Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

X.509v3 Certificates for Secure Shell Authentication
RFC 6187

Yes

(Alexey Melnikov)

(Russ Housley)

(Sean Turner)

No Objection

Lars Eggert

(Adrian Farrel)

(Gonzalo Camarillo)

(Jari Arkko)

(Peter Saint-Andre)

(Robert Sparks)

(Ron Bonica)

(Stewart Bryant)

(Tim Polk)

Note: This ballot was opened for revision 07 and is now closed.

Lars Eggert

No Objection

Alexey Melnikov Former IESG member

Yes

Yes (2010-11-24) Unknown

A well written document, one question:

2.1.  Public Key Format

   For all of the public key algorithms specified in this document, the
   key format consists of a sequence of one or more X.509v3 certificates
   followed by a sequence of 0 or more Online Certificate Status
   Protocol (OCSP) responses as in Section 4.2 of [RFC2560].  Providing
   OCSP responses directly in this data structure can reduce the number
   of communication rounds required (saving the implementation from
   needing to perform OCSP checking out-of-band) and can also allow a
   client outside of a private network to receive OCSP responses from a
   server behind firewall.

This text almost make it sound as if OCSP data is optional to include.

Russ Housley Former IESG member

(was Discuss) Yes

Yes (2010-11-28) Unknown

Section 1 says:
  >
  > Digital certificates, such as those in X.509 version 3 (X.509v3)
  > format, ...
  >
  Please add a reference.  [RFC5280] seems appropriate.

  Section 1 also says:
  >
  > This document is concerned with SSH implementation details;
  > specification of the underlying cryptographic algorithms and the
  > handling and structure of X.509v3 certificates is left to other
  > standards documents.
  >
  What documents does an implementer need to read?  Obviously, RFC 5280
  is needed.  Please list them as normative references.

Sean Turner Former IESG member

Yes

Yes () Unknown

Adrian Farrel Former IESG member

No Objection

No Objection () Unknown

Gonzalo Camarillo Former IESG member

No Objection

No Objection () Unknown

Jari Arkko Former IESG member

No Objection

No Objection () Unknown

Peter Saint-Andre Former IESG member

(was Discuss) No Objection

No Objection () Unknown

Robert Sparks Former IESG member

No Objection

No Objection () Unknown

Ron Bonica Former IESG member

No Objection

No Objection () Unknown

Stewart Bryant Former IESG member

No Objection

No Objection () Unknown

Tim Polk Former IESG member

(was Discuss) No Objection

No Objection () Unknown

X.509v3 Certificates for Secure Shell Authentication RFC 6187

X.509v3 Certificates for Secure Shell Authentication
RFC 6187