diff options
Diffstat (limited to 'PROTOCOL.krl')
| -rw-r--r-- | PROTOCOL.krl | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/PROTOCOL.krl b/PROTOCOL.krl index e8caa4527..b9695107b 100644 --- a/PROTOCOL.krl +++ b/PROTOCOL.krl | |||
| @@ -37,7 +37,7 @@ The available section types are: | |||
| 37 | #define KRL_SECTION_FINGERPRINT_SHA1 3 | 37 | #define KRL_SECTION_FINGERPRINT_SHA1 3 |
| 38 | #define KRL_SECTION_SIGNATURE 4 | 38 | #define KRL_SECTION_SIGNATURE 4 |
| 39 | 39 | ||
| 40 | 3. Certificate serial section | 40 | 2. Certificate section |
| 41 | 41 | ||
| 42 | These sections use type KRL_SECTION_CERTIFICATES to revoke certificates by | 42 | These sections use type KRL_SECTION_CERTIFICATES to revoke certificates by |
| 43 | serial number or key ID. The consist of the CA key that issued the | 43 | serial number or key ID. The consist of the CA key that issued the |
| @@ -47,6 +47,11 @@ ignored. | |||
| 47 | string ca_key | 47 | string ca_key |
| 48 | string reserved | 48 | string reserved |
| 49 | 49 | ||
| 50 | Where "ca_key" is the standard SSH wire serialisation of the CA's | ||
| 51 | public key. Alternately, "ca_key" may be an empty string to indicate | ||
| 52 | the certificate section applies to all CAs (this is most useful when | ||
| 53 | revoking key IDs). | ||
| 54 | |||
| 50 | Followed by one or more sections: | 55 | Followed by one or more sections: |
| 51 | 56 | ||
| 52 | byte cert_section_type | 57 | byte cert_section_type |
| @@ -161,4 +166,4 @@ Implementations that retrieve KRLs over untrusted channels must verify | |||
| 161 | signatures. Signature sections are optional for KRLs distributed by | 166 | signatures. Signature sections are optional for KRLs distributed by |
| 162 | trusted means. | 167 | trusted means. |
| 163 | 168 | ||
| 164 | $OpenBSD: PROTOCOL.krl,v 1.2 2013/01/18 00:24:58 djm Exp $ | 169 | $OpenBSD: PROTOCOL.krl,v 1.3 2015/01/30 01:10:33 djm Exp $ |