Hi! While reading through PROTOCOL.krl I came across "5. KRL signature sections". If my understanding is correct - and that's basically what I would like to get knocked down for if appropriate ;) - this is a way for SSHDs to ensure they only accept KRLs signed by a trusted CA. However, I cannot seem to find a way to actually _sign_ a KRL with ssh-keygen? The aforementioned PROTOCOL.krl says that KRL_SECTION_SIGNATURE is optional in the file structure, so am I right to assume that ssh-keygen simply does not implement the signing of KRLs (yet)? Or do I need to use some other tool I have overlooked? Thanks a lot in advance. Cheers, Daniel -- Daniel Schneller ds@xxxxxxxxxxxxxxxxxxx Twitter: @dschneller http://www.danielschneller.com - Java, iOS, Mac, Windows, Linux and other insanities. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev