upstream commit
correct some typos and remove a long-stale XXX note.
add specification for ed25519 certificates
mention no host certificate options/extensions are currently defined
pointed out by Simon Tatham
Upstream-ID: 7b535ab7dba3340b7d8210ede6791fdaefdf839a
diff --git a/PROTOCOL.certkeys b/PROTOCOL.certkeys
index c985910..aa6f5ae 100644
--- a/PROTOCOL.certkeys
+++ b/PROTOCOL.certkeys
@@ -100,9 +100,9 @@
ECDSA certificate
- string "ecdsa-sha2-nistp256@openssh.com" |
- "ecdsa-sha2-nistp384@openssh.com" |
- "ecdsa-sha2-nistp521@openssh.com"
+ string "ecdsa-sha2-nistp256-v01@openssh.com" |
+ "ecdsa-sha2-nistp384-v01@openssh.com" |
+ "ecdsa-sha2-nistp521-v01@openssh.com"
string nonce
string curve
string public_key
@@ -118,6 +118,23 @@
string signature key
string signature
+ED25519 certificate
+
+ string "ssh-ed25519-cert-v01@openssh.com"
+ string nonce
+ string pk
+ uint64 serial
+ uint32 type
+ string key id
+ string valid principals
+ uint64 valid after
+ uint64 valid before
+ string critical options
+ string extensions
+ string reserved
+ string signature key
+ string signature
+
The nonce field is a CA-provided random bitstring of arbitrary length
(but typically 16 or 32 bytes) included to make attacks that depend on
inducing collisions in the signature hash infeasible.
@@ -129,6 +146,9 @@
curve and public key are respectively the ECDSA "[identifier]" and "Q"
defined in section 3.1 of RFC5656.
+pk is the encoded Ed25519 public key as defined by
+draft-josefsson-eddsa-ed25519-03.
+
serial is an optional certificate serial number set by the CA to
provide an abbreviated way to refer to certificates from that CA.
If a CA does not wish to number its certificates it must set this
@@ -146,7 +166,7 @@
certificate is valid; hostnames for SSH_CERT_TYPE_HOST certificates and
usernames for SSH_CERT_TYPE_USER certificates. As a special case, a
zero-length "valid principals" field means the certificate is valid for
-any principal of the specified type. XXX DNS wildcards?
+any principal of the specified type.
"valid after" and "valid before" specify a validity period for the
certificate. Each represents a time in seconds since 1970-01-01
@@ -183,7 +203,7 @@
up to, and including the signature key. Signatures are computed and
encoded according to the rules defined for the CA's public key algorithm
(RFC4253 section 6.6 for ssh-rsa and ssh-dss, RFC5656 for the ECDSA
-types).
+types), and draft-josefsson-eddsa-ed25519-03 for Ed25519.
Critical options
----------------
@@ -203,8 +223,9 @@
"critical", if an implementation does not recognise a option
then the validating party should refuse to accept the certificate.
-The supported options and the contents and structure of their
-data fields are:
+No critical options are defined for host certificates at present. The
+supported user certificate options and the contents and structure of
+their data fields are:
Name Format Description
-----------------------------------------------------------------------------
@@ -233,8 +254,9 @@
If an implementation does not recognise an extension, then it should
ignore it.
-The supported extensions and the contents and structure of their data
-fields are:
+No extensions are defined for host certificates at present. The
+supported user certificate extensions and the contents and structure of
+their data fields are:
Name Format Description
-----------------------------------------------------------------------------
@@ -262,4 +284,4 @@
of this script will not be permitted if
this option is not present.
-$OpenBSD: PROTOCOL.certkeys,v 1.9 2012/03/28 07:23:22 djm Exp $
+$OpenBSD: PROTOCOL.certkeys,v 1.10 2016/05/03 10:27:59 djm Exp $