[Cryptography] Applying the Mesh to do SSH really right

Phillip Hallam-Baker phill at hallambaker.com
Tue Oct 26 01:57:49 EDT 2021


On Sun, Oct 24, 2021 at 8:40 AM Howard Chu <hyc at symas.com> wrote:

> Phillip Hallam-Baker wrote:
> > April King started a thread on Twitter about how to use SSH in the
> enterprise: Why aren't people using the SSH PKI, why do people roll their
> own key
> > provisioning scripts knowing these are almost certain to be disaster
> areas?
>
> Good question. Pretty much every pain point you outline here is already
> solved in enterprises by LDAP.
> Rolling any other solutions just sounds like pointless protocol
> proliferation.
>

Since a major concern I raised was insider threat and since LDAP is a
single point of trust, I fail to see how LDAP is remotely relevant.

LDAP does not address the private key management either. All it does is
provide one means of distributing certs. I have never understood what
advantage LDAP was supposed to have over some HTTP scheme for that.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20211026/ad8744c1/attachment.htm>


More information about the cryptography mailing list