| Summary: | Enable user-relative revoked keys files | ||
|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Jordan Macdonald <macdjord> |
| Component: | sshd | Assignee: | Assigned to nobody <unassigned-bugs> |
| Status: | NEW --- | ||
| Severity: | enhancement | CC: | macdjord |
| Priority: | P5 | ||
| Version: | 8.1p1 | ||
| Hardware: | All | ||
| OS: | All | ||
| See Also: | https://bugzilla.mindrot.org/show_bug.cgi?id=2328 | ||
|
Description
Jordan Macdonald
2020-08-29 09:33:40 AEST
Note: Both approaches - this one and the one suggested in https://bugzilla.mindrot.org/show_bug.cgi?id=2328 - offer distinct advantages: * Maintaining separate KRLs for each certificate authority is best-practice and enables fine-grained control (e.g. revoking the signature of a particular key by a particular CA but still allowing that same key to be used if it is also signed by a different authorized CA) * However, not everyone follows best practices, and many users will just want to have one file to append their old/invalid/compromised keys to without having to specify `crl-file="~/.ssh/revoked_keys"` separately for every CA in `authorized_keys` Either option would satisfactorily solve the issue of allowing users to control their own revocations, but the ideal solution would probably be to offer both. Also, if per-user revocation files are supported, it would probably be a good idea to give `RevokedKeys` a suitable default; I suggest `.ssh/revoked_keys`. It seems unwise to enable user-specified CAs by default without offering user-specified revocation. |