Suggestion: Deprecate SSH certificates and move to X.509 certificates

Yegor Ievlev koops1997 at
Fri May 25 14:09:25 AEST 2018

How can I revoke one SSH certificate without having to replace the
root certificate and all certificates signed by it?

Regarding the second statement, do you have sources?

On Fri, May 25, 2018 at 6:58 AM, Peter Moody <mindrot at> wrote:
> On Thu, May 24, 2018 at 8:36 PM, Yegor Ievlev <koops1997 at> wrote:
>> SSH certificates provide no
>> way to revoke compromised certificates,
> this isn't true
>> and SSH certificates haven't seen significant adoption,
> this also isn't true.
> enterprises love ssh certificates.

More information about the openssh-unix-dev mailing list