WYTM?

[Peter Gutmann]

Damien Miller <djm at mindrot.org> writes:

>The SSH protocol supports certificates (X.509 and OpenPGP), though most
>implementations don't.

One of the reason why many implementations may not support it is that the spec
is completely ambiguous as to the data formats being used.  For example it
specifies the signature blob format as "an X.509 signature", which could be
about half a dozen different things.  Same with PGP signatures, for which
there's even more possibilities.  In addition since almost nothing implements
them, it's not possible to get test data from someone else's server to see
what they're doing (hmm, and even if there was there's no way to tell whether
their interpretation would match someone else's).

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com