===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh.1,v
retrieving revision 1.298
retrieving revision 1.299
diff -u -r1.298 -r1.299
--- src/usr.bin/ssh/ssh.1	2010/03/04 12:51:25	1.298
+++ src/usr.bin/ssh/ssh.1	2010/03/04 23:19:29	1.299
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.298 2010/03/04 12:51:25 jmc Exp $
+.\" $OpenBSD: ssh.1,v 1.299 2010/03/04 23:19:29 djm Exp $
 .Dd $Mdocdate: March 4 2010 $
 .Dt SSH 1
 .Os
@@ -1104,39 +1104,6 @@
 .Xr ssh_config 5
 for more information.
 .Pp
-Host keys may also be presented as certificates signed by a trusted
-certification authority (CA).
-In this case, trust of the CA key alone is sufficient for the host key
-to be accepted.
-To specify a public key as a trusted CA key in a known hosts file,
-it should be added after a
-.Dq @cert-authority
-tag and a set of one or more domain-name wildcards separated by commas.
-For example:
-.Pp
-.Dl @cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W...
-.Pp
-See the
-.Sx CERTIFICATES
-section of
-.Xr ssh-keygen 1
-for more details.
-.Pp
-Keys may also be marked as revoked using the
-.Dq @revoked
-marker.
-Revoked keys will always trigger a warning when encountered and the host
-that presented them will be treated as untrusted.
-For example:
-.Pp
-.Dl @revoked * ssh-rsa AAAAB5W...
-.Pp
-Revoking a key revokes it for direct use and as a certification authority.
-Do not use both the
-.Dq @cert-authority
-and
-.Dq @revoked
-markers on the same line.
 .Sh SSH-BASED VIRTUAL PRIVATE NETWORKS
 .Nm
 contains support for Virtual Private Network (VPN) tunnelling