[prev in list] [next in list] [prev in thread] [next in thread] 

List:       secure-shell
Subject:    Announce: X.509 certificates support in OpenSSH version 5.4
From:       Roumen Petrov <openssh () roumenpetrov ! info>
Date:       2006-04-27 18:38:16
Message-ID: 44510F98.2020206 () roumenpetrov ! info
[Download RAW message or body]

Hi All,

The version 5.4 of "X.509 certificates support in OpenSSH" is ready for download.
On download page http://roumenpetrov.info.localhost/openssh/download.html#get_-5.4
you can found diffs for OpenSSH versions 4.2p1 and 4.3p2.


What's new:
* given up support for "x509v3-sign-rsa-sha1" and "x509v3-sign-dss-sha1"
     The implementation realised in previous version 5.3 is not fully in conformance
   with "draft-ietf-secsh-x509-02.txt"

* correct nid for OCSP responder location
     All version before 5.4 search for nid "id-pkix-ocsp-service-locator"
   instead for correct one "id-ad-ocsp" to find location of OCSP responder.

* public key permit X.509 certificate for authentication
     Now the public key listed in authorized keys file permit too a X.509 certificate
   with public key that match it to be used in "public key authentication".

* client option "PubkeyAlgorithms"
     This new clent option specifies the protocol version 2 algorithms used in
   "publickey" authentication allowed to sent to the host.

* server option "KeyAllowSelfIssued"
     This new server option specifies whether only public key or certificate blob
   listed in authorized keys file can allow self-issued(self-signed) X.509
   certificate to be used for user authentication.


Please visit "http://roumenpetrov.info/openssh/" for more information
about "X.509 certificates support in OpenSSH".


Regards,
Roumen Petrov


[prev in list] [next in list] [prev in thread] [next in thread]