OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Suggestion for New Certificate Type: CKC_OPENSSH_CERT

Dear PKCS11 TC,

as some of you may be aware, in 2010, the maintainers of openssh defined a protocol extension to the SSH protocol to allow the use of a (single tier) CA for authentication keys.

The format is described in more detail here 

They describe the background as follows:
The SSH protocol currently supports a simple public key authentication
mechanism. Unlike other public key implementations, SSH eschews the use
of X.509 certificates and uses raw keys. This approach has some benefits
relating to simplicity of configuration and minimisation of attack
surface, but it does not support the important use-cases of centrally
managed, passwordless authentication and centrally certified host keys.

These protocol extensions build on the simple public key authentication
system already in SSH to allow certificate-based authentication. The
certificates used are not traditional X.509 certificates, with numerous
options and complex encoding rules, but something rather more minimal: a
key, some identity information and usage options that have been signed
with some other trusted key.
The specification is now 10 years old and pretty stable. These certificates are in use in variety of enterprise environments.

Personally, I currently store my certificate on a token as a generic data object and built some scripts around it to automatically put it in the right places at the beginning of a ssh session. However, I do think it would make sense to consider extending PKCS11 to make openssh certificates first class members of PKCS11 in some future release.

Therefore, my suggestion would be to extend the allowed values for CKA_CERTIFICATE_TYPE to include a newly defined value CKC_OPENSSH_CERT (which could be 3UL)

Allowed attributes could be in addition to the base certificate attributes, to keep it as similar to existing uses:
CKA_ISSUER | Byte array | DER-encoding of the certificate issuer name (default empty)
CKA_SERIAL_NUMBER | Byte array | DER-encoding of the certificate serial number (default empty)
CKA_VALUE | Byte array | the native binary openssh certificate blob as it would be contained in the base64 blob within an id_rsa-cert.pub file

And newly defined attributes based on the certificate type itself, maybe CKA_PRINCIPALS, which are to some extent similar to CKA_ATTR_TYPES of X.509 attribute certificates.

(Note: openssh currently already allows the use of PKCS11, however it only uses public keys, or uses the subject of an x.509 certificate as a key comment, instead of some fuller certificate support)

Best regards,

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]