Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

proposal: x/crypto/ssh: add package for Key Revocation Lists #22741

Closed
micahhausler opened this issue Nov 15, 2017 · 6 comments
Closed

proposal: x/crypto/ssh: add package for Key Revocation Lists #22741

micahhausler opened this issue Nov 15, 2017 · 6 comments

Comments

@micahhausler
Copy link

@micahhausler micahhausler commented Nov 15, 2017

What version of Go are you using (go version)?

go version go1.9.2 darwin/amd64

What did you expect to see?

x/crypto/ssh has support for SSH Certificates and an ssh.CertChecker.IsRevoked() method, but there seems to not be support for OpenSSH's Key Revocation List (KRL) format. It would be useful to be able to marshal/unmarshal revocation lists for use by an OpenSSH server in Go.

@gopherbot gopherbot added this to the Proposal milestone Nov 15, 2017
@gopherbot gopherbot added the Proposal label Nov 15, 2017
@bradfitz
Copy link
Contributor

@bradfitz bradfitz commented Nov 15, 2017

@hanwen
Copy link
Contributor

@hanwen hanwen commented Nov 15, 2017

sounds like a useful feature. I think it could be separate subpackage of SSH.

@bradfitz bradfitz modified the milestones: Proposal, Unreleased Nov 15, 2017
@bradfitz bradfitz changed the title proposal: x/crypto/ssh Add support for Key Revocation Lists x/crypto/ssh: add package for Key Revocation Lists Nov 15, 2017
@micahhausler
Copy link
Author

@micahhausler micahhausler commented Nov 15, 2017

After digging around I found stripe/krl which supports what I need. It might still be useful to have that functionality as a package under x/crypto/ssh, but its up to you all to keep this open or not.

@FiloSottile
Copy link
Member

@FiloSottile FiloSottile commented Dec 3, 2019

This wasn't implemented for 2 years, and there's a third-party package that seems to meet the need, so reverting the Proposal-Accepted and bouncing it back to the committee. I think the lack of activity suggests we can do without it.

@rsc rsc added this to Incoming in Proposals Dec 4, 2019
@rsc
Copy link
Contributor

@rsc rsc commented Dec 4, 2019

Based on the discussion above and two years of inactivity after the initial acceptance, it sounds like this is a likely decline and that people who need KRLs can use https://github.com/stripe/krl. This does not seem like enough people need it to adopt it.

Leaving open for a week for final comments.

@rsc rsc changed the title x/crypto/ssh: add package for Key Revocation Lists proposal: x/crypto/ssh: add package for Key Revocation Lists Dec 4, 2019
@rsc rsc moved this from Incoming to Likely Decline in Proposals Dec 4, 2019
@rsc
Copy link
Contributor

@rsc rsc commented Dec 11, 2019

No change in consensus, so declined.

@rsc rsc closed this Dec 11, 2019
@rsc rsc moved this from Likely Decline to Declined in Proposals Dec 11, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Proposals
Declined
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
6 participants
You can’t perform that action at this time.