Announce: X.509 certificates support v7.2 for OpenSSH version 6.0p1

[Damien Miller]

On Mon, 28 May 2012, Peter Stuge wrote:

> John Olsson M wrote:
> > What is blocking this from being merged into OpenSSH?
> 
> Quite likely the diffstat:

No, we just don't trust X.509 (or ASN.1 at all) in the pre-authentication
attack surface. This is no reflection on Roumen's code, but on the
syntactic and semantic complexity of the standards themselves and their
vulnerability history.

-d