CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2010/04/15 19:47:26
Modified files:
usr.bin/ssh : PROTOCOL.certkeys auth-options.c auth-options.h
auth-rsa.c auth2-pubkey.c authfd.c key.c key.h
myproposal.h ssh-add.c ssh-agent.c ssh-dss.c
ssh-keygen.1 ssh-keygen.c ssh-rsa.c
sshconnect.c sshconnect2.c sshd.c
Log message:
revised certificate format ssh-{dss,rsa}[email protected] with the
following changes:
move the nonce field to the beginning of the certificate where it can
better protect against chosen-prefix attacks on the signature hash
Rename "constraints" field to "critical options"
Add a new non-critical "extensions" field
Add a serial number
The older format is still support for authentication and cert generation
(use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)
ok markus@
