Re: X.509 and ssh
- From: "JKV" <jkvbe@N O S P A M y a h o o . c o m>
- Date: Sat, 18 Feb 2006 13:45:33 GMT
"Richard E. Silverman" <res@xxxxxxxx> wrote in message
news:m2pslto3v8.fsf@xxxxxxxxxxxxxxxxxxxxx
I would like to use it the other way around. All users presenting a X.509
With a standard, distributed trust system such as X.509 PKI, this problem
simply goes away. It is only necessary to distribute to clients, once, a
single root certificate under which server hostkey certificates are
issued. Servers may then be added, removed, or rekeyed at will, with no
client updates needed. Similar improvements are realized if certificates
are also used for user authentication, although that entails much more
overhead and hence is less likely to be necessary or used.
certificate issued by a trusted party can access the server. Then I only
need to install the root certificate of the trusted party on the server and
the user management doesn't need to be done on that server but can be done
independently.
Jan
.
- Follow-Ups:
- Re: X.509 and ssh
- From: Peter Gutmann
- Re: X.509 and ssh
- From: Anne & Lynn Wheeler
- Re: X.509 and ssh
- References:
- Re: X.509 and ssh
- From: Peter Gutmann
- Re: X.509 and ssh
- From: Richard E. Silverman
- Re: X.509 and ssh
- Prev by Date: Is this port forwarding or something else
- Next by Date: Re: Is this port forwarding or something else
- Previous by thread: Re: X.509 and ssh
- Next by thread: Re: X.509 and ssh
- Index(es):
Relevant Pages
|
