Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

proposal: x/crypto/ssh: add package for Key Revocation Lists #22741

Closed
micahhausler opened this issue Nov 15, 2017 · 6 comments
Closed

proposal: x/crypto/ssh: add package for Key Revocation Lists #22741

micahhausler opened this issue Nov 15, 2017 · 6 comments
Labels
FrozenDueToAge Proposal Proposal-Crypto Proposal related to crypto packages or other security issues Proposal-FinalCommentPeriod
Milestone
Unreleased

Comments

@micahhausler
Copy link

What version of Go are you using (go version)?

go version go1.9.2 darwin/amd64

What did you expect to see?

x/crypto/ssh has support for SSH Certificates and an ssh.CertChecker.IsRevoked() method, but there seems to not be support for OpenSSH's Key Revocation List (KRL) format. It would be useful to be able to marshal/unmarshal revocation lists for use by an OpenSSH server in Go.
@gopherbot gopherbot added this to the Proposal milestone Nov 15, 2017
@bradfitz
Copy link
Contributor

@hanwen?

@hanwen
Copy link
Contributor

hanwen commented Nov 15, 2017

sounds like a useful feature. I think it could be separate subpackage of SSH.

@bradfitz bradfitz modified the milestones: Proposal, Unreleased Nov 15, 2017
@bradfitz bradfitz changed the title proposal: x/crypto/ssh Add support for Key Revocation Lists x/crypto/ssh: add package for Key Revocation Lists Nov 15, 2017
@micahhausler
Copy link
Author

After digging around I found stripe/krl which supports what I need. It might still be useful to have that functionality as a package under x/crypto/ssh, but its up to you all to keep this open or not.

@FiloSottile
Copy link
Contributor

This wasn't implemented for 2 years, and there's a third-party package that seems to meet the need, so reverting the Proposal-Accepted and bouncing it back to the committee. I think the lack of activity suggests we can do without it.

@FiloSottile FiloSottile added Proposal-Crypto Proposal related to crypto packages or other security issues and removed Proposal-Accepted labels Dec 3, 2019
@rsc
Copy link
Contributor

rsc commented Dec 4, 2019

Based on the discussion above and two years of inactivity after the initial acceptance, it sounds like this is a likely decline and that people who need KRLs can use https://github.com/stripe/krl. This does not seem like enough people need it to adopt it.

Leaving open for a week for final comments.

@rsc rsc changed the title x/crypto/ssh: add package for Key Revocation Lists proposal: x/crypto/ssh: add package for Key Revocation Lists Dec 4, 2019
@andybons andybons mentioned this issue Dec 4, 2019
Open
@rsc
Copy link
Contributor

rsc commented Dec 11, 2019

No change in consensus, so declined.

@rsc rsc closed this as completed Dec 11, 2019
@golang golang locked and limited conversation to collaborators Dec 10, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge Proposal Proposal-Crypto Proposal related to crypto packages or other security issues Proposal-FinalCommentPeriod
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
6 participants
@bradfitz @hanwen @rsc @micahhausler @FiloSottile @gopherbot