Re: Suggestion: Deprecate SSH certificates and move to X.509 certificates

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Here you have a second person. We heavily depend on them and they are way easier to manage than X.509 certificates.

On 25.05.2018 06:26, Yegor Ievlev wrote:
That's not a very good source, since it's only available to one person.

On Fri, May 25, 2018 at 7:12 AM, Peter Moody <mindrot@xxxxxxxx> wrote:
On Thu, May 24, 2018 at 9:09 PM, Yegor Ievlev <koops1997@xxxxxxxxx> wrote:
How can I revoke one SSH certificate without having to replace the
root certificate and all certificates signed by it?

there is no chaining of ssh certificates.

Regarding the second statement, do you have sources?

yes. my day job.

On Fri, May 25, 2018 at 6:58 AM, Peter Moody <mindrot@xxxxxxxx> wrote:
On Thu, May 24, 2018 at 8:36 PM, Yegor Ievlev <koops1997@xxxxxxxxx> wrote:

SSH certificates provide no
way to revoke compromised certificates,

this isn't true

and SSH certificates haven't seen significant adoption,

this also isn't true.

enterprises love ssh certificates.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


--
konrad bucheli
principal engineer

open systems ag
raeffelstrasse 29
ch-8045 zurich

t: +41 58 100 10 10
f: +41 58 100 10 11
kb@xxxxxxx

http://www.open.ch

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux