Wondering if it would make sense to have more granular control of trustedUserCAkeys? I have 1 key used to sign root certs, the key is shortlived, and is rotated daily. And I have a 2nd key to sign non- privileged user certs. The non-privileged certs have a longer validity period, and the signing keys are not rotated as frequently. It would be nice to ensure this second signing key's associated pubkey in trustedusercakeys is never consulted when a root certificate is presented, perhaps via some form of blacklisting within the trustedusercakeys file? This would provide some assurance that the theft of the second key could not be used to sign root certificates and be accepted for the systems I manage. Mark Christian _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
