===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/PROTOCOL.certkeys,v
retrieving revision 1.11
retrieving revision 1.14
diff -u -r1.11 -r1.14
--- src/usr.bin/ssh/PROTOCOL.certkeys	2017/05/16 16:54:05	1.11
+++ src/usr.bin/ssh/PROTOCOL.certkeys	2018/04/10 00:10:49	1.14
@@ -100,9 +100,9 @@
 
 ECDSA certificate
 
-    string    "ecdsa-sha2-nistp256-v01@openssh.com" |
-              "ecdsa-sha2-nistp384-v01@openssh.com" |
-              "ecdsa-sha2-nistp521-v01@openssh.com"
+    string    "ecdsa-sha2-nistp256-cert-v01@openssh.com" |
+              "ecdsa-sha2-nistp384-cert-v01@openssh.com" |
+              "ecdsa-sha2-nistp521-cert-v01@openssh.com"
     string    nonce
     string    curve
     string    public_key
@@ -174,7 +174,7 @@
 
     valid after <= current time < valid before
 
-criticial options is a set of zero or more key options encoded as
+critical options is a set of zero or more key options encoded as
 below. All such options are "critical" in the sense that an implementation
 must refuse to authorise a key that has an unrecognised option.
 
@@ -224,6 +224,9 @@
 "critical", if an implementation does not recognise a option
 then the validating party should refuse to accept the certificate.
 
+Custom options should append the originating author or organisation's
+domain name to the option name, e.g. "my-option@example.com".
+
 No critical options are defined for host certificates at present. The
 supported user certificate options and the contents and structure of
 their data fields are:
@@ -255,6 +258,9 @@
 If an implementation does not recognise an extension, then it should
 ignore it.
 
+Custom options should append the originating author or organisation's
+domain name to the option name, e.g. "my-option@example.com".
+
 No extensions are defined for host certificates at present. The
 supported user certificate extensions and the contents and structure of
 their data fields are:
@@ -285,4 +291,4 @@
                                       of this script will not be permitted if
                                       this option is not present.
 
-$OpenBSD: PROTOCOL.certkeys,v 1.11 2017/05/16 16:54:05 djm Exp $
+$OpenBSD: PROTOCOL.certkeys,v 1.14 2018/04/10 00:10:49 djm Exp $