[linux-elitists] System-wide certification key (equivalent of root access)

Aaron Lehmann aaronl@vitelus.com
Fri Jan 18 13:37:03 PST 2002

On Fri, Jan 18, 2002 at 10:53:17AM -0800, Seth David Schoen wrote:
> The particular application I thought of was ssh host key signing, so
> you could get host keys from a network administrator and they'd be
> pre-signed with a key you trusted implicitly, so that you could know
> whether or not a host key is correct without having to type "yes" when
> ssh prompts you.

I was thinking that SSH key signing would be cool.

But I think that they should be signed by OpenPGP keys so that they
can take advantage of the existing webs of trust. I think it would be
nice for ssh to use the OpenPGP key format, too, so you could get
someone's host key off a PGP keyserver or use GnuPG to sign backups
with your host key.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20020118/5d6dfa0c/attachment.pgp 

More information about the linux-elitists mailing list