[prev in list] [next in list] [prev in thread] [next in thread]
List: wireshark-bugs
Subject: [Wireshark-bugs] [Bug 3796] New: Support for SSHFP RR (RFC 4255)
From: bugzilla-daemon () wireshark ! org
Date: 2009-07-31 4:27:57
Message-ID: bug-3796-15 () https ! bugs ! wireshark ! org/bugzilla/
[Download RAW message or body]
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3796
Summary: Support for SSHFP RR (RFC 4255)
Product: Wireshark
Version: 1.2.1
Platform: All
OS/Version: All
Status: NEW
Severity: Minor
Priority: Medium
Component: Wireshark
AssignedTo: wireshark-bugs@wireshark.org
ReportedBy: ivan_jr@yahoo.com
Ivan Sy <ivan_jr@yahoo.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #3443| |review_for_checkin?
Flag| |
Created an attachment (id=3443)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3443)
SSHFP support (RFC 4255)
Build Information:
wireshark 1.2.1
Copyright 1998-2009 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.16.1, with GLib 2.20.1, with libpcap 1.0.0, with libz
1.2.3, without POSIX capabilities, with libpcre 7.8, with SMI 0.4.7, without
c-ares, with ADNS, without Lua, with GnuTLS 2.6.4, with Gcrypt 1.4.4, without
Kerberos, with GeoIP, with PortAudio <= V18, without AirPcap.
Running on FreeBSD 7.2-RELEASE-p1, with libpcap version 1.0.0, GnuTLS 2.6.4,
Gcrypt 1.4.4.
Built using gcc 4.2.1 20070719 [FreeBSD].
--
Support for SSHFP RR (RFC 4255)
Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints
3.1. The SSHFP RDATA Format
The RDATA for a SSHFP RR consists of an algorithm number, fingerprint
type and the fingerprint of the public host key.
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| algorithm | fp type | /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ /
/ /
/ fingerprint /
/ /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
3.1.1. Algorithm Number Specification
This algorithm number octet describes the algorithm of the public
key. The following values are assigned:
Value Algorithm name
----- --------------
0 reserved
1 RSA
2 DSS
Reserving other types requires IETF consensus [4].
3.1.2. Fingerprint Type Specification
The fingerprint type octet describes the message-digest algorithm
used to calculate the fingerprint of the public key. The following
values are assigned:
Value Fingerprint type
----- ----------------
0 reserved
1 SHA-1
Reserving other types requires IETF consensus [4].
For interoperability reasons, as few fingerprint types as possible
should be reserved. The only reason to reserve additional types is
to increase security.
3.1.3. Fingerprint
The fingerprint is calculated over the public key blob as described
in [7].
The message-digest algorithm is presumed to produce an opaque octet
string output, which is placed as-is in the RDATA fingerprint field.
.
.
.
5. IANA Considerations
IANA has allocated the RR type code 44 for SSHFP from the standard RR
type space.
IANA has opened a new registry for the SSHFP RR type for public key
algorithms. The defined types are:
0 is reserved
1 is RSA
2 is DSA
Adding new reservations requires IETF consensus [4].
IANA has opened a new registry for the SSHFP RR type for fingerprint
types. The defined types are:
0 is reserved
1 is SHA-1
Adding new reservations requires IETF consensus [4].
please see attached patch
and DNS packet capture.
fuzz OK
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-request@wireshark.org?subject=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic