[conspire] SSH-PKI lol
Rick Moen
rick at linuxmafia.com
Thu Sep 30 11:54:38 PDT 2021
Quoting Nick Moffitt (nick at zork.net):
> But if you're interested in pushing SSH cert management along through
> some delightfully filthy hacks:
>
> https://github.com/mjg59/ssh_pki
It really is. And I appreciate you (and Matthew Garrett) making me
feel less sheepish about my recent late-night befuddlement about the
role of _certificates_ in ssh key management. I mean, I read about this
particular application of SHA1, and my first reaction was 'Certificates?
In ssh? _What_ certificates?'
It wasn't possible to even tell Ruben why he'd been mislead until I did
some remedial reading, at which point I thought 'Wow, this is.. whacked.'
As Garrett illustrates, well, ssh certificates are sort of there,
vestigial, pointless, and dumb. Exploiting them by tying them into the
global PKI using X.509 is, indeed, a gloriously stupid, crazy idea. Bravo.
Maybe, version 2.0 can put some XML in there, some J2EE, and a "service
layer".
More information about the conspire
mailing list