Yegor Ievlev
2018-May-25 03:36 UTC
Suggestion: Deprecate SSH certificates and move to X.509 certificates
I suggest deprecating proprietary SSH certificates and move to X.509 certificates. The reasons why I suggest this change are: X.509 certificates are the standard on the web, SSH certificates provide no way to revoke compromised certificates, and SSH certificates haven't seen significant adoption, It's also a bad idea to roll your own crypto, and own certificate format seems like an example of this. I request comments on this proposal, and suggest that X.509 certificates should be supported even if SSH certificates will be left in, since that will solve the problem of authenticating a previously unknown server using the same mechanism most of the web is using.
Damien Miller
2018-May-25 03:55 UTC
Suggestion: Deprecate SSH certificates and move to X.509 certificates
No way, sorry. The OpenSSH certificate format was significantly motivated by X.509's syntactic and semantic complexity, and the consequent attack surface in the sensitive pre-authentication paths of our code. We're very happy to be able to offer certificate functionality while avoiding the numerous vulnerabilities that X.509/ASN.1 parsing would have brought. If you really want X.509 certificates, then I'd recommend Roumen Petrov's patches: https://roumenpetrov.info/secsh/ -- he's done a fine job of maintaing these over an extended period of time. -d On Fri, 25 May 2018, Yegor Ievlev wrote:> I suggest deprecating proprietary SSH certificates and move to X.509 > certificates. The reasons why I suggest this change are: X.509 > certificates are the standard on the web, SSH certificates provide no > way to revoke compromised certificates, and SSH certificates haven't > seen significant adoption, It's also a bad idea to roll your own > crypto, and own certificate format seems like an example of this. I > request comments on this proposal, and suggest that X.509 certificates > should be supported even if SSH certificates will be left in, since > that will solve the problem of authenticating a previously unknown > server using the same mechanism most of the web is using. > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >
Yegor Ievlev
2018-May-25 03:58 UTC
Suggestion: Deprecate SSH certificates and move to X.509 certificates
Can you implement revocation support? On Fri, May 25, 2018 at 6:55 AM, Damien Miller <djm at mindrot.org> wrote:> No way, sorry. > > The OpenSSH certificate format was significantly motivated by X.509's > syntactic and semantic complexity, and the consequent attack surface in > the sensitive pre-authentication paths of our code. We're very happy to > be able to offer certificate functionality while avoiding the numerous > vulnerabilities that X.509/ASN.1 parsing would have brought. > > If you really want X.509 certificates, then I'd recommend Roumen > Petrov's patches: https://roumenpetrov.info/secsh/ -- he's done a > fine job of maintaing these over an extended period of time. > > -d > > On Fri, 25 May 2018, Yegor Ievlev wrote: > >> I suggest deprecating proprietary SSH certificates and move to X.509 >> certificates. The reasons why I suggest this change are: X.509 >> certificates are the standard on the web, SSH certificates provide no >> way to revoke compromised certificates, and SSH certificates haven't >> seen significant adoption, It's also a bad idea to roll your own >> crypto, and own certificate format seems like an example of this. I >> request comments on this proposal, and suggest that X.509 certificates >> should be supported even if SSH certificates will be left in, since >> that will solve the problem of authenticating a previously unknown >> server using the same mechanism most of the web is using. >> _______________________________________________ >> openssh-unix-dev mailing list >> openssh-unix-dev at mindrot.org >> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >>
Peter Moody
2018-May-25 03:58 UTC
Suggestion: Deprecate SSH certificates and move to X.509 certificates
On Thu, May 24, 2018 at 8:36 PM, Yegor Ievlev <koops1997 at gmail.com> wrote:> SSH certificates provide no > way to revoke compromised certificates,this isn't true> and SSH certificates haven't seen significant adoption,this also isn't true. enterprises love ssh certificates.
Yegor Ievlev
2018-May-25 04:09 UTC
Suggestion: Deprecate SSH certificates and move to X.509 certificates
How can I revoke one SSH certificate without having to replace the root certificate and all certificates signed by it? Regarding the second statement, do you have sources? On Fri, May 25, 2018 at 6:58 AM, Peter Moody <mindrot at hda3.com> wrote:> On Thu, May 24, 2018 at 8:36 PM, Yegor Ievlev <koops1997 at gmail.com> wrote: > >> SSH certificates provide no >> way to revoke compromised certificates, > > this isn't true > >> and SSH certificates haven't seen significant adoption, > > this also isn't true. > > enterprises love ssh certificates.
Reasonably Related Threads
- Suggestion: Deprecate SSH certificates and move to X.509 certificates
- Suggestion: Deprecate SSH certificates and move to X.509 certificates
- Suggestion: Deprecate SSH certificates and move to X.509 certificates
- Suggestion: Deprecate SSH certificates and move to X.509 certificates
- Can we disable diffie-hellman-group14-sha1 by default?