X.509 support in ssh (revisited)
kevin at tgivan.com
kevin at tgivan.com
Thu Jan 24 05:25:05 EST 2002
Moin mouring!
mouring at etoh.eviladmin.org schrieb am Mittwoch, den 23. Januar 2002:
> Does X.509 really make sense with SSH? I mean you are still not
> going to get Verisigned licenses and even that you are putting your
> trust in a 3rd party certificate which has no real bearing on the
> trust of the machine in question.
I think X.509 is very good thing when managing a large environment
where you have thousands of hosts running SSH and one main key
management system. Getting a signed cert from Verisign might be a
good thing for some, yet if you a large domain with thousands of hosts
(company/clients) and you manage your own CA, you can have a relatively
reliable key-management system tied with X.509 bases authentication.
My 0.2 cents
Rgds,
--
Kevin Sindhu <kevin at tgivan dot com>
Systems Engineer
TGI Technologies Inc.
107 E 3rd Avenue Tel: (604) 872-6676 Ext 321
Vancouver V5T 1C7 Fax: (604) 872-6601
British Columbia, Canada
More information about the openssh-unix-dev
mailing list