1 files changed, 39 insertions, 14 deletions
diff --git a/PROTOCOL b/PROTOCOL
index 8150c577b..f9560839e 100644
--- a/PROTOCOL
+++ b/PROTOCOL
@@ -40,8 +40,8 @@ http://www.openssh.com/txt/draft-miller-secsh-compression-delayed-00.txt
     "ecdsa-sha2-nistp521-cert-v01@openssh.com"
 OpenSSH introduces new public key algorithms to support certificate
-authentication for users and hostkeys. These methods are documented in
+authentication for users and host keys. These methods are documented
-the file PROTOCOL.certkeys
+in the file PROTOCOL.certkeys
 1.4. transport: Elliptic Curve cryptography
@@ -283,26 +283,51 @@ by the client cancel the forwarding of a Unix domain socket.
        string          socket path
 2.5. connection: hostkey update and rotation "hostkeys@openssh.com"
+and "hostkeys-prove@openssh.com"
 OpenSSH supports a protocol extension allowing a server to inform
-a client of all its protocol v.2 hostkeys after user-authentication
+a client of all its protocol v.2 host keys after user-authentication
 has completed.
        byte            SSH_MSG_GLOBAL_REQUEST
        string          "hostkeys@openssh.com"
        string[]        hostkeys
-Upon receiving this message, a client may update its known_hosts
+Upon receiving this message, a client should check which of the
-file, adding keys that it has not seen before and deleting keys
+supplied host keys are present in known_hosts. For keys that are
-for the server host that are no longer offered.
+not present, it should send a "hostkeys-prove@openssh.com" message
+to request the server prove ownership of the private half of the
+key.
-This extension allows a client to learn key types that it had
+        byte            SSH_MSG_GLOBAL_REQUEST
-not previously encountered, thereby allowing it to potentially
+        string          "hostkeys-prove@openssh.com"
-upgrade from weaker key algorithms to better ones. It also
+        char            1 /* want-reply */
-supports graceful key rotation: a server may offer multiple keys
+        string[]        hostkeys
-of the same type for a period (to give clients an opportunity to
-learn them using this extension) before removing the deprecated
+When a server receives this message, it should generate a signature
-key from those offered.
+using each requested key over the following:
+        string          session identifier
+        string          "hostkeys-prove@openssh.com"
+        string          hostkey
+These signatures should be included in the reply, in the order matching
+the hostkeys in the request:
+        byte            SSH_MSG_REQUEST_SUCCESS
+        string[]        signatures
+When the client receives this reply (and not a failure), it should
+validate the signatures and may update its known_hosts file, adding keys
+that it has not seen before and deleting keys for the server host that
+are no longer offered.
+These extensions let a client learn key types that it had not previously
+encountered, thereby allowing it to potentially upgrade from weaker
+key algorithms to better ones. It also supports graceful key rotation:
+a server may offer multiple keys of the same type for a period (to
+give clients an opportunity to learn them using this extension) before
+removing the deprecated key from those offered.
 3. SFTP protocol changes
@@ -428,4 +453,4 @@ respond with a SSH_FXP_STATUS message.
 This extension is advertised in the SSH_FXP_VERSION hello with version
 "1".
-$OpenBSD: PROTOCOL,v 1.25 2015/01/26 03:04:45 djm Exp $
+$OpenBSD: PROTOCOL,v 1.26 2015/02/16 22:13:32 djm Exp $

diff --git a/PROTOCOL b/PROTOCOL index 8150c577b..f9560839e 100644 --- a/PROTOCOL +++ b/PROTOCOL
@@ -40,8 +40,8 @@ http://www.openssh.com/txt/draft-miller-secsh-compression-delayed-00.txt
40	"ecdsa-sha2-nistp521-cert-v01@openssh.com"	40	"ecdsa-sha2-nistp521-cert-v01@openssh.com"
41		41
42	OpenSSH introduces new public key algorithms to support certificate	42	OpenSSH introduces new public key algorithms to support certificate
43	authentication for users and hostkeys. These methods are documented in	43	authentication for users and host keys. These methods are documented
44	the file PROTOCOL.certkeys	44	in the file PROTOCOL.certkeys
45		45
46	1.4. transport: Elliptic Curve cryptography	46	1.4. transport: Elliptic Curve cryptography
47		47
@@ -283,26 +283,51 @@ by the client cancel the forwarding of a Unix domain socket.
283	string socket path	283	string socket path
284		284
285	2.5. connection: hostkey update and rotation "hostkeys@openssh.com"	285	2.5. connection: hostkey update and rotation "hostkeys@openssh.com"
		286	and "hostkeys-prove@openssh.com"
286		287
287	OpenSSH supports a protocol extension allowing a server to inform	288	OpenSSH supports a protocol extension allowing a server to inform
288	a client of all its protocol v.2 hostkeys after user-authentication	289	a client of all its protocol v.2 host keys after user-authentication
289	has completed.	290	has completed.
290		291
291	byte SSH_MSG_GLOBAL_REQUEST	292	byte SSH_MSG_GLOBAL_REQUEST
292	string "hostkeys@openssh.com"	293	string "hostkeys@openssh.com"
293	string[] hostkeys	294	string[] hostkeys
294		295
295	Upon receiving this message, a client may update its known_hosts	296	Upon receiving this message, a client should check which of the
296	file, adding keys that it has not seen before and deleting keys	297	supplied host keys are present in known_hosts. For keys that are
297	for the server host that are no longer offered.	298	not present, it should send a "hostkeys-prove@openssh.com" message
		299	to request the server prove ownership of the private half of the
		300	key.
298		301
299	This extension allows a client to learn key types that it had	302	byte SSH_MSG_GLOBAL_REQUEST
300	not previously encountered, thereby allowing it to potentially	303	string "hostkeys-prove@openssh.com"
301	upgrade from weaker key algorithms to better ones. It also	304	char 1 /* want-reply */
302	supports graceful key rotation: a server may offer multiple keys	305	string[] hostkeys
303	of the same type for a period (to give clients an opportunity to	306
304	learn them using this extension) before removing the deprecated	307	When a server receives this message, it should generate a signature
305	key from those offered.	308	using each requested key over the following:
		309
		310	string session identifier
		311	string "hostkeys-prove@openssh.com"
		312	string hostkey
		313
		314	These signatures should be included in the reply, in the order matching
		315	the hostkeys in the request:
		316
		317	byte SSH_MSG_REQUEST_SUCCESS
		318	string[] signatures
		319
		320	When the client receives this reply (and not a failure), it should
		321	validate the signatures and may update its known_hosts file, adding keys
		322	that it has not seen before and deleting keys for the server host that
		323	are no longer offered.
		324
		325	These extensions let a client learn key types that it had not previously
		326	encountered, thereby allowing it to potentially upgrade from weaker
		327	key algorithms to better ones. It also supports graceful key rotation:
		328	a server may offer multiple keys of the same type for a period (to
		329	give clients an opportunity to learn them using this extension) before
		330	removing the deprecated key from those offered.
306		331
307	3. SFTP protocol changes	332	3. SFTP protocol changes
308		333
@@ -428,4 +453,4 @@ respond with a SSH_FXP_STATUS message.
428	This extension is advertised in the SSH_FXP_VERSION hello with version	453	This extension is advertised in the SSH_FXP_VERSION hello with version
429	"1".	454	"1".
430		455
431	$OpenBSD: PROTOCOL,v 1.25 2015/01/26 03:04:45 djm Exp $	456	$OpenBSD: PROTOCOL,v 1.26 2015/02/16 22:13:32 djm Exp $