←back to thread

Sign arbitrary data with your SSH keys

(www.agwa.name)
637 points h1x | 1 comments | 13 Nov 21 09:13 UTC | HN request time: 0.221s | source
Show context
exabrial ◴[13 Nov 21 19:05 UTC] No.29212333[source]
Also: something that pgp ironically got right: expiration dates. And modification of said dates produces a mutation of your identity... whereas using an ssh key as an identity doesn't have any sort of fetaures.
replies(1): >>29212397 #
1. stormbrew ◴[13 Nov 21 19:14 UTC] No.29212397[source]
ssh keys don't have expiration dates, but ssh certificates do [1]. Which is.. how it should work. A certificate is a declaration of providence of data, a key is not (in itself) that.

At any rate, if you want to tell me you actually believe most users of PGP actually properly deal with key rotation and don't just give up and set unreasonably long expiration cycles on their keys or stop using pgp when they first encounter an error about an expired key, I might have a bridge to sell you.

[1] See `man ssh-keygen` for the -h and -s arguments and -V for the validity window.