History log of /openssh-portable/PROTOCOL.agent (Results 1 - 25 of 26)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
Revision tags: V_7_6_P1
# d63b3816 30-Sep-2017 Damien Miller

update URL again

I spotted a typo in the draft so uploaded a new version...


# 4e4e0bb2 30-Sep-2017 Damien Miller

update agent draft URL


# 77322480 19-May-2017 djm@openbsd.org

upstream commit

Now that we no longer support SSHv1, replace the contents
of this file with a pointer to
https://tools.ietf.org/html/draft-miller-ssh-agent-00 It's better edited,

upstream commit

Now that we no longer support SSHv1, replace the contents
of this file with a pointer to
https://tools.ietf.org/html/draft-miller-ssh-agent-00 It's better edited,
doesn't need to document stuff we no longer implement and does document stuff
that we do implement (RSA SHA256/512 signature flags)

Upstream-ID: da8cdc46bbcc266efabd565ddddd0d8e556f846e

show more ...


Revision tags: V_7_5_P1, V_7_4_P1, V_7_3_P1
# 531c1354 19-May-2016 djm@openbsd.org

upstream commit

fix type of ed25519 values

Upstream-ID: b32d0cb372bbe918ca2de56906901eae225a59b0


# 910e59bb 04-May-2016 djm@openbsd.org

upstream commit

fix junk characters after quotes

Upstream-ID: cc4d0cd32cb6b55a2ef98975d2f7ae857d0dc578


# b466f956 03-May-2016 djm@openbsd.org

upstream commit

add ed25519 keys that are supported but missing from this
documents; from Peter Moody

Upstream-ID: 8caac2d8e8cfd2fca6dc304877346e0a064b014b


Revision tags: V_7_2_P2, V_7_2_P1, V_7_1_P2, V_7_1_P1, V_7_0_P1, V_6_9_P1
# 4e636cf2 07-May-2015 djm@openbsd.org

upstream commit

whitespace at EOL


Revision tags: V_6_8_P1, V_6_7_P1, V_6_6_P1, V_6_5_P1, V_6_4_P1, V_6_3_P1, V_6_2_P2, V_6_2_P1
# 697485d5 08-Jan-2013 Damien Miller

- djm@cvs.openbsd.org 2013/01/02 00:33:49
[PROTOCOL.agent]
correct format description for SSH_AGENTC_ADD_RSA_ID_CONSTRAINED
bz#2051 from david AT lechnology.com


Revision tags: V_6_1_P1, V_6_0_P1, V_5_9_P1, V_5_8_P2, V_5_8_P1, V_5_7_P1
# eb8b60e3 31-Aug-2010 Damien Miller

- djm@cvs.openbsd.org 2010/08/31 11:54:45
[PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
[authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
[

- djm@cvs.openbsd.org 2010/08/31 11:54:45
[PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
[authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
[monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
[ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
[ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
[ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
[uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
better performance than plain DH and DSA at the same equivalent symmetric
key length, as well as much shorter keys.

Only the mandatory sections of RFC5656 are implemented, specifically the
three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
ECDSA. Point compression (optional in RFC5656 is NOT implemented).

Certificate host and user keys using the new ECDSA key types are supported.

Note that this code has not been tested for interoperability and may be
subject to change.

feedback and ok markus@

show more ...


Revision tags: V_5_6_P1, V_5_5_P1, V_5_4_P1
# 0a80ca19 26-Feb-2010 Damien Miller

- OpenBSD CVS Sync
- djm@cvs.openbsd.org 2010/02/26 20:29:54
[PROTOCOL PROTOCOL.agent PROTOCOL.certkeys addrmatch.c auth-options.c]
[auth-options.h auth.h auth2-pubkey.c auth

- OpenBSD CVS Sync
- djm@cvs.openbsd.org 2010/02/26 20:29:54
[PROTOCOL PROTOCOL.agent PROTOCOL.certkeys addrmatch.c auth-options.c]
[auth-options.h auth.h auth2-pubkey.c authfd.c dns.c dns.h hostfile.c]
[hostfile.h kex.h kexdhs.c kexgexs.c key.c key.h match.h monitor.c]
[myproposal.h servconf.c servconf.h ssh-add.c ssh-agent.c ssh-dss.c]
[ssh-keygen.1 ssh-keygen.c ssh-rsa.c ssh.1 ssh.c ssh2.h sshconnect.c]
[sshconnect2.c sshd.8 sshd.c sshd_config.5]
Add support for certificate key types for users and hosts.

OpenSSH certificate key types are not X.509 certificates, but a much
simpler format that encodes a public key, identity information and
some validity constraints and signs it with a CA key. CA keys are
regular SSH keys. This certificate style avoids the attack surface
of X.509 certificates and is very easy to deploy.

Certified host keys allow automatic acceptance of new host keys
when a CA certificate is marked as sh/known_hosts.
see VERIFYING HOST KEYS in ssh(1) for details.

Certified user keys allow authentication of users when the signing
CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS
FILE FORMAT" in sshd(8) for details.

Certificates are minted using ssh-keygen(1), documentation is in
the "CERTIFICATES" section of that manpage.

Documentation on the format of certificates is in the file
PROTOCOL.certkeys

feedback and ok markus@

show more ...


Revision tags: V_5_3_P1, V_5_2_P1, V_5_1_P1
# f2e21dec 02-Jul-2008 Darren Tucker

- stevesk@cvs.openbsd.org 2008/07/01 23:12:47
[PROTOCOL.agent]
fix some typos; ok djm@


# 00f00f04 02-Jul-2008 Darren Tucker

- djm@cvs.openbsd.org 2008/06/30 08:05:59
[PROTOCOL.agent]
typo: s/constraint_date/constraint_data/


# 1e18beb1 29-Jun-2008 Damien Miller

- djm@cvs.openbsd.org 2008/06/28 14:08:30
[PROTOCOL PROTOCOL.agent]
document the protocol used by ssh-agent; "looks ok" markus@


# d63b3816 30-Sep-2017 Damien Miller

update URL again

I spotted a typo in the draft so uploaded a new version...


# 4e4e0bb2 30-Sep-2017 Damien Miller

update agent draft URL


# 77322480 19-May-2017 djm@openbsd.org

upstream commit

Now that we no longer support SSHv1, replace the contents
of this file with a pointer to
https://tools.ietf.org/html/draft-miller-ssh-agent-00 It's better edited,

upstream commit

Now that we no longer support SSHv1, replace the contents
of this file with a pointer to
https://tools.ietf.org/html/draft-miller-ssh-agent-00 It's better edited,
doesn't need to document stuff we no longer implement and does document stuff
that we do implement (RSA SHA256/512 signature flags)

Upstream-ID: da8cdc46bbcc266efabd565ddddd0d8e556f846e

show more ...


# 531c1354 19-May-2016 djm@openbsd.org

upstream commit

fix type of ed25519 values

Upstream-ID: b32d0cb372bbe918ca2de56906901eae225a59b0


# 910e59bb 04-May-2016 djm@openbsd.org

upstream commit

fix junk characters after quotes

Upstream-ID: cc4d0cd32cb6b55a2ef98975d2f7ae857d0dc578


# b466f956 03-May-2016 djm@openbsd.org

upstream commit

add ed25519 keys that are supported but missing from this
documents; from Peter Moody

Upstream-ID: 8caac2d8e8cfd2fca6dc304877346e0a064b014b


# 4e636cf2 07-May-2015 djm@openbsd.org

upstream commit

whitespace at EOL


# 697485d5 08-Jan-2013 Damien Miller

- djm@cvs.openbsd.org 2013/01/02 00:33:49
[PROTOCOL.agent]
correct format description for SSH_AGENTC_ADD_RSA_ID_CONSTRAINED
bz#2051 from david AT lechnology.com


# eb8b60e3 31-Aug-2010 Damien Miller

- djm@cvs.openbsd.org 2010/08/31 11:54:45
[PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
[authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
[

- djm@cvs.openbsd.org 2010/08/31 11:54:45
[PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
[authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
[monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
[ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
[ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
[ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
[uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
better performance than plain DH and DSA at the same equivalent symmetric
key length, as well as much shorter keys.

Only the mandatory sections of RFC5656 are implemented, specifically the
three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
ECDSA. Point compression (optional in RFC5656 is NOT implemented).

Certificate host and user keys using the new ECDSA key types are supported.

Note that this code has not been tested for interoperability and may be
subject to change.

feedback and ok markus@

show more ...


# 0a80ca19 26-Feb-2010 Damien Miller

- OpenBSD CVS Sync
- djm@cvs.openbsd.org 2010/02/26 20:29:54
[PROTOCOL PROTOCOL.agent PROTOCOL.certkeys addrmatch.c auth-options.c]
[auth-options.h auth.h auth2-pubkey.c auth

- OpenBSD CVS Sync
- djm@cvs.openbsd.org 2010/02/26 20:29:54
[PROTOCOL PROTOCOL.agent PROTOCOL.certkeys addrmatch.c auth-options.c]
[auth-options.h auth.h auth2-pubkey.c authfd.c dns.c dns.h hostfile.c]
[hostfile.h kex.h kexdhs.c kexgexs.c key.c key.h match.h monitor.c]
[myproposal.h servconf.c servconf.h ssh-add.c ssh-agent.c ssh-dss.c]
[ssh-keygen.1 ssh-keygen.c ssh-rsa.c ssh.1 ssh.c ssh2.h sshconnect.c]
[sshconnect2.c sshd.8 sshd.c sshd_config.5]
Add support for certificate key types for users and hosts.

OpenSSH certificate key types are not X.509 certificates, but a much
simpler format that encodes a public key, identity information and
some validity constraints and signs it with a CA key. CA keys are
regular SSH keys. This certificate style avoids the attack surface
of X.509 certificates and is very easy to deploy.

Certified host keys allow automatic acceptance of new host keys
when a CA certificate is marked as sh/known_hosts.
see VERIFYING HOST KEYS in ssh(1) for details.

Certified user keys allow authentication of users when the signing
CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS
FILE FORMAT" in sshd(8) for details.

Certificates are minted using ssh-keygen(1), documentation is in
the "CERTIFICATES" section of that manpage.

Documentation on the format of certificates is in the file
PROTOCOL.certkeys

feedback and ok markus@

show more ...


# f2e21dec 02-Jul-2008 Darren Tucker

- stevesk@cvs.openbsd.org 2008/07/01 23:12:47
[PROTOCOL.agent]
fix some typos; ok djm@


# 00f00f04 02-Jul-2008 Darren Tucker

- djm@cvs.openbsd.org 2008/06/30 08:05:59
[PROTOCOL.agent]
typo: s/constraint_date/constraint_data/


12