clarify error messages and documentation when using signed public keys

Christopher J. Ruwe cjr at mail.cruwe.de
Mon Sep 21 03:56:47 AEST 2020


On Sun, 2020-09-20 at 15:30 +0200, Christopher J. Ruwe wrote:
> "In an otherwise normal public/private key pair exchange, clients or
> servers may then trust any public key, provided it has been signed
> by a trusted CA, and verify it's signature on a certificate
> fingerprint, instead of trusting a set of individual user/host keys
> configured on a single host."

Sorry to have muddled that up again. It's not the fingerprint on which
the verification is done, it's the certificate.

So it should be

"In an otherwise normal public/private key pair exchange, clients or
servers may then trust any public key, provided it has been signed by
a trusted CA, and verify it's signature on the certificate of the CA,
instead of trusting a set of individual user/host keys configured on a
single host."

Please excuse the noise.
--
Christopher




More information about the openssh-unix-dev mailing list