To:
Steve Hanna <steve.hanna@sun.com>
Cc:
Paul Hoffman / IMC <phoffman@imc.org>, keydist@cafax.se
From:
Derek Atkins <warlord@MIT.EDU>
Date:
04 Jan 2002 19:08:46 -0500
Delivery-Date:
Sat Jan 5 01:08:53 2002
In-Reply-To:
Derek Atkins's message of "04 Jan 2002 18:39:14 -0500"
Sender:
owner-keydist@cafax.se
Subject:
Re: From whence we came...
> SSHv2 recommends support for X.509v3 certificates for server
> authentication. Support for SPKI and PGP certificates is optional.
> The commercial version of SSH 3.0 apparently includes support for
> client authentication using certificates. So I question your
> assertion that they are happy not supporting certificates.
Just a follow up on this -- I spoke to the WG chair about this,
and the fact of the matter is that the WG is ambivalent at best
about the x.509 formats. They could basically care less. They
put the text in to allow people to play with it, but as far as
the chair is aware there is very little (if any) implementation
experience with x509 certs. The consensus seems to be that they
are open to the possibility of x.509 use but really don't seem
to care much about it. So, yes, they would be perfectly happy
not supporting certificates, and I suspect if few people actually
implement it the text will get ripped out when they go to Draft.
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available