Suggestion: Deprecate SSH certificates and move to X.509 certificates

Yegor Ievlev koops1997 at gmail.com
Fri May 25 13:58:36 AEST 2018


Can you implement revocation support?

On Fri, May 25, 2018 at 6:55 AM, Damien Miller <djm at mindrot.org> wrote:
> No way, sorry.
>
> The OpenSSH certificate format was significantly motivated by X.509's
> syntactic and semantic complexity, and the consequent attack surface in
> the sensitive pre-authentication paths of our code. We're very happy to
> be able to offer certificate functionality while avoiding the numerous
> vulnerabilities that X.509/ASN.1 parsing would have brought.
>
> If you really want X.509 certificates, then I'd recommend Roumen
> Petrov's patches: https://roumenpetrov.info/secsh/ -- he's done a
> fine job of maintaing these over an extended period of time.
>
> -d
>
> On Fri, 25 May 2018, Yegor Ievlev wrote:
>
>> I suggest deprecating proprietary SSH certificates and move to X.509
>> certificates. The reasons why I suggest this change are: X.509
>> certificates are the standard on the web, SSH certificates provide no
>> way to revoke compromised certificates, and SSH certificates haven't
>> seen significant adoption, It's also a bad idea to roll your own
>> crypto, and own certificate format seems like an example of this. I
>> request comments on this proposal, and suggest that X.509 certificates
>> should be supported even if SSH certificates will be left in, since
>> that will solve the problem of authenticating a previously unknown
>> server using the same mechanism most of the web is using.
>> _______________________________________________
>> openssh-unix-dev mailing list
>> openssh-unix-dev at mindrot.org
>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>>


More information about the openssh-unix-dev mailing list