Suggestion: Deprecate SSH certificates and move to X.509 certificates
Yegor Ievlev
koops1997 at gmail.com
Fri May 25 14:26:21 AEST 2018
That's not a very good source, since it's only available to one person.
On Fri, May 25, 2018 at 7:12 AM, Peter Moody <mindrot at hda3.com> wrote:
> On Thu, May 24, 2018 at 9:09 PM, Yegor Ievlev <koops1997 at gmail.com> wrote:
>> How can I revoke one SSH certificate without having to replace the
>> root certificate and all certificates signed by it?
>
> there is no chaining of ssh certificates.
>
>> Regarding the second statement, do you have sources?
>
> yes. my day job.
>
>> On Fri, May 25, 2018 at 6:58 AM, Peter Moody <mindrot at hda3.com> wrote:
>>> On Thu, May 24, 2018 at 8:36 PM, Yegor Ievlev <koops1997 at gmail.com> wrote:
>>>
>>>> SSH certificates provide no
>>>> way to revoke compromised certificates,
>>>
>>> this isn't true
>>>
>>>> and SSH certificates haven't seen significant adoption,
>>>
>>> this also isn't true.
>>>
>>> enterprises love ssh certificates.
More information about the openssh-unix-dev
mailing list