RFC 4256, "Generic Message Exchange Authentication for the Secure Shell Protocol (SSH)", January 2006Source of RFC: secsh (sec)
Errata ID: 758
Publication Format(s) : TEXT
Reported By: Alfred Hoenes
Date Reported: 2006-03-18
Rejected by: Pasi Eronen
Date Rejected: 2009-02-16
Section 3.2 says:
"Information Requests", on page 5, RFC 4256 says: The language tag is deprecated and SHOULD be the empty string. It may be removed in a future revision of this specification. Instead, the server SHOULD select the language used based on the tags communicated during key exchange [SSH-TRANS]. If the language tag is not the empty string, the server SHOULD use the specified language for any messages sent to the client as part of this protocol. The language tag SHOULD NOT be used for language selection for messages outside of this protocol. If the server does not support the requested language, the language to be used is implementation-dependent.
It should say:
[Replace by errata ID 1678]
(These two paragraphs apparently have been copied from Section 3.1
This specification makes no sense here:
The Information Request is sent from the *server* to the client,
and it already contains strings that *do* make use of a particular
The one and only useful interpretation of the 'language tag'
in the Information Request message is that it specifies the
language/locale used for building the 'instruction' and 'prompt'
strings in the request.
This parallels the use of the language tag, e.g., in the
Disconnection Message of the SSH Transport Layer Protocol
(cf. RFC 4253, Sect. 11.1).
NOTE: The client might have announced a locale *list* in the
initial exchange, and the server should choose from that list;
the actual choice [for a particular message with text strings]
needs to be communicated to the client.
NOTE: In multi-stage authentication, the backend authentication
mechanisms will be the source of all these strings, and the SSH
server might have no choice than to just report the locale used
by each backend mechanism to the client; such mechanisms easily
could make use of different locales - hence the locale needs to
be announced per message from the server in this context!
NOTE: RFC 4253 recommends to send empty language tags fields in
the initial exchange; this makes the 'language tag' field in all
SSH protocol messages containing text to be presented to the user
*very* desirable !
Therefore, the 'language tag' should also better *not* be deprecated
in the SSH_MSG_USERAUTH_INFO_REQUEST message!
[Replaced by errata ID 1678]