{"draft":"draft-joseph-pkix-p6rsshextension-04","doc_id":"RFC7076","title":"P6R's Secure Shell Public Key Subsystem","authors":["M. Joseph","J. Susoy"],"format":["ASCII","HTML"],"page_count":"11","pub_status":"INFORMATIONAL","status":"INFORMATIONAL","source":"INDEPENDENT","abstract":"The Secure Shell (SSH) Public Key Subsystem protocol defines a key\r\ndistribution protocol that is limited to provisioning an SSH server with a\r\nuser's public keys.  This document describes a new protocol that builds on the\r\nprotocol defined in RFC 4819 to allow the provisioning of keys and\r\ncertificates to a server using the SSH transport.\r\n\r\nThe new protocol allows the calling client to organize\r\nkeys and certificates in different namespaces on a server.  These\r\nnamespaces can be used by the server to allow a client to configure\r\nany application running on the server (e.g., SSH, Key Management\r\nInteroperability Protocol (KMIP), Simple Network Management Protocol (SNMP)).\r\n\r\nThe new protocol provides a server-independent mechanism for clients\r\nto add public keys, remove public keys, add certificates, remove\r\ncertificates, and list the current set of keys and certificates known by\r\nthe server by namespace (e.g., list all public keys in the SSH\r\nnamespace).\r\n\r\nRights to manage keys and certificates in a particular namespace are\r\nspecific and limited to the authorized user and are defined as part of\r\nthe server's implementation.  The described protocol is backward\r\ncompatible to version 2 defined by RFC 4819.","pub_date":"November 2013","keywords":["key management","certificate management","security"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC7076","errata_url":null}