5.4p1 and FIPS 140-2

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Mar 16 07:53:08 EST 2010


On 03/15/2010 04:41 PM, Roumen Petrov wrote:
> Bryan wrote:
>> build in 5.4p1 will a little find/replace version magic? Any chance that
>> this will show up in the OpenBSD snaps, as I just found out you have PKI
>> integration.
> 
> No OpenSSH don't support PKI.

Technically, version 5.4 *does* support a PKI, but it supports a novel,
OpenSSH-specific PKI, not a PKI that would already be in use by any
other systems (or specified in any existing standard).

In particular, OpenSSH does not natively support the PKI known as X.509,
though Roumen's patches [0] provide X.509 support.

And OpenSSH also does not internally support the PKI known as OpenPGP,
though the Monkeysphere project [1] can be used with any recent
stock/unpatched SSH to provide OpenPGP support.

	--dkg

[0] http://www.roumenpetrov.info/openssh/
[1] http://web.monkeysphere.info/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20100315/5e6072aa/attachment-0001.bin>


More information about the openssh-unix-dev mailing list