I did not consciously attempt to be combative. However your perception may be different. On Fri, May 25, 2018 at 7:58 AM, Jim Knoble <jmknoble@xxxxxxxxx> wrote: > You're coming across as rather combative, demandind sources to support others' comments, when you yourself have provided no evidence to support your own claims. Perhaps you want to rethink your approach. > > That said, I know of an enterprise with 50,000 employees worldwide who relies on OpenSSH certificates to securely authenticate across bastions into virtual private clouds. I'm pretty sure Peter doesn't work there, as I would know it. That makes two data points to support his statement. > > -- > jim knoble > > >> On May 24, 2018, at 21:26, Yegor Ievlev <koops1997@xxxxxxxxx> wrote: >> >> That's not a very good source, since it's only available to one person. >> >>> On Fri, May 25, 2018 at 7:12 AM, Peter Moody <mindrot@xxxxxxxx> wrote: >>>> On Thu, May 24, 2018 at 9:09 PM, Yegor Ievlev <koops1997@xxxxxxxxx> wrote: >>>> How can I revoke one SSH certificate without having to replace the >>>> root certificate and all certificates signed by it? >>> >>> there is no chaining of ssh certificates. >>> >>>> Regarding the second statement, do you have sources? >>> >>> yes. my day job. >>> >>>>> On Fri, May 25, 2018 at 6:58 AM, Peter Moody <mindrot@xxxxxxxx> wrote: >>>>>> On Thu, May 24, 2018 at 8:36 PM, Yegor Ievlev <koops1997@xxxxxxxxx> wrote: >>>>>> >>>>>> SSH certificates provide no >>>>>> way to revoke compromised certificates, >>>>> >>>>> this isn't true >>>>> >>>>>> and SSH certificates haven't seen significant adoption, >>>>> >>>>> this also isn't true. >>>>> >>>>> enterprises love ssh certificates. >> _______________________________________________ >> openssh-unix-dev mailing list >> openssh-unix-dev@xxxxxxxxxxx >> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev