Standard SSH/SFTP doesn't support X.509 certificate's for authentication, so I don't understand your reference to a CA.
(z/OS OpenSSH does allow you to put SSH public and private keys in a Key Ring Certificate, but only the keys are used; the certificate and its signature are irrelevant.) Kirk Wolf Dovetailed Technologies http://dovetail.com On Fri, Feb 3, 2017 at 5:48 AM, Jantje. <[email protected]> wrote: > On Wed, 1 Feb 2017 07:51:23 -0600, Kirk Wolf <[email protected]> wrote: > > >> Remember that although the integrity of public keys needs to be guarded, > >their privacy does not. > >So it is common to use other secure communications, like publishing the > >public key on a https: web page. > > The issue I have with that is one of trust: In the end, I just have to > trust whatever the Root Certification Authority is. Or actually, I have to > trust Microsoft to have correctly verified the identity of that RCA and the > integrity of the certificate they present, because it is MS that installed > that certificate in my browser. (s/MS/Google/g for Chrome...) > > Cheers, > > Jantje. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
