Skip to main content

X.509v3 Certificates for Secure Shell Authentication
RFC 6187

Approval announcement
Draft of message to be sent after approval:


From: The IESG <>
To: IETF-Announce <>
Cc: Internet Architecture Board <>,
    RFC Editor <>
Subject: Protocol Action: 'X.509v3 Certificates for Secure Shell Authentication' to Proposed Standard (draft-igoe-secsh-x509v3-07.txt)

The IESG has approved the following document:
- 'X.509v3 Certificates for Secure Shell Authentication'
  (draft-igoe-secsh-x509v3-07.txt) as a Proposed Standard

This document has been reviewed in the IETF but is not the product of an
IETF Working Group.

The IESG contact person is Sean Turner.

A URL of this Internet Draft is:

Ballot Text

Technical Summary

X.509 public key certificates use a signature by a trusted certification authority to bind a given public key to a given digital identity. This document specifies how to use X.509 version 3 public key certificates in public key algorithms in the Secure Shell protocol.

Working Group Summary

When the Secure Shell working group concluded in 2006, active work on defining use of X.509 certificates in the SSH protocol was left uncompleted. However, there was and continues to be community interest in extending the SSH protocol to provide this functionality.

Further, although the working group concluded, its mailing list remains active as a forum for discussion among SSH protocol implementors and other interested parties. This document was discussed extensively on that list, and seems to represent the consensus of participants in that discussion.

Document Quality

A number of SSH implementors have been active in reviewing and discussing this extension. While no one has explicitly said whether they intend to implement, it seems likely that several will do so.


Jeffrey Hutzelman <> is the Document Shepherd.
Sean Turner <> is the Responsible Area Director.

RFC Editor Note