Suggestion: Deprecate SSH certificates and move to X.509 certificates
djm at mindrot.org
Fri May 25 14:45:21 AEST 2018
On Fri, 25 May 2018, Yegor Ievlev wrote:
> How can I revoke one SSH certificate without having to replace the
> root certificate and all certificates signed by it?
> Regarding the second statement, do you have sources?
Uber, Facebook, Google, Netflix, Lyft, Square, Asana and others are on
the record as using OpenSSH certificates (within a minute or two of
Some of them have published their own CA clients/servers (inc. Peter).
More information about the openssh-unix-dev