clarify error messages and documentation when using signed public keys
Christopher J. Ruwe
cjr at mail.cruwe.de
Mon Sep 21 03:56:47 AEST 2020
On Sun, 2020-09-20 at 15:30 +0200, Christopher J. Ruwe wrote:
> "In an otherwise normal public/private key pair exchange, clients or
> servers may then trust any public key, provided it has been signed
> by a trusted CA, and verify it's signature on a certificate
> fingerprint, instead of trusting a set of individual user/host keys
> configured on a single host."
Sorry to have muddled that up again. It's not the fingerprint on which
the verification is done, it's the certificate.
So it should be
"In an otherwise normal public/private key pair exchange, clients or
servers may then trust any public key, provided it has been signed by
a trusted CA, and verify it's signature on the certificate of the CA,
instead of trusting a set of individual user/host keys configured on a
single host."
Please excuse the noise.
--
Christopher
More information about the openssh-unix-dev
mailing list