search for: _sign_

...me across "5. KRL signature sections". If my understanding is correct - and that's basically what I would like to get knocked down for if appropriate ;) - this is a way for SSHDs to ensure they only accept KRLs signed by a trusted CA. However, I cannot seem to find a way to actually _sign_ a KRL with ssh-keygen? The aforementioned PROTOCOL.krl says that KRL_SECTION_SIGNATURE is optional in the file structure, so am I right to assume that ssh-keygen simply does not implement the signing of KRLs (yet)? Or do I need to use some other tool I have overlooked? Thanks a lot in advance. C...