summaryrefslogtreecommitdiff
path: root/PROTOCOL.krl
diff options
context:
space:
mode:
Diffstat (limited to 'PROTOCOL.krl')
-rw-r--r--PROTOCOL.krl9
1 files changed, 7 insertions, 2 deletions
diff --git a/PROTOCOL.krl b/PROTOCOL.krl
index e8caa4527..b9695107b 100644
--- a/PROTOCOL.krl
+++ b/PROTOCOL.krl
@@ -37,7 +37,7 @@ The available section types are:
37#define KRL_SECTION_FINGERPRINT_SHA1 3 37#define KRL_SECTION_FINGERPRINT_SHA1 3
38#define KRL_SECTION_SIGNATURE 4 38#define KRL_SECTION_SIGNATURE 4
39 39
403. Certificate serial section 402. Certificate section
41 41
42These sections use type KRL_SECTION_CERTIFICATES to revoke certificates by 42These sections use type KRL_SECTION_CERTIFICATES to revoke certificates by
43serial number or key ID. The consist of the CA key that issued the 43serial number or key ID. The consist of the CA key that issued the
@@ -47,6 +47,11 @@ ignored.
47 string ca_key 47 string ca_key
48 string reserved 48 string reserved
49 49
50Where "ca_key" is the standard SSH wire serialisation of the CA's
51public key. Alternately, "ca_key" may be an empty string to indicate
52the certificate section applies to all CAs (this is most useful when
53revoking key IDs).
54
50Followed by one or more sections: 55Followed by one or more sections:
51 56
52 byte cert_section_type 57 byte cert_section_type
@@ -161,4 +166,4 @@ Implementations that retrieve KRLs over untrusted channels must verify
161signatures. Signature sections are optional for KRLs distributed by 166signatures. Signature sections are optional for KRLs distributed by
162trusted means. 167trusted means.
163 168
164$OpenBSD: PROTOCOL.krl,v 1.2 2013/01/18 00:24:58 djm Exp $ 169$OpenBSD: PROTOCOL.krl,v 1.3 2015/01/30 01:10:33 djm Exp $