RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 4255, "Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints", January 2006

Source of RFC: secsh (sec)

Errata ID: 6621
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT

Reported By: Shane Kerr
Date Reported: 2021-06-25
Held for Document Update by: Benjamin Kaduk
Date Held: 2021-07-19

Section 3.2 says:

   The RDATA of the presentation format of the SSHFP resource record
   consists of two numbers (algorithm and fingerprint type) followed by
   the fingerprint itself, presented in hex, e.g.:

       host.example.  SSHFP 2 1 123456789abcdef67890123456789abcdef67890

   The use of mnemonics instead of numbers is not allowed.

It should say:

   The RDATA of the presentation format of the SSHFP resource record
   consists of two numbers (algorithm and fingerprint type) followed by
   the fingerprint itself, presented in hex, e.g.:

       host.example.  SSHFP 2 1 123456789abcdef67890123456789abcdef67890

   The use of mnemonics instead of numbers is not allowed. Whitespace is
   allowed within the hexadecimal text.

Notes:

Many (most?) other DNS RFC's, for example RFC 4034, explicitly mention that whitespace is allowed in such encoded fields, whether hex or base64. RFC 4255 does not address this, so can be interpreted either way. For consistency and ease of implementation, I recommend allowing whitespace.

My proposed corrected text was copied verbatim from RFC 4034, and could possibly be edited to match the RFC 4255 text better, for example using "hex" instead of "hexadecimal text".

Report New Errata