On Sun, 2020-09-20 at 15:30 +0200, Christopher J. Ruwe wrote: > "In an otherwise normal public/private key pair exchange, clients or > servers may then trust any public key, provided it has been signed > by a trusted CA, and verify it's signature on a certificate > fingerprint, instead of trusting a set of individual user/host keys > configured on a single host." Sorry to have muddled that up again. It's not the fingerprint on which the verification is done, it's the certificate. So it should be "In an otherwise normal public/private key pair exchange, clients or servers may then trust any public key, provided it has been signed by a trusted CA, and verify it's signature on the certificate of the CA, instead of trusting a set of individual user/host keys configured on a single host." Please excuse the noise. -- Christopher _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
