src/usr.bin/ssh/PROTOCOL.certkeys - diff

Return to PROTOCOL.certkeys CVS log

Up to [local] / src / usr.bin / ssh

version 1.8, 2010/08/31 11:54:45

version 1.9, 2012/03/28 07:23:22

Line 162

are not critical, and an implementation that encounters one that it does

not recognise may safely ignore it.

Generally, critical options are used to control features that restrict

access where extensions are used to enable features that grant access.

This ensures that certificates containing unknown restrictions do not

inadvertently grant access while allowing new protocol features to be

enabled via extensions without breaking certificates' backwards

compatibility.

The reserved field is currently unused and is ignored in this version of

the protocol.

Line 189

Line 196

string data

Options must be lexically ordered by "name" if they appear in the

sequence.

sequence. Each named option may only appear once in a certificate.

The name field identifies the option and the data field encodes

option-specific information (see below). All options are

Line 220

Line 227

The extensions section of the certificate specifies zero or more

non-critical certificate extensions. The encoding and ordering of

extensions in this field is identical to that of the critical options.

extensions in this field is identical to that of the critical options,

as is the requirement that each name appear only once.

If an implementation does not recognise an extension, then it should

ignore it.