Re: Certificate authentication

To: ietf-ssh%netbsd.org@localhost
Subject: Re: Certificate authentication
From: maf%appgate.com@localhost
Date: Mon, 19 Jan 2004 08:50:35 +0100 (CET)

On 19 Jan, Damien Miller wrote:
> IIRC it was I that suggested this encoding and then promptly retracted
> it after a good night's sleep. I had hoped that this bit of embassasment
> would lay undisturbed in the list archives. Anyway:

Isn't the internet wonderful:-)

> - I think that the certificate hostkeys or userauth should be specified
> in separate drafts.

I have no problems with this.

> - I'd prefer that no more changes be made to the current drafts so as
> not to (yet again) delay them.

Agreed.

> - I don't think that the current wording should just be deleted, as at
> least one implementation (ssh.com, and possibly people who are using
> patched OpenSSH) does use host-key certificates with the specified
> encoding name.

We have implemented certificate support both for authentication and
hostkeys in the AppGate software. But since the drafts were unclear we
have used private names (i.e. @appgate.com) for them.

	/MaF
-- 
Martin Forssen <maf%appgate.com@localhost>              Development Manager
Phone: +46 31 7744361                         AppGate Network Security AB

Prev by Date: Re: Certificate authentication
Next by Date: Connectathon 2004
Previous by Thread: Re: Certificate authentication
Next by Thread: Connectathon 2004
Indexes:

Home | Main Index | Thread Index | Old Index