Re: Suggestion: Deprecate SSH certificates and move to X.509 certificates

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



That's not a very good source, since it's only available to one person.

On Fri, May 25, 2018 at 7:12 AM, Peter Moody <mindrot@xxxxxxxx> wrote:
> On Thu, May 24, 2018 at 9:09 PM, Yegor Ievlev <koops1997@xxxxxxxxx> wrote:
>> How can I revoke one SSH certificate without having to replace the
>> root certificate and all certificates signed by it?
>
> there is no chaining of ssh certificates.
>
>> Regarding the second statement, do you have sources?
>
> yes. my day job.
>
>> On Fri, May 25, 2018 at 6:58 AM, Peter Moody <mindrot@xxxxxxxx> wrote:
>>> On Thu, May 24, 2018 at 8:36 PM, Yegor Ievlev <koops1997@xxxxxxxxx> wrote:
>>>
>>>> SSH certificates provide no
>>>> way to revoke compromised certificates,
>>>
>>> this isn't true
>>>
>>>> and SSH certificates haven't seen significant adoption,
>>>
>>> this also isn't true.
>>>
>>> enterprises love ssh certificates.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux