nmh-workers
[Top] [All Lists]

Re: [Nmh-workers] TLS certificate validation

2016-09-24 12:40:53
Thus said Ken Hornstein on Sat, 24 Sep 2016 11:49:08 -0400:

Well, technically, ssh does not deal  in certificates - they deal with
keys. They do not have an expiration date. If you need to rekey an ssh
server, the world falls apart.

Technically, OpenSSH  does have support for  certificate authorities, so
one need not have  the world fall apart, but I don't  know how common is
it in use:

CERTIFICATES
     ssh-keygen supports signing of keys to produce certificates that may be
     used for user or host authentication.  Certificates consist of a public
     key, some identity information, zero or more principal (user or host)
     names and a set of options that are signed by a Certification Authority
     (CA) key.  Clients or servers may then trust only the CA key and verify
     its signature on a certificate rather than trusting many user/host keys.
     Note that OpenSSH certificates are a different, and much simpler, format
     to the X.509 certificates used in ssl(8).

Andy
-- 
TAI64 timestamp: 4000000057e6b8fe



_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers

<Prev in Thread] Current Thread [Next in Thread>