Re: Suggestion: Deprecate SSH certificates and move to X.509 certificates

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



I did not consciously attempt to be combative. However your perception
may be different.

On Fri, May 25, 2018 at 7:58 AM, Jim Knoble <jmknoble@xxxxxxxxx> wrote:
> You're coming across as rather combative, demandind sources to support others' comments, when you yourself have provided no evidence to support your own claims. Perhaps you want to rethink your approach.
>
> That said, I know of an enterprise with 50,000 employees worldwide who relies on OpenSSH certificates to securely authenticate across bastions into virtual private clouds. I'm pretty sure Peter doesn't work there, as I would know it. That makes two data points to support his statement.
>
> --
> jim knoble
>
>
>> On May 24, 2018, at 21:26, Yegor Ievlev <koops1997@xxxxxxxxx> wrote:
>>
>> That's not a very good source, since it's only available to one person.
>>
>>> On Fri, May 25, 2018 at 7:12 AM, Peter Moody <mindrot@xxxxxxxx> wrote:
>>>> On Thu, May 24, 2018 at 9:09 PM, Yegor Ievlev <koops1997@xxxxxxxxx> wrote:
>>>> How can I revoke one SSH certificate without having to replace the
>>>> root certificate and all certificates signed by it?
>>>
>>> there is no chaining of ssh certificates.
>>>
>>>> Regarding the second statement, do you have sources?
>>>
>>> yes. my day job.
>>>
>>>>> On Fri, May 25, 2018 at 6:58 AM, Peter Moody <mindrot@xxxxxxxx> wrote:
>>>>>> On Thu, May 24, 2018 at 8:36 PM, Yegor Ievlev <koops1997@xxxxxxxxx> wrote:
>>>>>>
>>>>>> SSH certificates provide no
>>>>>> way to revoke compromised certificates,
>>>>>
>>>>> this isn't true
>>>>>
>>>>>> and SSH certificates haven't seen significant adoption,
>>>>>
>>>>> this also isn't true.
>>>>>
>>>>> enterprises love ssh certificates.
>> _______________________________________________
>> openssh-unix-dev mailing list
>> openssh-unix-dev@xxxxxxxxxxx
>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux