Henrick Hellström wrote:
Joseph Galbraith wrote:Henrick Hellström wrote:I can only see a point in using X.509 certificates with SSH, in casesecure distribution of public keys between the server and the clients isnot feasible.[SNIP] To be honest, this covers most SSH cases, right? [SNIP]No, there is no 'not' missing. Example:"A host server certificate SHOULD include the id_kp_serverAuth OID in the extKeyUsage extension, and a client user certificate SHOULD include the id_kp_clientAuth OID. The extKeyUsage extension SHOULD be marked as critical. Client implementations SHOULD reject host server certificates that contain the id_kp_clientAuth OID in the extKeyUsage extension, and server implementations SHOULD reject client certificates that contain the id_kp_serverAuth OID in the extKeyUsage extension."
One part is "Public Key Authentication Method" and example above cover only it. Other method is "Host-Based Authentication" and in this case host key (certificate) may contain both extentions id_kp_clientAuth and id_kp_serverAuth.
Please note that I don't suggest that the above paragraph should be added. It just serves as an example of an application specific PKI policy.
I agree with this. RFC 3280 cover enough "Certificate Extensions". -- Roumen Petrov http://roumenpetrov.info/openssh/