summaryrefslogtreecommitdiffstats
path: root/PROTOCOL.krl (follow)
Commit message (Collapse)AuthorAgeFilesLines
* upstream: allow key revocation by SHA256 hash and allow ssh-keygendjm@openbsd.org2018-09-121-7/+9
| | | | | | to create KRLs using SHA256/base64 key fingerprints; ok markus@ OpenBSD-Commit-ID: a0590fd34e7f1141f2873ab3acc57442560e6a94
* upstream: lots of typos in comments/docs. Patch from Karsten Weissdjm@openbsd.org2018-04-101-2/+2
| | | | | | | after checking with codespell tool (https://github.com/lucasdemarchi/codespell) OpenBSD-Commit-ID: 373222f12d7ab606598a2d36840c60be93568528
* upstream commitdjm@openbsd.org2015-01-301-2/+7
| | | | | permit KRLs that revoke certificates by serial number or key ID without scoping to a particular CA; ok markus@
* - djm@cvs.openbsd.org 2013/01/17 23:00:01Damien Miller2013-01-181-0/+164
[auth.c key.c key.h ssh-keygen.1 ssh-keygen.c sshd_config.5] [krl.c krl.h PROTOCOL.krl] add support for Key Revocation Lists (KRLs). These are a compact way to represent lists of revoked keys and certificates, taking as little as a single bit of incremental cost to revoke a certificate by serial number. KRLs are loaded via the existing RevokedKeys sshd_config option. feedback and ok markus@