On Tue, Dec 06, 2011 at 06:52:41AM -0800, the IESG wrote:
The IESG has received a request from an individual submitter to consider
the following document:
- 'Use of SHA-256 Algorithm with RSA, DSA and ECDSA in SSHFP Resource
Records'
<draft-os-ietf-sshfp-ecdsa-sha2-04.txt> as a Proposed Standard
In section 5, the TOC is as follows:
5. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
5.1. RSA public key . . . . . . . . . . . . . . . . . . . . . . 5
5.1.1. RSA public key with SHA1 fingerprint . . . . . . . . . 5
5.1.2. RSA public key with SHA256 fingerprint . . . . . . . . 5
5.2. DSA public key . . . . . . . . . . . . . . . . . . . . . . 6
5.2.1. DSA public key with SHA1 fingerprint . . . . . . . . . 6
5.2.2. DSA public key with SHA256 fingerprint . . . . . . . . 6
5.3. ECDSA public key . . . . . . . . . . . . . . . . . . . . . 6
5.3.1. ECDSA public key with SHA256 fingerprint . . . . . . . 7
However, the key provided for each is actually the private key.
Anyone who understands RFC 4255 or even just the basics of public key
cryptography is going to know that they should be hashing the public
key, but using the private keys in the examples is just asking for
confusion.
That said, converting the example private keys to public keys and
running it against a script I wrote a while back to generate SSHFP
records (with appropriate changes to add support for SHA-256 and ECDSA),
I was able to get matching SSHFP records with no changes to the
underlying algorithm.
Nits:
There's a typo in the IACR 2007/474 reference ("Di!erential") and some
of your reference titles have double-double-quotes (""blah"").
--
Scott Schmit
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf