X.509 public key certificates use a signature by a trusted certification authority to bind a given public key to a given digital identity. This document specifies how to use X.509 version 3 public key certificates in public key algorithms in the Secure Shell protocol.
Working Group Summary
When the Secure Shell working group concluded in 2006, active work on defining use of X.509 certificates in the SSH protocol was left uncompleted. However, there was and continues to be community interest in extending the SSH protocol to provide this functionality.
Further, although the working group concluded, its mailing list remains active as a forum for discussion among SSH protocol implementors and other interested parties. This document was discussed extensively on that list, and seems to represent the consensus of participants in that discussion.
A number of SSH implementors have been active in reviewing and discussing this extension. While no one has explicitly said whether they intend to implement, it seems likely that several will do so.
Jeffrey Hutzelman <email@example.com> is the Document Shepherd.
Sean Turner <firstname.lastname@example.org> is the Responsible Area Director.