X.509 support in ssh (revisited)

kevin at tgivan.com kevin at tgivan.com
Thu Jan 24 05:25:05 EST 2002


Moin mouring! 
 mouring at etoh.eviladmin.org schrieb am Mittwoch, den 23. Januar 2002:

> Does X.509 really make sense with SSH?  I mean you are still not
> going to get Verisigned licenses and even that you are putting your
> trust in a 3rd party certificate which has no real bearing on the
> trust of the machine in question.

I think X.509 is very good thing when managing a large environment
where you have thousands of hosts running SSH and one main key
management system.  Getting a signed cert from Verisign might be a
good thing for some, yet if you a large domain with thousands of hosts
(company/clients) and you manage your own CA, you can have a relatively
reliable key-management system tied with X.509 bases authentication.

My 0.2 cents

Rgds,

-- 
Kevin Sindhu 			    <kevin at tgivan dot com> 
Systems Engineer
TGI Technologies Inc.
107 E 3rd Avenue        	Tel: (604) 872-6676 Ext 321
Vancouver  V5T 1C7	        Fax: (604) 872-6601 
British Columbia, Canada 



More information about the openssh-unix-dev mailing list