X.509 support in ssh (revisited)

[Simon Wilkinson]

On Wed, 23 Jan 2002 mouring at etoh.eviladmin.org wrote:

> Until your CA's employees do something brain dead like hand out a copy of
> your key to someone who 'claims' to be an employee of your company.
>
> Refer to Micorosft and Versign issue last year which caused MS to resign a
> ton of packages and revoke a very heavily used key.
>
> Think warm fuzzy thoughts that your CA is trustworthy. =)

If you run your own CA, these thoughts can be a little less fuzzy.

I think many of the posters are missing the point. For large institutions
which have ssh deployed on every host, managing a central known hosts
file is a real pain. Failures or delays in managing that file which result
in "key changed" warnings lead to users just skipping those warnings, and
an obvious degradation in security.

For the intranet model there are three solutions to this
1) Use ssh with GSSAPI to remove the need for host keys
2) Use a secure service such as LDAP to distribute host keys
3) Use a key signing infrastructure to sign your host keys

Using X.509 signatures doesn't mean giving control to a central
Verisign-a-like CA - you can just use your local CA. For organisations
which have already deployed some form of trust infrastructure, having
ssh fit into that existing system is a big win.

Cheers,

Simon.