Signing KRLs?

Daniel Schneller ds at danielschneller.de
Tue Feb 5 05:27:54 AEDT 2019


Hi!

While reading through PROTOCOL.krl I came across "5. KRL signature sections".

If my understanding is correct - and that's basically what I would like to
get knocked down for if appropriate ;) - this is a way for SSHDs to ensure
they only accept KRLs signed by a trusted CA.

However, I cannot seem to find a way to actually _sign_ a KRL with ssh-keygen?
The aforementioned PROTOCOL.krl says that KRL_SECTION_SIGNATURE is optional in
the file structure, so am I right to assume that ssh-keygen simply does not 
implement the signing of KRLs (yet)? Or do I need to use some other tool I have
overlooked?

Thanks a lot in advance.

Cheers,
Daniel


-- 
Daniel Schneller
ds at danielschneller.com
Twitter: @dschneller
http://www.danielschneller.com - Java, iOS, Mac, Windows, Linux and other insanities.



More information about the openssh-unix-dev mailing list