Re: OpenSSH Certkey (PKI)

To:	openssh-unix-dev@mindrot.org
Subject:	Re: OpenSSH Certkey (PKI)
From:	"Wolfgang S. Rupprecht" <wolfgang+gnus200611@dailyplanet.dontspam.wsrcc.com>
Date:	Thu, 16 Nov 2006 08:43:20 -0800
Cancel-lock:	sha1:qbGUYo1DViXduXkRetl3eoQTwpo=
Cc:	freebsd-current@freebsd.org, tech@openbsd.org
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	openssh-unix-dev-list1@securepoint.com
Delivered-to:	openssh-unix-dev-tmda@mindrot.org
Delivered-to:	openssh-unix-dev@mindrot.org
List-archive:	<http://lists.mindrot.org/pipermail/openssh-unix-dev>
List-help:	<mailto:openssh-unix-dev-request@mindrot.org?subject=help>
List-id:	Development of portable OpenSSH <openssh-unix-dev.mindrot.org>
List-post:	<mailto:openssh-unix-dev@mindrot.org>
List-subscribe:	<http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev>, <mailto:openssh-unix-dev-request@mindrot.org?subject=subscribe>
List-unsubscribe:	<http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev>, <mailto:openssh-unix-dev-request@mindrot.org?subject=unsubscribe>
Organization:	W S Rupprecht Computer Consulting, Fremont CA
References:	<20061115142820.GB14649@insomnia.benzedrine.cx> <87odr8i53w.fsf@arbol.wsrcc.com> <20061116135627.GA26343@tortuga.leo.org>
Sender:	openssh-unix-dev-bounces+openssh-unix-dev-list1=securepoint.com@mindrot.org
User-agent:	Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)

Daniel Lang <dl@leo.org> writes:
> Are you, by any chance, mixing up "known_hosts" and "authorized_keys"?

Oops. I quoted the wrong section.  I had meant to quote the section
about the user_certificates.  This is what I meant to cite:

     +A user certificate is an authorization made by the CA that the
     +holder of a specific private key may login to the server as a
     +specific user, without the need of an authorized_keys file being
     +present. The CA gains the power to grant individual users access
     +to the server, and users do no longer need to maintain
     +authorized_keys files of their own.

I don't see a problem with the host certificates methodology.  (In
fact I'd love to see the known_hosts files fade away as more hosts
transition to using host certificates.)

Thanks,

-wolfgang
-- 
Wolfgang S. Rupprecht                http://www.wsrcc.com/wolfgang/

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

<Prev in Thread]	Current Thread	[Next in Thread>
OpenSSH Certkey (PKI), Daniel Hartmeier Re: OpenSSH Certkey (PKI), Andre Oppermann Message not available Re: OpenSSH Certkey (PKI), Brian Keefer Re: OpenSSH Certkey (PKI), Andre Oppermann Message not available Re: OpenSSH Certkey (PKI), Andre Oppermann Message not available Message not available Message not available Re: OpenSSH Certkey (PKI) adding CAL (online verification), Andre Oppermann Message not available Message not available Re: OpenSSH Certkey (PKI) adding CAL (online verification), Daniel Hartmeier Re: OpenSSH Certkey (PKI), Wolfgang S. Rupprecht Message not available Re: OpenSSH Certkey (PKI), Wolfgang S. Rupprecht <= Re: OpenSSH Certkey (PKI), Andre Oppermann Message not available Re: OpenSSH Certkey (PKI), Wolfgang S. Rupprecht Re: OpenSSH Certkey (PKI), Nick Bender Message not available Re: OpenSSH Certkey (PKI), Andre Oppermann Re: OpenSSH Certkey (PKI), Stephen Frost Re: OpenSSH Certkey (PKI), Andre Oppermann

Previous by Date:	Re: ssh-decrypt, Jason
Next by Date:	Re: OpenSSH Certkey (PKI), Andre Oppermann
Previous by Thread:	Re: OpenSSH Certkey (PKI), Wolfgang S. Rupprecht
Next by Thread:	Re: OpenSSH Certkey (PKI), Andre Oppermann
Indexes:	[Date] [Thread] [Top] [All Lists]