Suggestion: Deprecate SSH certificates and move to X.509 certificates

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



I suggest deprecating proprietary SSH certificates and move to X.509
certificates. The reasons why I suggest this change are: X.509
certificates are the standard on the web, SSH certificates provide no
way to revoke compromised certificates, and SSH certificates haven't
seen significant adoption, It's also a bad idea to roll your own
crypto, and own certificate format seems like an example of this. I
request comments on this proposal, and suggest that X.509 certificates
should be supported even if SSH certificates will be left in, since
that will solve the problem of authenticating a previously unknown
server using the same mechanism most of the web is using.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux