Signing KRLs?
Daniel Schneller
ds at danielschneller.de
Tue Feb 5 05:27:54 AEDT 2019
Hi!
While reading through PROTOCOL.krl I came across "5. KRL signature sections".
If my understanding is correct - and that's basically what I would like to
get knocked down for if appropriate ;) - this is a way for SSHDs to ensure
they only accept KRLs signed by a trusted CA.
However, I cannot seem to find a way to actually _sign_ a KRL with ssh-keygen?
The aforementioned PROTOCOL.krl says that KRL_SECTION_SIGNATURE is optional in
the file structure, so am I right to assume that ssh-keygen simply does not
implement the signing of KRLs (yet)? Or do I need to use some other tool I have
overlooked?
Thanks a lot in advance.
Cheers,
Daniel
--
Daniel Schneller
ds at danielschneller.com
Twitter: @dschneller
http://www.danielschneller.com - Java, iOS, Mac, Windows, Linux and other insanities.
More information about the openssh-unix-dev
mailing list