WYTM?
Damien Miller
djm at mindrot.org
Sun Oct 19 03:42:34 EDT 2003
On Sun, 2003-10-19 at 00:47, Peter Gutmann wrote:
> >What was the motive for adding lip service into the document?
>
> So that it's possible to claim PGP and X.509 support if anyone's interested in
> it. It's (I guess) something driven mostly by marketing so you can answer
> "Yes" to any question of "Do you support <x>". You can find quite a number of
> these things present in various security specs, it's not just an SSH thing.
I think that you are misrepresenting the problem a little. At
least one vendor (ssh.com) has a product that supports both X.509
and PGP, so the inclusion of these in the I-D is not just marketing
overriding reality - just a lack of will on part of the the draft's
authors.
I have seen little involvement on the secsh wg mailing list by
the ssh.com people since the public spat about trademark rights
over "ssh" a few years back. Since noone else implements these two
public key methods, the work has never been done. IIRC The wg
decided to punt the issue to a separate draft if it ever arose
again. It hasn't in two years.
In the meantime, everyone involved seems to have become deathly
afraid of touching the draft so as not to impede its glacial
progress through the IETF on its way to RFC-hood.
Whether a sizeable number of customers acutally use certificates
for ssh is another matter. IMO The only real use for certs in ssh
is the issue of initial server authentication.
If one wants to use certificates to facilitate this process, they
can already - just publish the server keys on a https server
somewhere and/or sign them with PGP :)
-d
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list