87	string nonce	91	string extensions
88	string reserved	92	string reserved
89	string signature key	93	string signature key
90	string signature	94	string signature
91		95
		96	The nonce field is a CA-provided random bitstring of arbitrary length
		97	(but typically 16 or 32 bytes) included to make attacks that depend on
		98	inducing collisions in the signature hash infeasible.
		99
92	e and n are the RSA exponent and public modulus respectively.	100	e and n are the RSA exponent and public modulus respectively.
93		101
94	p, q, g, y are the DSA parameters as described in FIPS-186-2.	102	p, q, g, y are the DSA parameters as described in FIPS-186-2.
95		103
		104	serial is an optional certificate serial number set by the CA to
		105	provide an abbreviated way to refer to certificates from that CA.
		106	If a CA does not wish to number its certificates it must set this
		107	field to zero.
		108
96	type specifies whether this certificate is for identification of a user	109	type specifies whether this certificate is for identification of a user
97	or a host using a SSH_CERT_TYPE_... value.	110	or a host using a SSH_CERT_TYPE_... value.
98		111
@@ -112,13 +125,15 @@ certificate. Each represents a time in seconds since 1970-01-01
112	00:00:00. A certificate is considered valid if:	125	00:00:00. A certificate is considered valid if:
113	valid after <= current time < valid before	126	valid after <= current time < valid before
114		127
115	constraints is a set of zero or more key constraints encoded as below.	128	criticial options is a set of zero or more key options encoded as
		129	below. All such options are "critical" in the sense that an implementation
		130	must refuse to authorise a key that has an unrecognised option.
116		131
117	The nonce field is a CA-provided random bitstring of arbitrary length	132	extensions is a set of zero or more optional extensions. These extensions
118	(but typically 16 or 32 bytes) included to make attacks that depend on	133	are not critical, and an implementation that encounters one that it does
119	inducing collisions in the signature hash infeasible.	134	not recognise may safely ignore it.
120		135
121	The reserved field is current unused and is ignored in this version of	136	The reserved field is currently unused and is ignored in this version of
122	the protocol.	137	the protocol.
123		138
124	signature key contains the CA key used to sign the certificate.	139	signature key contains the CA key used to sign the certificate.
@@ -132,22 +147,25 @@ up to, and including the signature key. Signatures are computed and
132	encoded according to the rules defined for the CA's public key algorithm	147	encoded according to the rules defined for the CA's public key algorithm
133	(RFC4253 section 6.6 for ssh-rsa and ssh-dss).	148	(RFC4253 section 6.6 for ssh-rsa and ssh-dss).
134		149
135	Constraints	150	Critical options
136	-----------	151	----------------
137		152
138	The constraints section of the certificate specifies zero or more	153	The critical options section of the certificate specifies zero or more
139	constraints on the certificates validity. The format of this field	154	options on the certificates validity. The format of this field
140	is a sequence of zero or more tuples:	155	is a sequence of zero or more tuples:
141		156
142	string name	157	string name
143	string data	158	string data
144		159
145	The name field identifies the constraint and the data field encodes	160	Options must be lexically ordered by "name" if they appear in the
146	constraint-specific information (see below). All constraints are	161	sequence.
147	"critical", if an implementation does not recognise a constraint	162
		163	The name field identifies the option and the data field encodes
		164	option-specific information (see below). All options are
		165	"critical", if an implementation does not recognise a option
148	then the validating party should refuse to accept the certificate.	166	then the validating party should refuse to accept the certificate.
149		167
150	The supported constraints and the contents and structure of their	168	The supported options and the contents and structure of their
151	data fields are:	169	data fields are:
152		170
153	Name Format Description	171	Name Format Description
@@ -157,37 +175,51 @@ force-command string Specifies a command that is executed
157	ssh command-line) whenever this key is	175	ssh command-line) whenever this key is
158	used for authentication.	176	used for authentication.
159		177
		178	source-address string Comma-separated list of source addresses
		179	from which this certificate is accepted
		180	for authentication. Addresses are
		181	specified in CIDR format (nn.nn.nn.nn/nn
		182	or hhhh::hhhh/nn).
		183	If this option is not present then
		184	certificates may be presented from any
		185	source address.
		186
		187	Extensions
		188	----------
		189
		190	The extensions section of the certificate specifies zero or more
		191	non-critical certificate extensions. The encoding and ordering of
		192	extensions in this field is identical to that of the critical options.
		193	If an implementation does not recognise an extension, then it should
		194	ignore it.
		195
		196	The supported extensions and the contents and structure of their data
		197	fields are:
		198
		199	Name Format Description
		200	-----------------------------------------------------------------------------
160	permit-X11-forwarding empty Flag indicating that X11 forwarding	201	permit-X11-forwarding empty Flag indicating that X11 forwarding
161	should be permitted. X11 forwarding will	202	should be permitted. X11 forwarding will
162	be refused if this constraint is absent.	203	be refused if this option is absent.
163		204
164	permit-agent-forwarding empty Flag indicating that agent forwarding	205	permit-agent-forwarding empty Flag indicating that agent forwarding
165	should be allowed. Agent forwarding	206	should be allowed. Agent forwarding
166	must not be permitted unless this	207	must not be permitted unless this
167	constraint is present.	208	option is present.
168		209
169	permit-port-forwarding empty Flag indicating that port-forwarding	210	permit-port-forwarding empty Flag indicating that port-forwarding
170	should be allowed. If this constraint is	211	should be allowed. If this option is
171	not present then no port forwarding will	212	not present then no port forwarding will
172	be allowed.	213	be allowed.
173		214
174	permit-pty empty Flag indicating that PTY allocation	215	permit-pty empty Flag indicating that PTY allocation
175	should be permitted. In the absence of	216	should be permitted. In the absence of
176	this constraint PTY allocation will be	217	this option PTY allocation will be
177	disabled.	218	disabled.
178		219
179	permit-user-rc empty Flag indicating that execution of	220	permit-user-rc empty Flag indicating that execution of
180	~/.ssh/rc should be permitted. Execution	221	~/.ssh/rc should be permitted. Execution
181	of this script will not be permitted if	222	of this script will not be permitted if
182	this constraint is not present.	223	this option is not present.
183
184	source-address string Comma-separated list of source addresses
185	from which this certificate is accepted
186	for authentication. Addresses are
187	specified in CIDR format (nn.nn.nn.nn/nn
188	or hhhh::hhhh/nn).
189	If this constraint is not present then
190	certificates may be presented from any
191	source address.
192		224
193	$OpenBSD: PROTOCOL.certkeys,v 1.3 2010/03/03 22:50:40 djm Exp $	225	$OpenBSD: PROTOCOL.certkeys,v 1.7 2010/08/04 05:40:39 djm Exp $