Extensions to Secure Shell Public Key Subsystem
draft-joseph-pkix-sshextension-00
Document | Type |
Replaced Internet-Draft
(individual)
Expired & archived
|
|
---|---|---|---|
Authors | Mark Joseph, Jim Susoy | ||
Last updated | 2013-05-31 (Latest revision 2013-05-16) | ||
Replaced by | draft-joseph-pkix-p6rsshextension | ||
RFC stream | Independent Submission | ||
Intended RFC status | (None) | ||
Formats | |||
Stream | ISE state | No Longer In Independent Submission Stream | |
Consensus boilerplate | Unknown | ||
Document shepherd | (None) | ||
IESG | IESG state | Replaced by draft-joseph-pkix-p6rsshextension | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
The Secure Shell Public Key Subsystem protocol defines a key distribution protocol to provision an SSH server with user's public keys. However, that protocol is limited to provisioning an SSH server. This document describes extensions to this protocol to allow the provisioning of keys and certificates to a server using the SSH transport. The defined protocol extensions allow the calling client to organize keys and certificates in different namespaces on a server. These namespaces can be used by the server to allow a client to configure any application running on the server (e.g., SSH, KMIP, SNMP). The defined extensions provide a server-independent mechanism for clients to add public keys, remove public keys, add certificates, remove certificates, and list the current set of keys and certificates known by the server by namespace (e.g., list all public keys in the SSH namespace). Rights to manage keys and certificates in a specific namespace are specific and limited to the authorized user and are defined as part of the server's implementation. The described protocol is backward compatible to version 2 defined by RFC 4819.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)