To:
"Wesley Griffin" <wgriffin@tislabs.com>, <dnssec@cafax.se>
From:
"Scott Rose" <scottr@antd.nist.gov>
Date:
Fri, 6 Jul 2001 16:46:50 -0400
Delivery-Date:
Sun Jul 8 21:39:23 2001
Sender:
owner-dnssec@cafax.se
Subject:
Re: SSH keys in DNS
I would suggest against adding another field to the KEY record just to benifit a few protocols (version field). Assigning two separate protocol values would be somewhat better, but the idea of using a SRV like nameing scheme for KEY RRs sounds like a better path. That way there would be a distinct name for each KEY record: _ssh1.example.com and _ssh2.example.com In my opinion - cleaner and easier for the code to implement (assuming standard protocol values). The protocol field in these cases is still open to definition, but some in the WG like the idea of defining a default constant (to stand for "uses _protocol.name" convention). > So I've been working on modifying the OpenSSH client to lookup host keys > via DNS and I've run into an issue with the KEY record and > protocol/algorithm octects. > > SSH has 2 protocols: version 1 and version 2. The v1 protocol uses RSA > for host keys, and the v2 protocol uses both DSA and RSA for host keys. > I don't know how other clients work, but the OpenSSH client uses a > different RSA key for the v1 key and v2 key. > > Initially I wrote the secsh-dns-key-format-00 draft to request only a > single protocol value from IANA for the DNS KEY record. The problem is > that when a v1 RSA key and v2 RSA key are both put in DNS, the protocol > distinction is lost. > > I thought that perhaps the way to proceed would be to request 2 protocol > values from IANA: an SSHv1 protocol value and SSHv2 protocol value. But > I'm wondering if since it is still the SSH protocol, just a different > version, whether this is the appropriate method. > > Should there be a protocol version octect in the DNS KEY record? > I don't know the best approach is, but would like to know what others > think. > > -- > Wesley Griffin NAI Labs > wgriffin at tislabs.com 443.259.2388