Re: Suggestion: Deprecate SSH certificates and move to X.509 certificates

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



You're coming across as rather combative, demandind sources to support others' comments, when you yourself have provided no evidence to support your own claims. Perhaps you want to rethink your approach. 

That said, I know of an enterprise with 50,000 employees worldwide who relies on OpenSSH certificates to securely authenticate across bastions into virtual private clouds. I'm pretty sure Peter doesn't work there, as I would know it. That makes two data points to support his statement.

-- 
jim knoble


> On May 24, 2018, at 21:26, Yegor Ievlev <koops1997@xxxxxxxxx> wrote:
> 
> That's not a very good source, since it's only available to one person.
> 
>> On Fri, May 25, 2018 at 7:12 AM, Peter Moody <mindrot@xxxxxxxx> wrote:
>>> On Thu, May 24, 2018 at 9:09 PM, Yegor Ievlev <koops1997@xxxxxxxxx> wrote:
>>> How can I revoke one SSH certificate without having to replace the
>>> root certificate and all certificates signed by it?
>> 
>> there is no chaining of ssh certificates.
>> 
>>> Regarding the second statement, do you have sources?
>> 
>> yes. my day job.
>> 
>>>> On Fri, May 25, 2018 at 6:58 AM, Peter Moody <mindrot@xxxxxxxx> wrote:
>>>>> On Thu, May 24, 2018 at 8:36 PM, Yegor Ievlev <koops1997@xxxxxxxxx> wrote:
>>>>> 
>>>>> SSH certificates provide no
>>>>> way to revoke compromised certificates,
>>>> 
>>>> this isn't true
>>>> 
>>>>> and SSH certificates haven't seen significant adoption,
>>>> 
>>>> this also isn't true.
>>>> 
>>>> enterprises love ssh certificates.
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@xxxxxxxxxxx
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux