Re: OpenSSH certified keys

[Nicolas Williams <Nicolas.Williams%sun.com@localhost>]

On Tue, Mar 16, 2010 at 03:42:53PM -0400, Jeffrey Hutzelman wrote:
> --On Wednesday, March 17, 2010 04:19:28 AM +1100 Damien Miller
> <djm%mindrot.org@localhost> wrote:
> >OpenSSH 5.4p1 introduced a novel, lightweight certificate format for
> >user and host keys. These were designed to reuse SSH wire-encoding and
> >signature primitives to minimise the additional attack surface exposed
> >pre-auth. In particular, we are not comfortable with the complexity
> >(syntactically or sematically) of X.509.
> 
> That's unfortunate, because it's what the rest of the world already
> has as its infrastructure.  By not supporting it, you force people
> to choose between supporting your odd, proprietary, unproven
> certificate format or not getting to use certificates at all.  Guess
> which one anyone with more than 5 machines is going to choose?

If this is billed as a simple PKI for small environments then I think
that's fine.  But if anyone tries to grow a deployment of this PKI much
larger then they'll either need to switch to PKIX, to Kerberos, or
you'll need to grow your PKI protocol to cover their needs.  Growing
this PKI protocol puts it in direct competition with PKIX.  The rest of
us will need some compelling rationales for implementing a competitor to
PKIX, and those are going to be hard to come by because of the very
large deployed base of PKIX.

> OpenSSH would be a lot more useful if it supported the same
> authentication mechanisms as the rest of the world.

I agree.  We really should finish the SSHv2-with-x.509 spec, or else
finish PKU2U and deploy that.

Nico
--