[Bug 2389] update the PROTOCOL.certkeys spec to avoid confusion regarding encoding of critical options fields

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat Dec 7 03:02:58 AEDT 2024


https://bugzilla.mindrot.org/show_bug.cgi?id=2389

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Added this text:

The name field identifies the option. The data field contains
option-specific information encoded as zero or more values inside
the string. I.e. an empty data field would be encoded as a zero-
length string (00 00 00 00), and data field that holds a single
string value "a" would be encoded as (00 00 00 05 00 00 00 01 65).

All options are "critical"; if an implementation does not recognise
a option, then the validating party should refuse to accept the
certificate.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list