To:
Steve Hanna <steve.hanna@sun.com>
Cc:
Paul Hoffman / IMC <phoffman@imc.org>, keydist@cafax.se
From:
Derek Atkins <warlord@MIT.EDU>
Date:
04 Jan 2002 19:08:46 -0500
Delivery-Date:
Sat Jan 5 01:08:53 2002
In-Reply-To:
Derek Atkins's message of "04 Jan 2002 18:39:14 -0500"
Sender:
owner-keydist@cafax.se
Subject:
Re: From whence we came...
> SSHv2 recommends support for X.509v3 certificates for server > authentication. Support for SPKI and PGP certificates is optional. > The commercial version of SSH 3.0 apparently includes support for > client authentication using certificates. So I question your > assertion that they are happy not supporting certificates. Just a follow up on this -- I spoke to the WG chair about this, and the fact of the matter is that the WG is ambivalent at best about the x.509 formats. They could basically care less. They put the text in to allow people to play with it, but as far as the chair is aware there is very little (if any) implementation experience with x509 certs. The consensus seems to be that they are open to the possibility of x.509 use but really don't seem to care much about it. So, yes, they would be perfectly happy not supporting certificates, and I suspect if few people actually implement it the text will get ripped out when they go to Draft. -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH warlord@MIT.EDU PGP key available